(upbeat music) >> Welcome to this CUBE Conversation. This is part of the second season of the AWS startup showcase, season two, episode one. I'm Dave Nicholson, and I am joined with a very special guest, CEO and co-founder of Tidelift, Mr. Donald Fischer. Donald, welcome to the CUBE. >> Thanks David. Really glad to be here. >> So, first and foremost, tell us about Tidelift. >> Happy to, yeah, so, at Tidelift we're on a mission. Our mission is to make open source software work better for everyone, and when we say that, we mean, make it work better for all the organizations and governments and everybody that depends on open source software to build the applications that we all rely on. But also part of our mission, is making open source work better for the creators of open source. The independent open source maintainers, who are behind so many of those building blocks, technology building blocks that our commerce industry and society is comprised of these days. They've got a hard task to hold up all of that stuff and make sure that it meets, you know, professional grade standards and that we can all rely on it. And so, we want to do our part to help both sides of that equation. >> Fantastic, well, I want to double click on a few of the things that you said, but I think I want to format this by starting out with a little role play between the two of us, if you don't mind. I know you're CEO, but for the sake of this, you're going to be the CIO and I'm going to be the CEO, and we're going to play off some recent events here. So, hey Donald, come on in, sit down. Listen, I want to talk to you about this whole log shell, log for something, or another thing that's going on. So, let me get this straight. Our multinational Fortune 500 company is dependent upon software, that's free, and somehow we've been running this and the people who maintain it, do it for free, we don't pay for it, but somehow this has opened us up to a threat from people who can log into a system we're using to keep track of stuff, and then, what's going on? By the way, you're fired, but I want to know if, I want to know if you can stay on for the next 90 days to train your replacement, but, explain to me what's going on with this whole open-source nonsense? >> Yeah. Don't panic boss. Only about 70 or 80% of the software in our enterprise that is third-party open source software. So, there's definitely, like 20 or 30% that's not, and we're on top of it. Now, yeah, I think it's a, you know, you're right to say, we are completely dependent on this software, that's being created by these, you know, amazing folks on the internet. Boss, you told me that we had to have a global corporation here with modern digital customer experience. We're not going to be able to do it using Microsoft front page from 1997, and there's no other path to take than to build with modern building blocks. And today in, you know, the modern era, that means building on open source packages and technologies across a whole slew of language, ecosystems, like JavaScript and Java PHP, Ruby, Python, .NET, Rust, Go, we use all of it here, boss, and, we don't get to have a business unless we do. >> Okay, so, I didn't understand a word that you just said, but it was enough to convince me to let you keep your job. So, end-scene, we're not getting paid scale wages to do this, Donald, so I think we can go back to our normal personas. So, how does Tidelift play into all of this? I'd really want to hear about this concept of what an open source maintainer is, because these are largely volunteers, aren't they, in terms of the maintenance that they're doing? >> Yeah, so, I mean, open source, there's a lot of different models for open source software development. There certainly are a number of foundational open source projects, certainly at the infrastructure level, like operating systems, databases and things like that, that tend to be, you know, predominantly driven by vendors, software vendors, you know, like you can think of Red Hat, VMware organizations like that. But when you get up to the application development world, teams, building, you know, websites, web applications, mobile applications, most of the building blocks at that tier in these a programming language ecosystems, most of the software there is actually being created, that enterprise organizations use, is being created by individual, independent, open source maintainers, where it's not their day job, it's a side hustle for them. And it's a really interesting question, like, how did we get here? You know, why are these folks doing it? It sort of rhymes with the question I asked myself years ago, like, who's typing all this stuff into Wikipedia, and why? Like, it's amazing resource, I'm so glad it's there, but why are they doing this, right? And it turns out that there's a bunch of motivations there's some cynical motivations for the open source maintainers that people attribute that are practical too, you know, people say your GitHub repository is your resume in as a modern developer, things like that helps you get a reputation, you can use that to get a job. But, when we've talked to the maintainers of the most widely used open source packages, and by that, I mean, thousands of packages that every major organization that builds software relies on, the main reason why they do it is actually impact. We find we've actually done direct surveys of this audience and the reason why they spend their nights and weekends and carve out time, where they could be, you know, getting paid to do something else or going skiing or going to the beach, is it really feels good to have this activity that they put out into the world, and, you know, they know that folks use this stuff and rely on it, and there's a pride in their work and the impact that they're making. But the challenge with this model is that when it's only an impact and pride, and sort of a, you know, a good feeling driven effort, it means that maybe all of the things that organizations might want their standards that organizations might want their software to meet doesn't get done, right? Like it's one thing, if you've got a job as a software engineer, building corporate software, or even as a, you know, a maintainer at a corporate open source company, and you have a checklist of, you know, standard enterprise software development, commercial grade software development tasks that you need to be completing, if you're doing it as a side hustle for good reasons, like impact and, you know, releasing your creative juice, you might not get to some of the more boring aspects of commercial software engineering, like security engineering and some of the documentation and release engineering and, you know, making sure there's structured metadata around all the elements of it. And then that's the gap that we're really trying to fill at Tidelift, by connecting these two audiences. >> Yeah. How? How? You want to fill the gap, you want to connect the audiences, but, how do you do that? >> Yeah, perfect, so, we do it by paying the maintainers, paying the open source maintainers, actual dollars, or the currency of their preference, and what we're paying them for is not just to sort of hack on their projects, or hack on their projects more, we're asking them to help us ensure that the software that the organizations that we work with depend on meets certain specific concrete enterprise standards, and those standards fall into three categories, security, licensing, and maintenance. So, on the security front, you know, a baseline standard, there is making sure that we have known versions of the open source packages that are free of known defects, right? So there's like a catalog of known security defects that the industry uses called the National Vulnerability Database, you may have seen the terminology CVE referred to in passing, that's the identifier for these things. So, we work with the open-source maintainers to make sure that we've figured out, mapped out, which versions of software packages are impacted by known security vulnerabilities. And then we also look forward and make sure that we have a plan in place for what happens in the future when there are security vulnerabilities. So, you know, traditional commercial software, there's a security response team, who's kind of standing by 24/7, ready to respond, and then there's a defined protocol of what's going to happen, in terms of what's called responsible disclosure, telling the right folks in the right sequence, that there is a vulnerability causing there to be a patch version of the software available, communicating that through, you know, traditional commercial software vendors for, you know, years have been doing that internally, that doesn't exist by default for volunteer, you know, part-time open source, independent open source maintainers. So we fill that gap and we pre-wire that with them to make sure that that first track security is can be buttoned up. >> So, you're paying them, are you and your co-founders wealthy philanthropists that are just doing this, or what's the business model here? Now you're pulling these people who were doing it for free, they're happy, but how does that translate into a business model for Tidelift. >> Perfect, so, the work that they're doing, you know, I talked a little bit about security, we also do similar things on those other attributes, like licensing, making sure that the licenses are completely accurate, and we kind of know who wrote the software, et cetera, and then maintenance, is it being proactively cared for going forward? Is somebody still on the case with these projects? Now, the result of all of that work, is we create a vetted catalog of known good open source releases that we've vetted with the experts, often the individuals and teams that wrote the code in the first place, usually, we vet that it meets these enterprise standards. That's a really useful tool for organizations that are building with that. So, the way that we convey that to organizations that are building software in a useful way is we have a SAS service software, that as a service platform, that's what Tidelift is, and basically, the teams that use this stuff, they plug us into their software development process, typically alongside other tools that they might have, like CI/CD tools that are running tests on their application logic, they'll plug in Tidelift into their release process to ensure that those, the 70 or 80% of the software that they ship, that comes from GitHub, comes from the Python package index, or NPM, or the Maven Central Repository for Java, we're vetting that that meets their enterprise standards and ensuring that the ingredients, the building blocks that go into their applications are known good and vetted to these concrete standards. And they are, you know, this is an unsolved problem for almost every serious organization. There's a couple of, you know, over-performing organizations, like Google has done some amazing internal work on this, Amazon has an incredible dedicated team that does this internally for Amazon developers, very few other organizations, even some of the largest multinational companies have a dedicated internal function doing this comprehensively and systematically. Tidelift is that function that these organizations can use. They can work with us and our network, our unique network of hundreds of these independent open source maintainers, to ensure that there is a feed of known good vetted packages to go into their applications. >> So, were maintainers going in and auditing, and editing, and vetting software that was essentially created by others? That's one question, and then the other question that kind of goes along with that is, are you vetting a gold copy of something and saying, this software meets certain criteria, you should feel okay using it, that's one thing. Validating that the actual distribution, you know, the actual code that's being executed in their enterprise is secure and hasn't been tampered with is another thing. So where do you sit in that distribution channel or that supply chain? >> Sure, so, on the distribution front, you can think of us, we're sort of a GPS system that your application developers can use to know which versions of software are going to meet your enterprise standards. We don't create a separate world where we have our own, you know, side copy of the entire development ecosystem. It's not what these organizations want. They don't want to use some weird enterprise world set of open source packages, they want to just, you know, type NPM install have the, you know, software flow into their organization, but they also want it to not have no insecurity vulnerabilities in it, and they don't want to get bitten two weeks or two years later with a license violation, because there was kind of fuzzy, or incomplete data around the open source license. So what we do is, we help them consume the open source software, you know, knowing that it's been vetted to these standards. And then we also work with the open source community to cause the software to be changed to meet those standards, right? So back to the first part of your question, We work with a lot of projects with the prime maintainers, often the authors, as I said, and we've actually been extending our model over the years to work with these open source maintainers to cover not just their own project, but, some of those neighboring projects, right? Like the core projects that their project depends on, other projects that are co-used with them, they have a lot of expertise, and also, you know, relationships with the surrounding open source community there. So, they're working with us as curators, if you will, our ambassadors that help us get on the community and cover as much of the landscape as possible. >> And, so, what's the relationship with AWS? This is, you know, we're talking here as part of the AWS startup showcase season two, episode one, which is, that's actually pretty cool. So we need to, you know, the challenge here is, season one was awesome, much like Ted Lasso, season two, we have big shoes to fill here, Donald. So, what's the-- >> We got to up our game. >> (laughs) What's the relationship with AWS? And, I mean, why would they call you out as someone interesting for us to talk to? >> Yeah, so, we've had a great relationship that we've been investing in, and working on together with AWS. So, every one of AWS's customers faces this challenge around the software workloads that they're deploying on AWS. You know, it's just, you can't argue against the fact that the vast majority of the application software in the modern world is comprised majority of this third-party open source software. And so, it's really important whether it's running on a device, you know, an Edge device, or whether it's running in a Cloud data center, that those applications meet these standards, especially on the security front. So, AWS recognizes this need and opportunity for their customers, and so we've been working really well jointly with them. We're glad to say that we're an ISV, and AWS ISV accelerate partner now, which gives us the ability to co-engage with AWS and work together to solve mutual customers challenges, and we've had a great time working with the AWS team to help scale up our efforts to get the word word out around this important area, and then more importantly, give organizations the tools to address it and make sure that they have a comprehensive strategy for managing their open source in place. >> Fantastic, Donald, we're up against time, but I do have a 10 second answer I'd like from you. Tidelift, is that a reference to a rising tide lifting all boats, or is it an admonishment not to build a house on the beach in Malibu? >> It's the former, you know, think about this network of independent open source maintainers, working together, a rising tide lifts all boats. >> Eight seconds, that was like four seconds. Perfect. Donald Fischer, from Tidelift, thank you so much. For me, Dave Nicholson here at the CUBE. This has been a CUBE Conversation, as part of AWS's startup showcase, season two, episode one. Come to the CUBE for the best in tech coverage. (soft music)

welcome back to la we are live in los angeles at kubecon cloudnativecon 21 lisa martin and dave nicholson we've been talking to folks all day great to be here in person about 2 700 folks are here the kubernetes the community the cncf community is huge 138 000 folks great to see some of them in person back collaborating once again dave and i are pleased to welcome our next guest we have suresh ragaram co-founder and ceo of platform 9. sarish welcome to the program thank you for having me it's a pleasure to be here give our audience an overview of platform 9 who are you guys what do you do when were you founded all that good stuff so we are about seven years old we were founded with a mission to make it easy to run private hybrid and edge clouds my co-founders and i were early engineers at vmware and what we realized is that it's really easy to go use the public cloud because the public clouds have this innovation which is they have a control plane which serves as a it serves as a foundation for them to launch a lot of services and make that really simple and easy to use but if you need to get that experience in a private cloud or a hybrid cloud or in the edge nobody gives you that cloud control plane you get it from amazon in amazon get it from azure in azure google and google who gives you a sas cloud control plane to run private clouds or edge clouds or hybrid clouds nobody and this is uh this is what we do so this is we make it easy to run these clouds using technologies like kubernetes with our our sas control plane now is it limited to kubernetes because when you you you mentioned your background at vmware uh is this a control plane for what people would think of as private clouds using vmware style abstraction or is this primarily cloud native so when we first started actually docker did not exist like okay so at the time our first product to market was actually an infrastructure service product and at the time we looked at what is what is out there we knew vmware vsphere was out there it's a vmware technology there was apache cloud stack and openstack and we had look the open ecosystem around vms and infrastructure as a service is openstack so we chose open source as the lingua franca for the service endpoint so our control plane we deliver openstack as a service that was our first product when kubernetes when the announcement of communities came out from google we knew at that time we're going to go launch because we'd already been studying lxc and and docker we knew at the time we're going to standardize on kubernetes because we believe that an open ecosystem was forming around that that was a big bet for us you know this this this foundation and this this community is proof that that was a good bet and today that's actually a flap flagship product it's our you know the biggest biggest share of revenue biggest share of install base uh but we do have more than one product we have openstack as a service we have bare metal as a service we have containers as a service with kubernetes i want to ask you some of the the i'm looking at your website here platform9.com some of the three marketing messages i want you to break these down for me simplify day two ops multi-cloud ready on day one and we know so many businesses are multi-cloud and percentage is only going up and faster time to market talk to me about this let's start with simplified day two ops how do you enable that so you know one of the biggest if you talk to anyone who runs like a large vmware environment and you ask them when was the last time you did an upgrade or for that matter somebody who's running like a large-scale kubernetes environment or an openstack environment uh probably in a private cloud deployment awesome when was the last time you did an upgrade how did that go when was the last time you had an outage who did you call how did that go right and you'll hear an outpouring of emotion okay same thing you go ask people when you use kubernetes in the public cloud how do these things work and they'll say it's pretty easy it's not that hard and so the question the idea of platform 9 is why is there such a divide there's this you know we talk about digital divide there is a cloud divide the public clouds have figured out something that the rest of the industry has not and people suffer with private clouds there's a lot of demand for private clouds very few people can make it work because they try to do it with a lot of like handheld tools and you know limited automation skills and scripting what you need is you need the automation that makes sure that ongoing troubleshooting 24x7 alerting upgrades to new versions are all fully managed when amazon doesn't upgrade to a new version people don't have to worry about it they don't have to stay up at night they don't deal with outages you shouldn't have to deal with that in your private cloud so those are the kinds of problems right the troubleshooting the upgrades the the remediation when things go wrong that are taken for granted in the public cloud that we bring to the customers who want to run them in private or hybrid or edge cloud environments how do you help customers and what does future proofing mean like how do you help customers future proof their cloud native journey what does that mean to platform 9 and what does that mean to your customers i'll give you one of my favorite stories is actually one of our early customers is snapfish it's a photo sharing company it's a consumer company right when they got started with us they were coming off of vmware they wanted to run an openstack environment they started nearly four years ago and they started using us with openstack and vms and infrastructure as a service fast forward to today 85 percent of the usage on us is containers and they didn't have to hire openstack experts nor do they have to hire kubernetes experts but their application development teams got went from moving from a somewhat legacy vmware style id environment to a modern self-service developer experience with openstack and then to containers and kubernetes and we're gonna we're gonna work on the next generation of innovation with serverless technologies simplifying you know building modern more elastic applications and so our control plane the beauty of our model is our control plane adds value it added value with openstack it added value with kubernetes it'll add value with what's next around the evolution of serverless technologies right it's evergreen and our customers get the benefit of all of that so when you talk about managing environments that are on premises and in clouds i assume you're talking hyperscale clouds like aws azure gcp um what kind of infrastructure needs to be deployed and when i say infrastructure that's can be software what needs to be deployed in say aws for this to work what does it look like so some 30 of our users use us on in the public cloud and the majority of that actually happens in aws uh because they're the number one cloud and we really give people three choices right so they can choose to use and consume aws the way they want to so we have a small minority of customers that actually provisions bare metal servers in aws that's a small minority because the specific use cases they're trying to do and they try to deploy like kubernetes on bare metal but the bare metal happens to be running on aws okay that's a small minority a larger majority of our users in aws or some hyperscale cloud brings their vpc under management so they come in get started sign up with platform 9 in their platform 9 control plane they go and say i want to plug in this vpc and i want to give you this much authorization to this vpc and in that vpc we essentially can impersonate them and on their behalf provision nodes and provision clusters using our communities open source kubernetes upstream cncf kubernetes but we also have customers that said hey i already have some clusters with eks i really like what the rest of your platform allows me to do and i think it's a better platform for me to use for a variety of reasons can you bring my eks clusters under management and then help me provision new new clusters on top and the answer is you can so you can choose to bring your bare metal you can choose to bring your vpc and just provision like virtual machine and treat them as nodes for communities clusters or you can bring pre-built kubernetes clusters and manage them using our management uh product what are your routes to market so we have three routes to market um we have a completely self-serve completely free forever uh experience where people can just go sign up log in get access to the control plane and be up and running within minutes right they can plug in their server hardware on premises at the edge in the cloud their vpcs and they can be up and running from there they can choose to upgrade upsell into a grow into an uh growth tier or you know choose to request for more support and a higher touch experience and work with our sales team and get into an enterprise tier and our that is our second go to market which is a direct go to market uh companies in the retail space companies tech companies uh companies in fintech companies that are investing in digital transformation a big way have lots of software developers and are adopting these technologies in a big way but want private or hybrid or edge clouds that's the second go to market the third and and in the last two years this is new to us really exciting go to market to us is a partner partner let go to market where partners like rackspace have oem platform line so we have a partnership d partnership with rackspace all of rackspace's customers and they install base essentially including customers who are consuming public cloud services wire rackspace get access to platform 9 and rackspace working together with rackspace's ability to kind of service the whole mile uh and also uh we have a very important partnership with maveneer in the 5g space so 5g we think is a large opportunity and there's a there's a joint product there called maven webscape platform to run 5g networks on our community stack so platform nine why what does that mean harry potter harry potter so it's platform nine and three quarters okay we had this realization my cofounders and i were at vmware for 10 for 10 15 years and we were struggling with this problem of why is the public cloud so easy to use why is it so hard to run a private cloud and even today i think not many people realize uh and that's the analogy to platform nine and three quarters it's like it's right in the middle of king's cross station you go through it and you enter the whole new world of magic that that secret door that platform nine and three quarters is a sas control plane that is a secret sauce that amazon has and azure has and google has and we're bringing that for anybody who wants to use it on any infrastructure of their choice where can customers go to learn more about platform nine so platform nine dot com uh follow us on twitter platform line says or on linkedin you know and if any of our viewers are here at kubecon they can stop by your booth what are some of the things that you're featuring there we are at the booth we have our product managers we have our support engineers we have the people that are actually doing the real work behind the product right there we're talking about our roadmap we're talking about the product demos we're doing like specific show talks on specific deep dives in our product and we're also talking about some some really cool things that are coming up in the garage uh in the in the next six months can you leave us with any teasers about what some of the cool things are that are coming up in the garage yeah one one one thing that is a really big deal is um uh is the ability to manage kubernetes clusters as as as cattle right kubernetes makes node management and app management lets you treat them as cattle instead of pets but kubernetes clusters themselves our customers tell us like even in amazon eks and others these clusters themselves become pets and they become hard to manage so we have a really really interesting capability to manage these as more as you know from infrastructure code with githubs uh as cattle we actually have an announcement that i'm not able to share at this point which is coming out in two weeks uh in the ed space so you'll have to stay tuned for that so folks can go to platformnine.com.com check out that announcement two weeks two weeks from now by the end of october that's right awesome sharers thank you so much for joining us i love the fact that you asked that question because i kept thinking platform nine where do i know that from and i just googled harry potter that's right from nine and five dying because i didn't automatically make the correlation because my son and i are the most unbelievable potterheads ever yeah well so we have that in common that's fantastic awesome thank you for joining us sharing what platform mine is some of the exciting stuff coming out and two weeks learn to hear some great news about the edge absolutely awesome thank you for joining us my pleasure thank you for having me uh our pleasure as well for dave nicholson i'm lisa martin live in los angeles thecube is covering kubecon cloudnativecon21 stick around we'll be right back with our next guest

(string music) >> Welcome to the Cube conversation here at the Cube studios in Palo Alto California, I'm John Furrier, cohost of the Cube and cofounder of Slip and Angle Media. We're here with Shlomi Ben Haim who's the founder and CEO of Jfrog, hot startup. I asked him to come in to chat about his business. In the dev/op space, we see him at a lot of shows, your company's doing well, we love the marketing, the frog thing is great, love it, very cool. But there's a lot of real serious action going on in the enterprise and in the cloud and in emerging tech, whether it's AI or machine learning, whether its innovative things, developers are front and center in the marketplace and there's a boatload of noise out there, there's like this approach, this approach, there's a lot of different approaches, but at the end of the day, the devs are driving a lot of innovation. You guys are at the center of it so welcome to the Cube. >> Thank you. >> First question for you, just take a minute to talk about what you guys do, Jfrog, what's your company, what's your business, what are you guys up to, what's your deal? >> The way I think that the community will describe us would be that we are the binaries people, we are taking care of your binaries. As you know in the dev/ops world, everything you do you do with your binaries, with your software artifacts, so I heard some of the community members call us the database of dev/ops and we are the providers of artifactory, bintray, xray and mission control which take care of your binaries, managing them, host them, distribute them and secure them. >> Open source event we were at, we saw you guys because I was doing all the interviews and you guys were right on the edge there, then you guys got some nice background images off the Cube videos, but it was really interesting. The trend is your friend as the saying goes and the number of open source projects is increasing, the actual lines of code is exponentially going to grow from 22 million to 200, 400 million lines of code over the next couple of years, that's hockey stick. More developers are coming in, not old school like me that built their own stuff from scratch, there's a lot of lego blocks in fact Jim Samlin said that 10% of the code will probably be original ideas and differentiation, 90% of most of the code will be a code sandwich, which I believe, I think that's the legit direction. How do you guys fit into that trend and what does that mean for your business because I can imagine, there's a ton of Git Hub stuff going on, tons of forking, tons of projects, you got block chain catching the world by storm, there is a massive developer tsunami going on. How do you guys help them? >> It's very interesting, when we started Jfrog, actually my co-founder Yoav Landman started by providing developers with a very dummy, basic solution to proxy, public repositories like Maven central and it was not about the code for the first time, it was about the binaries. Code is great and the line of code, as you said, it's going to go enormous but what happened is that when you need to automate, when you need to rebuild, when you need to release faster, you go down to the binary level, to the software artifact level and guess what, no one took care of your binaries before, you were just throwing your binaries to your version controller or file store, maybe you were hosting them. >> They were messy, it's like a kid with their room, all the stuff spread around all over the place, where's that binary, no one keeps track of it. >> Nobody care about that, but this is the one thing that you keep consuming, keep building with, keep recompiling and in the era of dev/ops, is the one asset that you need to automate and reuse. This is where we, >> The core problem if I get this right, is that compiling is going to be, if you think of dev/ops, it's infrastructure as code, as the phrase goes as we always say and programming infrastructure is what dev guys want to do, they don't want to be in the business of switching configurations, getting in the routers and the network. They want it to be just one layer of resource, serverless is a great trend for you, more and more developers are going to love this. They want to program, so when you're programming, the inherent next step is where's the code, who's compiling it, does it need to be compiled? Is that the core problem, that there's more and more stuff going on under the hood that needs to be managed? Is that growing part of your business solution or is the problem just lost binaries, what's the core problem? >> It's a perfect question. First of all, we are providers, we are the providers of the only universal solution. Binaries are not just for java developers, they are not just for python developers, they are not just for dot net developers, they are not just for docker users and the way you package it, binaries happens between your get and your CI server, let's say Jenkins, get and Jenkins and your Kubernetes. Something happens between those two sites. Your orchestration tool and your code repository tool. In this land is where binaries play a very significant role and this is where we are a major player. >> Is the problem error prone in that zone, in that zone it's like the wild west, it's like a black hole if you will, think about what you're saying, if I get it right. There's a lot of stuff that goes on in there, is it mismanagement, what's the core thing that you guys got to do there? >> Tons of binaries, too much public repositories that the community cannot rely on. You need to manage and host your own binaries, the ones that you create yourself, and to provide and this is the last strength we see in the market, big organization need to provide dev/ops as a service to their own developers, so they need to ask this very important asset that we call software artifact and binaries or darker images or whatever you want to call it. >> Yeah a lot of great trends going on, obviously containers and Kubernetes you mentioned. Let's get into those, that's driving a lot of change. Certainly containers has been around for a while, whether you call it wrappers or whatever, it's a great magical thing, we love containers, Kubernetes really gets the trend right, if you look at the google trend, you see Kubernetes has got so much more traction than containers, although I'm not saying one's more relevant than the other, certainly orchestration's important, linking and loading all these containers together. Why is Kubernetes accelerating the binary conversation? Is it because more rapid development is going on, more programmability's going on, why is Kubernetes impacting the binaries components more now than ever? >> Putting aside the need for automating and integrating, this whole orchestration solution requires some work on the binary level but if you think about what Kubernetes is trying to solve, or what the containers are all trying to solve is a better, faster release, better, faster deployment, better, faster delivery and then you can do it only if you will combine the power of the developers and the power of the machine and release faster. This is what we say in Jfrog, release fast or die because it's all about how fast can you release? >> Before we get into some of the product specific stuff, I want to ask you some pointed questions on that. I want to ask you about automation. AI is obviously hot, I love AI, even though it's hyped up, it still promotes great software development, machine learning really is where the meat on the bone is there, so machine learning and automation bots, whatever you want to look at it, is an opportunity to actually to create adaptive code. How did that new software paradigm affect binaries because I can almost imagine that if you got a bot going wild, it could screw up the binaries. >> Completely. >> So can you comment on that, that area. Obviously we want more bots, automation is a good thing on one level, but how do you guys look at that market as an opportunity, as a challenge, what's that whole AI thing look like? >> Well if we take a step back, I think the dev/ops started with the need to automate and release faster. It was like the playground of developers, we need a better integration, we need a continuous integration, we need better delivery, we need continuous delivery. If you think about it now, in 20/20 perspective, you understand that this was all milestones. The next big challenge is continuous updates. People like me, people like you, just want their devices and machines to be updated. >> And secure, look at Equifax. Equifax is a great example, they didn't update the code. >> Absolutely and it's flowing and just happening and secure and in the world of automation, the world of AI, I think that the big challenge or the next big challenge of dev/ops is how can I create a continuous update machine which is also secure and software update will just flow. It will not be something that you press I agree, I reboot and do any kind of crazy stuff in order just to get your software update. It's more about the user experience of all of us. It's not just developers and dev/ops companies anymore. >> That's a great vision by the way, I love that. It should work like that and programmable infrastructure for dev/ops should be programmable and always available and highly reliable. Mark Zuckerberg used to have the saying, move fast, break stuff, that's not a dev/ops ethos by the way, they built their own dev/ops, but then he kind of quickly waffled back to move fast, be reliable, because he got some religion on ops. Totally get that, let's go into today's world. That gives us a little future view, what is a use case for a customer? Take me through the day and the life of a customer that's using Jfrog, what are their problems, what are some of the things that are burning in their office? Where's the smoke, what's the problem that they have that they need to take care of the binaries? Sprawl of code, just mismanagement, what are some of the signals? Share with your view there. >> It starts with the fact that it's not your developer anymore that builds software. You have a CI server there that never goes to a lunch break, never take a break with Facebook, which by the way, it's a great company but sometimes it stop giving the time during the work time and you keep building and building like crazy. Your CI server keep producing binaries. >> It's an always on code machine basically. >> It's a binaries machine and it's being built 24 by seven and yes, you use just a portion of it but you have to host and manage all of it and if you will host it in your version controller, it will explode, if you will put it in a file store, it will not be something, >> Explode because of capacity? >> Because you cannot do any cleanups on the version controller, not get or subversion or the false or any of them, you don't do cleanups on version control. >> Hygiene is an issue. >> Yes, plus integration. You need to integrate with your records system, plus promotion, you need to allow and automate promotion of the specific bites that you build. >> So that's why people call you the database or I would even say the brains of binaries, you got to keep track of the goods if you will, it's like the crown jewel is the binary. >> Right. >> If I get that right, okay let's take it to the next level. You have good hygiene, you have good stuff going on, what are you guys doing specifically that gives you a differentiation of the market because is it software, is it hardware, what is the Jfrog differentiation? >> I think that the first thing that happened to us was that we realized that binaries is for everyone. If you remember Jfrog's slogans from 2010, it was binaries for the people. We felt like we are leading the revolution of taking care of your binaries and therefore, we decided that whatever we build, our philosophy base, our concept will be universal. We started with the Java community, Maven and Gradel and then the dot net community with Nougat and then when it came to be more like a dev/ops industry in 2013 or '14 was it, >> Roughly, 2008 to 2014 was really the cloud errati and then it grew and then it matured a little bit. >> And the combination of dev and ops and IT and then we started to support packages like Debian and RPM, beyond repositories, docker registry, we were the first docker registry in the market. >> You were riding the wave from the beginning. >> Yes. >> You were right there riding the binary wave with the native cloud growth, public cloud growth big time which by the way had a lot of iterations quickly. >> Which is also one of our differentiators, we are the only hybrid providers for your binary solution. We have it in the cloud, any cloud or on prem. >> Who's the competition? >> It's a very good question, on a niche level, we have companies like docker that provide a docker registry we have Cores that provide docker registry, by the way, anyone in the market now that want to have a docker registry, a container registry. On the Java Maven domains, Sonotype provide a nexus which is a binary repository manager for Java for Maven builds. NPM provide a solution for NPM but if you think about the universal solution that supports other, >> Those are siloed platform specific binaries. >> Yes. >> You're taking much more of a wholistic, horizontally scalable, any binary any time management. >> Exactly, we don't do the before and after, but in the binaries world, we want to be one solution for all. >> I get the whole registry thing, love that positioning. Just a dumb question, when someone's coming in and managing intermittently in the registry, how do you guys handle that piece? How do you know that a Java request coming in from a Java registry, you guys have a front end to this thing, is it your software, how do you guys manage the integration of requests to and from the binaries. >> The read and write to the repository you mean? >> Yes. >> Artifactor is a very sophisticated repository if I may say it's built more like a database, it's based on a check sum mechanism and not just a basic file store. >> You verify it coming in on the front end. >> Right, the parts and machine caching, managing, hosting and distributing, it's all happening in artifactor. >> And performance is as good? No problems with performance? >> Well we are the only provider that has a highly available solution with over 4000 customers, so I guess it is. >> You got a smile yeah, I see you at the shows. You got a good reputation so it's great to have you come in. I want to just take a minute to pause because I know we're having a great conversation, I could talk about CI servers til the cows come home, one of my favorite topics dev/ops, as people who have been following me since 2008 know, I love the cloud, cloud native vision from day one. There's a lot of people out there who don't know what the hell a binary is, so take a minute and explain, what is a binary and why is it such an important thing right now in context to open source growth, more developers coming in, context to enterprises trying to be cloud like and just for the general purpose, why are binaries important? Why should the general public, how would you talk about what is a binary? >> I'll try. I think that the main difference is that binaries are more like, maybe it's a basic metaphor, but binaries are more like fresh food, unlike freeze food. Your source code is freezed, you're not allowed to touch it, you're not allowed to clean it, you're not allowed to change it. Your one dot seal would be my one dot seal. It's kind of freeze food, this is why in dev for get and other player in this market are so important. We see how bit bucket with the class in and Git Hub are growing and still playing a significant role binaries are different, binaries is the fresh food. Something that you keep changing, any minute and you build with a specific binary something and then something else and it become another binary if I may say so. I think that the flexibility that you need to gain when you go on full automation and full integration is the flexibility that you can get on the binary level. You cannot get it on the code level. Therefore, binaries playing a very significant role in the cloud era and in the dev/ops era. >> Sure it allows for extensibility of source code. In a way what you're saying. You can eat the frozen food or you can chop up your own organic meal yourself. >> Exactly. >> Okay I get that, final question for you, thanks for coming in, appreciate the one on one on binaries there. People can always just go on Wikipedia and look at other definitions on stack overflow and whatnot. What is the customer value proposition for Jfrog? Why should I work with you, what's the main reason for you to have 4000 customers? What's driving them to use you? Is it just convenience? Is it scalability, all of the above? Just take a minute to explain why customers go to you and if people don't work with you, why should they work with you? >> I think that the biggest challenge today is that you want to treat binaries as first level citizens and instead of having an NPM repository, docker registry, Maven repository, python repository and there is no single organization that will have just one repository, you can have it all with Jfrog. The second thing we are the providers of highly available solution to protect your data centers so if you don't want your 1000 developers sitting down, waiting for the binary repository to be up and running and to allow the environment, then you probably want to, >> Productivity right there is one. >> Productivity and efficiency, absolutely. We are also providing it to secure your binary flow and the platform that distributes your binaries. We take binaries very seriously, over two billion downloads a month on bintray, our distribution hub and we work with the community and for the community, we are developers ourself, coming from the open source community so it's all bottom up and community friendly. >> Shlomi, great commentary, I want to just get a personal, take your Jfrog hat off for a minute, put your developer, executive, industry expert hat on. Share with the audience your view on the developer market. There's been a lot of negative press around the brogrammer lately and all these things, but trends are clear that you have massive growth in open source, comment on the role open source plays as it goes into some argue fifth generation, fourth, fifth generation, I remember when the first generation I was coding on. Those were the days but different, it's changed. You have so much code, it's really a party right now in open source, there's so much good stuff happening. Google's donating tensorflow, all these people putting real big libraries out there to code on. Kubernetes is just so awesome, system guys specifically love what's going on in the cloud. But cloud is exploding a lot of opportunities, IoT and AI, what's the developer market like right now, just share your thoughts, what's the sentiment, what's the excitement, what are the young kids doing? What are some of the big things that you see happening? >> From business perspective, what we see in the market is developers first of all taking decisions. They hear their managers coming with the pain and expect it to solve it and the bottom up process is something we never saw in the market. The last five, six years, we see more and more developers kind of educating their managers with how to do it and how to do it faster. The second thing and this is, >> So bottom up's happening now you're saying. >> Happening for the last five years and it's growing. The second thing we see in the cloud, you see it more than I am, Google and Amazon and Microsoft and Red Hat, everyone want a piece of the cloud, Orca now just announced two days ago, three days ago. Everyone want a piece of the cloud and everybody understand that data traffic comes from developers, it's not individuals, it's communities, the open source community is giant and it's a very, there's a very important player in the data traffic of what we call the cloud highway. >> And the communities are very most important piece, you would agree with that, right? We're very community focused, that's the key, right? >> Yes, absolutely. >> I think the world will be developer indoctrinated with basically developer premises across all business, so it's not a department anymore, it's permeating all through organizations. >> Right and also impact our user experience. People like simple people that doesn't understand code, they're not contributing to the open source world still need software updates and competitive analysis are talking about that, how fast can you release? >> Well Stu Miniman and Dave Alante and Peter Burris and I always talk about community is the key in open source, you guys have been very successful in the community. Congratulations, obviously we're very community focused with our content, with the Cube. If you like the Cube, check us out at cube.net, give us a call, come in the studio if you're a thought leader, love to chat with you. I'm John Furrier with the Cube, more thought leadership coverage in Palo Alto here inside the Cube. We'll be right back, thanks for watching. (electronic music)

>> Announcer: Live from San Francisco, it's theCUBE, covering DevNet Create 2017, brought to you by Cisco. >> Welcome back everyone, we're here live in San Francisco for theCUBE's special exclusive coverage of Cisco's inaugural event, DevNet Create, a foray into the developer opensource world as they extend their classic DevNet core developer program, three years old now, going into the opensource world, this is theCUBE, I'm John Furrier with my cohost, Peter Burris, our next guest is Matt Howard, EVP and CMO of Sonatype, knows something about opensource, Matt, great to have you on theCUBE, thanks for joining us. >> Thanks for having me. >> So first, talk about Sonatype, what do you guys do? Give a quick minute to describe the company, then I got some pointed questions for you. >> Well, we provide tools and intelligence to modern development organizations to basically reinvent how opensource components are flowing through the pipeline, through the value chain, through the development lifecycle. >> You guys are a service, SaaS service, are you guys a subscription? >> It's a subscription service, and we provide two products, there's a product which is a repository manager called Nexus where you store, organize, and distribute software binaries into the development lifecycle, and then there's a second server product called Nexus IQ, which provides intelligence on top of those binary, so think of it as like FDA food labeling database, so if you're looking at a bag of potato chips as a consumer, you can see that there's calories, sugar, salt, it's gluten-free. If you're looking at a software binary, you're able to see metadata that we provide, which allows you as a developer to make intelligent decisions with respect to, this component's good for my application 'cause it's properly licensed, or this component's good for my application because it doesn't have any-- >> So you're a verifying code, basically, in a way. >> Yeah, absolutely. Verifying and qualifying the opensource-- >> John: And the problem you solve for the customer as well. >> The customer basically gets to build applications at scale, at speed, with quality opensource components. >> So you take the worries off, like, with the licensing, does it work well, you're like Yelp for software? There're comments? >> Sort of, more like Amazon reviews for opensource binaries. >> Okay, great, cool, thanks for taking the time. So we was just talking in our intro, opensource, I'm old enough to know when we used to pirate software, and then opensource, woo, this is great, and then it became a tier two in the enterprise player, Red Hat brought it to tier one. It's booming. Communities are changing. You're in the middle of it, what's happening? Give us your take on how opensource is evolving, because it's the classic case of cliche, opensource, I'm standing on the shoulders of giants before me, and now the next generation is standing on the current generations of shoulders, a new generation's happening, what's going on? >> So, just think of supply and demand, simple supply. We live in a world right now where development organizations are facing an infinite supply of opensource, there's a thousand new opensource projects a day, 10,000 new versions and 14 releases per year. The supply is massive. And in a world where supply is incredible, consumption is equally incredible, last year alone, there were 52 billion download requests from Maven Central for Java binaries, 50 billion-plus requests for NPM packages in the JavaScript ecosystem, so we are basically dealing with a world where software is no longer a marginal cost to doing business, it is the business. Developers are king, developers are the lifeblood that's flowing through every great enterprise today, because innovation is ultimately the thing that will allow companies to compete and win on a global playing field! >> I mean, it's almost intoxicating for these guys who are just drinking from the trough of free software, because if you compound the new projects with the fact that Google and these guys are donating awesome libraries, Amazons, machine-learning stuff, it's not something to shake a stick at, it's great software! >> Yeah! >> TensorFlow, Spanner, I mean, all this stuff-- >> It's great software, and just think, in a world of infinite choice, which is the world we're living in, how do you make the best choice? >> So where's the growth coming from? Peter and I were speculating that, in talking to Abby Kearns yesterday from Cloud Foundry, and then with the Cloud Native Foundation, a lot of money's coming in so the business model for players and vendors are coming in, and suppliers now helping out and donating software, but we're speculating that there's a whole growth area that's different than we've seen before. Are we on that? Your comment to that, your thoughts on where this evolution's coming from, the next wave, is it horizontal? >> Our view is that the devops transformation from waterfall-native development to devops-native software development is happening and it's real, and it's arguably in the early days, but it's no stopping that train now. As organizations continue to reconcile demand from board members and shareholders and CEOs, how do you remain relevant, how do you be, put yourself into a position where you're innovating with software fast enough to remain competitive? And that's a tremendous pressure, and it's driving transformational change like devops, and so as that demand for speed continues to grow, we think it only increases the appetite for opensource, and it creates opportunities for organizations like ours to basically automate how that opensource innovation happens. >> We do a lot of crowd chats, to surface the landscape and the common theme that comes up is, oh, your organizational mindset has to change, and were commenting, Peter and I were talking yesterday about, if your org's not set up, you'll have, what's the law? >> Conway's law. >> Conway's law, where the output matches the organization, but the bigger question is, Ford CEO got fired, he's been in the job for less than four years, he didn't have time to transform, so the question is, how does opensource help people transform faster, do you have any observations around that? Because that's the number one question we get is, okay, I need to configure resources to do that, and then the other theme that we're hearing, I'd love to get your reaction on is, "Oh my God, I'm going to lose my job through automation." And certainly Cisco has networking guys who are looking down the barrel of potentially being irrelevant if they don't make the network programmable, so this is, we've lived through cycles, is it the mainframe guys who kind of lose their jobs, kind of thing going on? Or is it a transformative opportunity for the people as well? >> Yeah, it's a great question, there's a lot there, but I think the notion that they say software eats the world, a different way of viewing is automation eats the world, and if you look at, we refer to the 100-10-1 rule, today, in every large IT organization, you got 100 developers for every 10 IT operations professionals for every one security professional. It's impossible for the application security professionals to maintain governance over 100 software developers. If the old way of doing something like application security in this world where we're talking about infinite supply of opensource, needs to be automated with machine intelligence, it needs to be scalable early, everywhere, and throughout the entire development lifecycle, and unless it's not, you're going to basically get some of the benefit of opensource, but not all of the benefit of opensource. >> I want to push you a little bit in this, Matt, because, one might argue, and I'm going to be a little bit apocryphal here for a second, but one might argue that we also have an infinite supply of different types of bubblegum. And at the end of the day, one can say, "Well, do we need another bubblegum?" And we may or may not, and yet we do. So the reason why I'm bringing that up is I want to square the infinite supply, which I don't disagree with, with the idea that, certainly our clients, especially the big data side, are still concerned about the fact that they can't find tooling, or combinations of opensource tooling, that can help them with their use case. And so as you think about, one of the things that intrigued me about what your company does is the idea of to what degree can you start with a business problem, use that business problem to do some design work, and then based on that, start finding the tooling that will be most appropriate for solving the problem. >> Yeah, it's a great question, and I think it goes back to this idea of automation, let's just give a real world use case, this is one of many, but if the demand for speed and innovation is what shareholders, boards, and CEOs are looking for out of their IT organizations and their development teams, then the first thing you do, in the theory of constraints is you look for where is the friction, right? So theory of constraints basically points to something like the process inside of a large financial organization that involves a developer requesting approval for using an opensource component. How long does that take? How many people are involved in that process? How many hours, how many dollars? Does it have to be that hard? Or can you basically create policy, and define policy, and build, effectively, a firewall that then automatically governs the flow of opensource, healthy opensource components, into the development lifecycle? With no human intervention at pace, right? And that's the idea of what we're doing when we talk about scaling opensource innovation early, everywhere, and across the entire development lifecycle, it starts at the perimeter, the moment the development requests the opensource component for use, it has to be automated, you can't afford to take three months to approve it, he needs it now! >> So let me turn that around, and see if this is a service that you are providing, or actually could provide. Given that you probably visibility into a lot of the problems that the developer's trying to solve, and therefore, their ability to check opensource in and out from a variety of different sources, are you also gaining visibility in the types of stuff that people can't find, and making that information available to the world about, here's some of the places where the opensource world could step up and do perhaps a better job of delivering that software? And I'm specifically thinking of the big data universe, because there's so many, for example, I got a client, big financial institution, who is tearing his hair out right now trying to come up with some standard components for complex machine-learning pipelines. Real, real hard job, a lot of different tools, they work together at some level, but they're not solving the problem, 'cause they're more focused on solving each other project's problem. Am I making this? >> You are making a lot of sense, and you should introduce us to your friend, because we would love to have a conversation and talk exactly how it is that you can create prescriptive architectures with opensource components to remove friction back to the theory of constraints concept, I mean, this process of innovation has to flatten out, and we are very narrowly focused on one particular piece of that pipeline, and it is the making sure that the development organization is benefiting from all of the greatness that opensource has to offer, but none of the bad, and you have to do that with automation. >> So just really quick, John, for those of you who don't know, the theory of constraints, to a computer science person, looks like Amdahl's law. Speed up that which you do most frequently, for those of you who've ever done computer design. >> Herbie the Boy Scout. >> Exactly, so it's speed up the thing that is causing the most pain. >> Right, right, right. >> So the question I have for you this, okay, given what you guys do, which is a great service, cutting edge, it's in the devops wheelhouse, so, what is, in your opinion, the most important metric for your customer's success, vis a vis devops, okay, I'm in, I've been hearing about this cloud native thing and devops, we've got to change to Agile, we wrote a manifesto, we changed the organization, what is the important metric that you think they should look for for success? >> You know, there's a lot of metrics, there's no one answer, but I'll give you a really great one, since you mentioned Red Hat earlier. Red Hat is an amazing company that has probably done more for the evolution of opensource than anyone. They have a phenomenal track record of managing RHEL, the Red Hat Enterprise Linux stack, upstream and downstream, to the point where today, they publicly tell that the Red Hat Summit just recently in Boston, I think it's a day or two meantime to repair for a zero-day vulnerability. They understand the supply chain for RHEL extremely well, and from our perspective, we are trying to create the same type of hygiene for custom software development that RHEL has long practiced in support of Red Hat, Red Hat has long practiced in support of RHEL, and so meantime to repair, for example. If a zero-day vulnerability hits, do you have a software bill of materials? Are you wondering where that particular component is? Do you even have the component? How many applications in production are affected? I mean, this is a real-world scenario, just two weeks ago, with Struts 2, how many organizations are still working today to figure out the answer to that question? You'd be surprised, it takes organizations months-- >> Peter: But this is more than a library. >> This is more than a library. >> So explain why it's more than a library. >> Struts 2? >> No, what you're doing. >> What we're basically doing is imagining a software supply chain, so step back and imagine a world where you could build software applications the same way that Toyota builds cars. You have Deming's principles, which says you basically take and source the components or the parts from the fewer suppliers, and you source the absolute best parts, and you track and trace the location of those parts to every step of the supply chain all the way into production, so that Toyota recently had to conduct an orderly and effective recall for four million Takata airbags. Right? In software terms, the next time you're basically sitting on top of a zero day, you need the equivalent of that orderly effective recall so you can in a matter of minutes, not months, patch that vulnerability. >> Hence why you use Goldratt's theory of constraints, so in many respects, this is a digital supply chain tool? >> We believe it's software supply chain automation. >> What about digital? Can I also think about how digital objects can be included in that? Again, going back-- >> Containers? >> Going back to the big data notion? >> Yeah, absolutely, this is, supply chain theory is well understood in a physical goods world, certainly, if you look at how physical goods move through a supply chain, and you come to grips with what's happening in digital transformation today and the evolution of devops and the proliferation of opensource, continuous integration, continuous delivery, speed is king, it's all going in the direction of a supply chain. >> So, when you have so much bubblegum, as Peter said, after it loses its flavor, you get a new piece, right? So, same with software. Final question for you. You guys are doing well, I can imagine that operationally, as coming to operational as opensource, you're a key component there, and that seems like a good opportunity. How early are you on that operational progress? I mean, you just get started, you're making some money, which is good. >> To be frank-- >> You're the customer on the journey, in other words, people realize, "I got a operation on," so they're just doing it, not having a checks and balance. >> Our business is really interesting in the sense that product market fit for any young company can take quite a while, and we're fortunate enough to have a CEO who is remarkably patient and savvy and experienced, his name is Wayne Jackson, for anybody knows, here at the Cisco conference, he was previously the CEO of Sourcefire, so an interesting connection there, but patience is key, and we're being rewarded right now because all of the trends that you guys have already talked about here, and everything we've talked about at Cisco DevNet point to a simple fact, which is that software is key to how companies will compete and win in the future, and as long as that's true, they're going to be looking for ways to improve innovation. Right now, our business is early, we're still creating budget in some situations, but that's increasingly changing, and I would say that you should expect our business to continue to grow-- >> So people are operationalizing opensource, and they're getting serious about some of these things-- >> We're seeing budget now that we didn't see last year, for operationalizing the flow of opensource into a devops-- >> Final, final question, since I want to get your take on the show, Cisco's moves here into this world, obviously, a good move in our opinion, I'm sure you agree, risky for them, a good move, progress, what should they do next? Your thoughts and reaction to DevNet Create, 'cause man, they got DevNet, a growing, robust community of Cisco developers. DevNet Create, a new opportunity, what's your thoughts? >> I've learned a lot, I'm glad to be here, and just saw some things yesterday that make it very, very clear that DevNet Create and what Cisco's doing with it is a great move, I mean, my personal belief is that developers are king, and as you expose core services, network services to developers, an innovation happens, and value gets created, and so they've done so much at the network layer for so many years, and if they're now exposing that network sort of innovation to developers, it'll be exciting to see what kind of innovation happens. >> Matt, thanks for coming on theCUBE, really appreciate it, I'm glad we got you in, great to meet you last night, and congratulations on your startup that you're working with, and growth, and been around the industry a long time, you've seen a lot of waves, and appreciate the insight here on theCUBE, appreciate it. >> Appreciate you having me. >> Alright, we are live in San Francisco for exclusive coverage of Cisco's inaugural event DevNet Create, I'm John Furrier, Peter Burris, stay with us for more day two coverage after this short break. >> Hi, I'm April Mitchell, and I'm the Senior Director of Strategy and Planning for Cisco.

>> Announcer: Live from San Francisco it's The Cube covering Oracle OpenWorld 2016 brought to you by Oracle. Now here's your host, John Furrier and Peter Burris. >> Hey welcome back everyone. We are live in San Francisco at Oracle OpenWorld 2016. This is SiliconANGLE, the key of our flagship program. We go out to the events, extract a signal from the noise. I'm John Furrier, Co-CEO of SiliconANGLE with Peter Burris, head of Research at SiliconANGLE as well as the General Manager of Wikibon Research, our next guest is Siddhartha Agarwal, Vice-President of Product Management and Strategy of Oracle Cloud Platform. Welcome back to the Cube, good to see you. >> Yes, hi John. Great to be here. >> So I've seen a lot of great stuff. The core messaging from the corporate headquarters Cloud Cloud Cloud, but there's so much stuff going on in Oracle on all the applications. We've had many great conversations around the different, kind of, how the price are all fitting into the cloud model. But Peter and I were talking yesterday in our wrap-up about, we're the developers. >> Siddhartha: Yeah. >> Now and someone made a joke, oh they're at JavaOne, which is great. A lot of them are at JavaOne, but there's a huge developer opportunity within the Oracle core ecosystem because Cloud is very developer friendly. Devops, agile, cloud-native environments really cater to, really, software developers. >> Yeah, absolutely and that's a big focus area for us because we want to get developers excited about the ability to build the next generation of applications on the Oracle Cloud. Cloud-native applications, microservices-based applications and having that environment be open with choice of programming languages, open in terms of choice of which databases they want, not just Oracle database. NoSQL, MySQL, other databases and then choice of the computeship that you're using. Containers, bare metal, virtual environments and an open standard. So it's giving a very open, modern easy platform for developers so that they'll build on our platform. >> You know, one of the things that we always talk about at events is when we talk to companies really trying to win the hearts and minds of developers. You always hear, we're going to win the developers. They're like an object, like you don't really win developers. Developers are very fickle but very loyal if you can align with what they're trying to do. >> Siddartha: Yeah. >> And they'll reject hardcore tactics of selling and lock-in so that's a concern. It's a psychology of the developers. They want cool but they want relevance and they want to align with their goals. How do you see that 'cause I think Oracle is a great ecosystem for a developer. How do you manage that psychology 'cause Oracle has traditionally been an enterprise software company, so software's great but... Amazon has a good lead on the developers right now. You know, look at the end of the day you have to get developers realizing that they can build excellent, fun creative applications to create differentiation for their organizations, right, and do it fast with cool technologies. So we're giving them, for example, not just the ability to build with Java EE but now they can build in Java SE with Tomcat, they can build with Node, they can build with PHP and soon they'll be able to do it with Ruby and Daikon. And we're giving that in a container-based platform where they don't necessarily have to manage the container. They get automatic scalability, they get back up batching, all of that stuff taken care of for them. Also, you know, being able to build rich, mobile applications, that's really important for them. So how they can build mobile applications using Ionic, Angular, whatever JavaScript framework they want, but on the back end they have to be able to connect these mobile apps to the enterprise. They have to get location-based inside and to where the person is who's using the mobile app. They need to be able to get inside and tell how the mobile app's been used, and you've heard Larry talk about the Chatbot platform, right? How do you engage with customers in a different way through Facebook Messenger? So those are some of the new technologies that we're making very easily available and then at the end of the day we're giving them choice of databases so it's not just Oracle database that you get up and running in the Cloud and it's provision managed, automated for you. But now you can ask for NoSQL databases. You can have Cassandra, MongoDB run on our IaaS and MySQL. We just announced MySQL enterprise edition available as a service in the Public Cloud. >> Yeah one of the things that developers love, you know, being an ex-developer myself in the old days, is, and we've talked to them... They're very loyal but they're very pragmatic and they're engineers, basically they're software engineers. They love tools, great tools that work, they want support, but they want distribution of their product that they create, they're creators, so distribution ultimately means modernization but developers don't harp too much on money-making although they'd want to make money. They don't want to be abandoned on those three areas. They don't want to be disloyal. They want to be loyal, they want support and they want to have distribution. What does Oracle bring to the table to address those three things? >> Yeah, they're a few ways in which we're thinking of helping developers with distributions. For example, one is, developers are building applications that they exposing their APIs and they want to be able to monetize those APIs because they are exposing business process and a logic from their organization as APIs so we're giving them the ability to have portals where they can expose their APIs and monetize the APIs. The other thing is we've also got the Oracle Cloud Marketplace where developers can put their stuff on Oracle Cloud Marketplace so others can be leveraging that content and they're getting paid for that. >> How does that work? Do they plug it into the pass layer? How does the marketplace fit in if I'm a developer? >> Sure, the marketplace is a catalog, right, and you can put your stuff on the catalog. Then when you want to drag and drop something, you drop it onto Oracle PaaS or onto Oracle IaaS. So you're taking the application that you've built and then you got it to have something that-- >> John: So composing a solution on the fly of your customer? >> Well, yeah exactly, just pulling a pre-composed solution that a developer had built and being able to drop it onto the Oracle PaaS and IaaS platform. >> So the developer gets a customer and they get paid for that through the catalog? >> Yes, yes, yes and it's also better for customers, right? They're getting all sorts of capability pre-built for them, available for them, ready for them. >> So one of the things that's come up, and we've heard it, it was really amplified too much but we saw it and it got some play. In developer communities, the messaging on the containers and microservers as you mentioned earlier. Huge deal right now. They love that ability to have the containerization. We even heard containers driving down into the IaaS area, so with the network virtualization stuff going on, so how is that going to help developers? What confidence will you share to developers that you guys are backing the container standards-- >> Siddhartha: Absolutely. >> Driving that, participating in that. >> Well I think there are a couple of things. First of all, containers are not that easy in terms of when you have to orchestrate under the containers, you have to register these containers. Today the technology is for containers to be managed, the orchestration technology which is things like Swarm, Kubernetes, MISO, et cetera. They're changing very rapidly and then in order to use these technologies, you have to have a scheduler and things like that. So there's a stack of three or four, relatively recent technologies, changing at a relatively fast pace and that creates a very unstable stack for someone who create production level stuff for them, right? The docker container that they built actually run from this slightly shaky stack. >> Like Kubernetes or what not. >> Yeah yeah and so what we've done is we're saying, look, we're giving you container as a service so if you've already created docker containers, you can now bring those containers as is to the Oracle Public Cloud. You can take this application, these 20 containers and then from that point on we've taken care of putting the containers out, scaling the containers up, registering the containers, managing the containers for you, so you're just being able to use that environment as a developer. And if you want to use the PaaS, that's that IaaS. If you want to use the PaaS, then the PhP node, JavaSE capability that I told you was also containerized. You're just not exposed to docker there. Actually, I know he's got a question, but I want to just point out Juan Loaiza, who was on Monday, he pointed out the JSON aspect of the database was I thought was pretty compelling. From a developer's standpoing, JSON's very really popular with managing APIs. So having that in the database is really kind of a good thing so people should check out that interview. >> Very quickly, one of the historical norm for developers is you start with a data model and then you take various types of tools and you build code that operates against that development for that basic data model. And Oracle obviously has, that's a big part of what your business has historically been. As you move forward, as we start looking at big data and the enormous investment that businesses are making in trying to understand how to utilize that technology, it's not going as well as a lot folks might've thought it would in part because the developer community hasn't fully engaged how to generate value out of those basic stacks of technology. How is Oracle, who has obviously a leadership position in database and is now re-committing itself to some of these new big data technologies, how're you going to differentially, or do you anticipate differentially presenting that to developers so they can do more with big data-like technologies? >> They're a few things that we've done, wonderful question. First of all, just creating the Hadoop cluster, managing the Hadoop cluster, scaling out the Hadoop cluster requires a lot of effort. So we're giving you big data as a service where you don't have to worry about that underlying infrastructure. The next problem is how do you get data into the data lake, and the data has been generated at tremendous volume. You think about internet of things, you think about devices, et cetera. They're generating data at tremendous volume. We're giving you the ability to actually be able to use a streaming, Kafka, Sparc-based serviced to be able to bring data in or to use Oracle data intergration to be able to stream data in from, let's say, something happening on the Oracle database into your big data hub. So it's giving you very easy ways to get your data into the data hub and being able to do that with HDFS, with Hive, whichever target system you want to use. Then on top of that data, the next challenge is what do you visualize, right? I mean, you've got all this data together but a very small percentage is actually giving you insight. So how do you look at this and find that needle in the haystack? So for that we've given you the ability to do analytics with the BI Cloud service to get inside into the data where we're actually doing machine learning. And we're getting inside from the data and presenting those data sets to the most relevant to the most insightful by giving you some smart insights upfront and by giving you visualizations. So for example, you search for, in all these forms, what are the users says as they entered in the data. The best way to present that is by a tag cloud. So giving you visualization that makes sense, so you can do rich discovery and get rich insight from BI Cloud service and the data visualization cloud service. Lastly, if you have, let's say, five years of data on an air conditioner and the product manager's trying to get inside into that data saying, hey what should I fix so that that doesn't happen next time around. We're giving you the big data discovery cloud service where you don't have to set up that data lab, you don't have to set up the models, et cetera. You could just say replicate two billing rows, we'll replicate it in the cloud for you within our data store and you can start getting insight from it. >> So how are developers going to start using these tools 'cause it's clear that data scientists can use it, it's clear that people that have more of analytic's background can use it. How're developers going to start grabbing a lot of these capabilities, especially with machine learning and AI and some of the other things on the horizon? And how do you guys anticipate you're going to present this stuff to a developer community so that they can, again, start creating more value for the business? Is that something that's on the horizon? >> You know it's here, it's not on the horizon, it's here. We're helping developers, for example, build a microservice that wants to get data from a treadmill that one of the customers is running on, right? We're trying to get data from one of the customers on the treadmills. Well the developer now creates a microservice where the data from the treadmill has been ingested into a data lake. We've made it very easy for them to ingest into the data lake and then that microservice will be able to very easily access the data, expose only the portion of the data that's interesting. For example, the developer wants to create a very rich mobile app that presents the customer running with all the insight into the average daily calorie burn and what they're doing, et cetera. Now they can take that data, do analytics on it and very easily be able to present it in the mobile platform without having to work through all the plumbing of the data lake, of the ingestion, of the visualization, of the mobile piece, of the integration of the backend system. All of that is being provided so developers can really plug and play and have fun. >> Yeah, they want that fun. Building is the fun part, they want to have fun-- >> They want relevance, great tools and not have to worry about the infrastructure. >> John: They want distribution. They want their work to be showcased. >> Peter: That's what I mean about relevance, that's really about relevance. >> They want to work on the cool stuff and again-- >> And be relevant. >> Developers are starting to have what I call the nightclub effect. Coding is so much fun now, there's new stuff that comes out. They want to hack with the new codes. They want to play with some that fit the form factor with either a device or whatnot. >> Yeah and one other thing that we've done is, we've made the... All developers today are doing containers delivery because they need to release code really fast, right. It's no longer about months, it's about days or hours that they have to release. So we're giving a complete continuous delivery framework where people can leverage Git for their code depository, they can use Maven for continuous integration, they can use Puppet and Chef for stripping. The can manage the backlog of their task. They can do code reviews, et cetera, all done in the cloud for them. >> So lifestyles, hospitality. Taking care of developers, that's what you got to do. >> Exactly, that's a great analogy. You know all these things, they have to have these tools that they put together and what we're doing is we're saying, you don't have to worry about putting together those tools, just use them. But if you have some, you can plug in. >> Well we think, Wikibon and SiliconeANGLE, believe that there's going to be a tsunami of enterprise developers with the consumerization of IT, now meaning the Cloud, that you're going to see enterprise development, just a boom in development. You're going to see a lot more activity. Now I know it's different in development by it's not just pure Cloud need, it's some Legacy, but it's going to be a boom so we think you guys are very set up for that. Certainly with the products, so my final question for you Siddhartha is, what's your plans? I mean, sounds great. What're you going to do about it? Is there a venture happening? How're you guys going to develop this opportunity? What're you guys going to do? >> So the product sets are already there but we're evolving those products sets to a significant pace. So first of all, you can go to cloud.oracle.com/tryit and try these cloud services and build the applications on it, that's there. We've got a portal called developer.oracle.com where you can get resources on, for example, I'm a JavaScript developer. What's everything that Oracle's doing to help JavaScript developers? I'm a MySQL developer. what's everyone doing to help with that? So they've got that. Then starting at the beginning of next year, we're going to roll out a set of workshops that happen in many cities around the world where we go work with developers, hands on, and getting them inside an experience of how to build these rich, cloud-native, microservices-based applications. So those are some of the things and then our advocacy program. We already have the ACE Program, the ACE Directive Program. Working with that program to really make it a very vibrant, energetic ecosystem that is helping, building a sort of sample codes and building expert knowledge around how the Oracle environment can be used to build really cool microservices-based, cloud-native-- >> So you're investing, you're investing. >> Siddhartha: Oh absolutely. >> Any big events, you're just more little events, any big events, any developer events you guys going to do? >> So we'll be doing these workshops and we'll be sponsoring a bunch non-Oracle developer events and then we'll be launching a big developer event of our own. >> Great, so final question. What's in it for the developer? If I'm a developer, what's in it for me? Hey I love Oracle, thanks for spending the money and investing in this. What's in it for me? Why, why should I give you a look? >> Because you can do it faster with higher quality. So that microservices application that I was talking about, if you went to any other cloud and tried to build that microservices-based application that got data from the treadmill into a data lake using IoT and the analytics integration with backend applications, it would've taken you a lot longer. You can get going in the language of your choice using the database of your choice, using standards of your choice and have no lock-in. You can take your data out, you can take your code out whenever you want. So do it faster with openness. >> Siddhartha, thanks for sharing that developer update. We were talking about it yesterday. Our prayers were answered. (laughing) You came on The Cube. We were like, where is the developer action? I mean we see that JavaOne, we love Java, certainly JavaScript is awesome and a lot of good stuff going on. Thanks for sharing and congratulations on the investments and to continuing bringing developer goodness out there. >> Thank you, John. >> This The Cube, we're sharing that data with you and we're going to bring more signal from the noise here after this short break. You're watching The Cube. (electronic beat)