(dramatic orchestral music) >> Hey, welcome back everybody. Jeff Frick, here, at theCUBE. We're at the Palo Alto studios taking a very short break in the middle of the crazy fall conference season. We'll be back on the road again next week. But we're excited to take an opportunity to take a breath. Again, meet new companies, have CUBE conversations here in the studio, and we're really excited to have our next guest. He's Apurva Dave, the CMO of Sysdig. Apurva, great to see you. >> Thanks, Jeff, thanks for having me here. >> Yea, welcome, happy Friday. >> Appreciate it, happy Friday, always worth it. >> So give us kind of the 101 on Sysdig. >> Yep, Sysdig is a really cool story. It is founded by a gentleman named Loris Degioanni. And, I think the geeks in your audience will probably know Loris in a heartbeat because he was one of the co-creators of a really famous open source project called Wireshark. It's at 20 million users worldwide, for network forensics, network visibility, troubleshooting, all that great stuff. And, way back when, in 2012, Loris realized what cloud and containers were doing to the market and how people build applications. And he stepped back and said, "We're going to need "a totally new way to monitor "and secure these applications." So he left all that Wireshark success behind, and he started another open source project, which eventually became Sysdig. >> Okay. >> Fast-forward to today. Millions of people are using the open source Sysdig and the sister project Sysdig Falco to monitor and secure these containerized applications. >> So what did Sysdig the company delineate itself from Sysdig the open source project? >> Well, you know, that's part of the challenge with open source, it's like part of your identity, right. Open source is who you are. And, what we've done is, we've taken Loris's vision and made it a reality, which is, using this open source technology and instrumentation, we can then build these enterprise class products on top for security monitoring and forensics at scales that the biggest banks in the world can use, governments can use, pharma, healthcare, insurance, all these large companies that need enterprise class products. All based on that same, original open source technology that Loris conceived so many years ago. >> So would you say, so the one that we see all the time and kind of use a base for the open source model, you kind of, Hortonworks, it's really pure, open source Hadoop. Then you have, kind of, Mapbar, you know, it's kind of proprietary on top of Hadoop. And then you have Cloudera. It's kind of open core with a wrapper. I mean, how does the open piece fit within the other pieces that you guys provide? >> That's really a really insightful question because Loris has always had a different model to open source, which is, you create these powerful open source projects that, on their own, will solve a particular problem or use case. For example, the initial Sysdig open source project is really good at forensics and troubleshooting. Sysdig Falco is really good at runtime container security. Those are useful in and of themselves. But then for enterprise class companies, you operate that at massive scale and simplicity. So we add powerful user interfaces, enterprise class management, auditing, security. We bundle that all on top. And that becomes this Cloud-Native intelligence platform that we sell to enterprise. >> And how do they buy that? >> You can, as subscription model. You can use it either as software as a service, where we operate it for you, or you can use it as on-premise software, where we deliver the bits to you and you deploy it behind your firewall. Both of those products are exactly the same functionally, and that's kind of the benefit we had as a younger company coming to market. We knew when we started, we'd need to deliver our software in both forms. >> Okay and then how does that map to, you know, Docker, probably the most broadly known container application, which rose and really disturbed everything a couple years ago. And then that's been disturbed by the next great thing, which is Kubernetes. So how do you guys fit in within those two really well-known pieces of the puzzle? >> Yeah, well you know, like we were talking about earlier, there's so much magic and stardust around Kubernetes and Docker and you just say it to an IT person anywhere and either they're working on Kubernetes, they're thinking about working on Kubernetes, or they're wondering when they can get to working on Kubernetes. The challenge becomes that, once the stardust wears off, and you realize that yeah, this thing is valuable, but there's a lot of work to actually implementing it and operationalizing it, that's when your customers realize that their entire life is going to be upended when they implement these new technologies and implement this new platform. So that's where Sysdig and other products come in. We want to help those customers actually operationalize that software. For us, that's solving the huge gaps around monitoring, security, network visibility, forensics, and so on. And, part of my goal in marketing, is to help the customers realize that they're going to need all these capabilities as they start moving to Kubernetes. >> Right, certainly, it's the hot topic. I mean, we were just at VMworld, we've been covering VMworld forever, and both Pat and Sanjay had Kubernetes as parts of their keynotes on day one and day two. So they're all in, as well, all time for Amazon, and it goes without saying with Google. >> Yeah, so it's funny is, we released initial support for Kubernetes, get this, back in 2015. And, this was the point where, basically the world hadn't yet really, they didn't really know what Kubernetes was. >> Unless they watched theCUBE. >> Unless they watched-- >> They had Craig Mcklecky-- >> Okay, alright. >> On Google cloud platform next 2014. I looked it up. >> Awesome. Very nice-- >> Told us, even the story of the ship wheel and everything. But you're right, I don't think that many people were there. It was at Mission Bay Conference Center, which is not where you would think a Google conference would be. It's a 400 person conference facility. >> Exactly, and I think this year, CubeCon is probably going to be 7,000 people. Shows you a little bit of the growth of this industry. But, even back in 2015, we kind of recognized that it wasn't just about containers, but it was about the microservices that you build on top on containers and how you control those containers. That's really going to change the way enterprises build software. And that's been a guiding principle for us, as we've built out the company and the products. >> Well, way to get ahead of the curve, I love it. So, I see it of more of a philosophical question on an open source company. It's such an important piece of the modern software world, and you guys are foundationally built on that, but I always think about when you're managing your own resources. You know, how much time do you enable the engineers to spend on the open source piece of the open source project, and how much, which is great, and they get a lot of kudos in the ecosystem, and they're great contributors, and they get to speak at conferences, and it's good, it's important. Versus how much time they need to spend on the company stuff, and managing those two resource allocations, 'cause they're very different, they're both very important, and in a company, like Sysdig, they're so intimately tied together. >> Yeah, that last point to me is the biggest driver. I think some companies deal with open source as a side project that gives engineers an outlet to do some fun, interesting things they wouldn't otherwise do. For a company like Sysdig, open source is core to what we do. We think of these two communities that we serve, the open source community and the enterprise community. But it's all based on the same technology. And our job in this mix is to facilitate the activity going on in both of these communities in a way that's appropriate for how those communities want to operate. I think most people understand how an enterprise, you know, a commercial enterprise community wants to operate. They want Sysdig to have a roadmap and deliver on that roadmap, and that's all well and good. That open source element is really kind of new and challenging. Our model has always been that the core open source technology fuels our enterprise business, and what we need to do is put as much energy as we can into the open source, such that the community is inspired to interact with us, experiment, and give back. And if we do it right, two things happen. We see massive contribution from the community, the community might even take over our open source projects. We see that happening with Sysdig Falco right now. For us, our job then is to sit back, understand how that community is innovating, and how we can add value on top of it. So coming back all the way to your question around engineers and what they should be doing, step one, always contribute to the open source. Make our open source better, so that the community is inspired to interact with us. And then from there, we'll leverage all that goodness in a way that's right for our enterprise community. >> So really getting in almost like a flywheel effect. Just investing in that core flywheel and then spin off all kinds of great stuff. >> You got it, you know, my motto's always been like, if the open source is this thing off to the side, that you're wondering, oh, should our engineers be working on it, or shouldn't they, it's going to be a tough model to sustain long-term. There has to be an integrated value to your overall organization and you have to recognize that. And then, resource it appropriately. >> Right, so let's kind of come up to the present. You guys just had a big round of funding, congratulations. >> Yep, thank you. >> So you got some new cash in the bank. So what's next for Sysdig? Now you got this new powder, if you will, so what's on the horizon, where are you guys going next? Where are you taking the company forward? >> Great question, so, we just raised a $68.5 million Series D round, led by Inside Ventures and follow-on investors from our previous investors, Accel and Bane. 68.5 doesn't happen overnight. It's certainly been a set of wins since Loris first introduced those open source projects to releasing our monitoring product, adding our security product. In fact, earlier this year, we brought on a very experienced CEO, Suresh Vasudevan, who was the previous CEO of Nimble Storage, as a partner to Loris, so that they could grow the business together. Come this summer, we're having massive success. It feels like we've hit a hockey stick late last year, where we signed up some of the largest investment banks in the world, large government organizations, Fortune 500s, all the magic is happening that you hope for, and all of a sudden, we found these investors knocking at our door, we weren't actually even out looking for funds, and we ended up with an over-subscribed round. >> Right. >> So our next goal, like what are you going to do with all that money, is first of all, we're moving to a phase where, it's not just about the product, but it's about the overall experience with Sysdig the company. We're really building that out, so that every enterprise has an incredible experience with our product and the company itself, so that they're just, you know, amazed with what Sysdig did to help make Cloud-Native a reality. >> That's great and you got to bring in an extra investor, like in a crunch phase, you guys haven't had that many investors in the company, relatively a small number of participants. >> It's been very tightly held, and we like it that way. We want to keep out community small and tight. >> Well, Apurva, exciting times, and I'm sure you're excited to have some of that money to spend on marketing going forward. >> Well, we'll do our part. >> Well, thanks for sharing your story, and have a great weekend. I'm happy it's Friday, I'm sure you are, too. >> Thanks so much, have a great weekend. Thanks for having me. >> He's Apurva, I'm Jeff, you're watching theCUBE. It's theCUBE conversation in Palo Alto, we'll be back on the road next week, so keep on watching. See you next time. (dramatic orchestral music)

>> Hey, welcome back everybody. Jeff Frick with theCUBE. We're at Node Summit 2017, downtown San Francisco Mission Bay Conference Center, 800 people, a lot of developers, pretty much all developers talking about what's going on with Node, the Node community and some tangental things that are involved in Node, as well. We're excited to have our next guest on, he's Stephen Fluin, he's a developer advocate for Google, Stephen, welcome. >> Thank you so much for having me. >> Absolutely. First off, just kind of impressions of the show. You said you were here last year, the community's obviously very active, growing, I don't know that they're going to be able to come back to this space for very much longer. >> I know. >> What do you think? >> Probably not, I love how the community's continuing to grow and evolve, right? This technology is moving faster than almost any technology I've seen before. I call it a communatorial explosion of complexity because there's always new tools coming out, new ways of thinking and that's really rich and a great way to have a lot of innovation happening. >> Right, there was a great, one of the early ones this morning, the speaker said they had one Node app a year ago, and now they have 15 in production, 22 almost ready and 75 other internal projects, in one year! >> Yeah, it's definitely crazy. >> So why, I mean there's lots of things as to why Node's successful, but from your perspective, why is it growing so fast? >> I think it's fast because it's the first time that we've had a real extended eco-system where a lot of developers are coming together, bringing their own perspectives, and it's a very collaborative environment. Everyone's trying to help each other. >> So you just got off stage, you had your own session >> I did. >> But Angular on the Server. >> Yes. >> Even for the folks that missed it, kind of what was the main theme of your talk? >> Sure, sure, so I'm on the Angular Team, which is a client-side framework for building applications. We've really been focused a lot on really great web experiences for the client. How do we run code as close as possible to the browser so that you get these very rich, engaging applications. >> Right. >> But one of the things that we've been focused on and has been one of our design goals since the beginning is how do we write JavaScript and TypeScript in a way that you can run it on the client or the server? And so just last week we announced new support has landed in our CLI that makes this process easier so that you can run your applications on the server and then bootstrap a client-side application on top of that. >> Why is that important? >> It's important for a few different reasons. You want to run applications sometimes on the server, first, because there's a lot of computers that are processing the web and browsing the web across the internet >> Right. >> so there's search engines, there's things like Facebook and Twitter, which are scraping websites looking for metadata, looking for thumnbnails and other sorts of content, but then also there's a human aspect where by rendering things on the server, you can actually have an increased perception of your load times, so things look like they're loading faster while you can still then, on top of that, deliver very rich, engaging client side experience with animations and transitions and all those sorts of things. >> That's interesting. Before we got started you had talked about thinking of the world in terms of the user experience, at the end of the line versus thinking of it from the server. I thought you were going down kind of the server optimization, power, when you say think about the server, those types of things but you're talking about a whole different set of reasons to think about the server >> Yeah, absolutely. >> and the way that that connects to the rest of the web. >> Yes, because there's a lot of consumers of content that we don't necessarily think about when we're building applications >> Right, right. >> we normally think about the human side of things but having an application, whether it's a single application or whatever, that is also well optimized for servers can be very helpful. >> Yeah, that's pretty >> Servers as the consumers. >> servers as the consumers which I guess makes sense, right? Because the Google's Indexes and all the other ones are crawling servers >> Absolutely. >> they're not scraping web pages, hopefully, I assume, I assume we're past that stage. Alright, good, so what else is going on, in terms of the Angular community, that you're working on next? >> Sure, sure. I think we're really just focused on continuing to make things easier, smaller and faster to use, so those are kind of the three focus points we've got as we continue to invest and evolve in the platforms. So, how do we make it easier for new developers to come into the kind of Angular platform and take advantage of all we have to offer? How do we make smaller bundles so that the experience is faster for users? >> Right, right. >> And then how do we make all these things understandable and digestable for developers? >> It's like the bionic men never went away, right? It's still better, stronger, faster. >> Exactly. >> Alright, Steve, thanks for taking a few minutes out of your day and sharing your story with us. >> Thanks so much for having me. >> Absolutely, Stephen Fluin, from Google. I'm Jeff Frick, you're watching theCUBE. Thanks for watching, we'll catch you next time. Take care.

>> Welcome back everybody, Jeff Frick here with theCUBE. We're at Node Summit 2017 in downtown San Francisco Mission Bay Conference Center, we've been coming here for years. The vibe is growing and exciting and some really interesting use cases in earlier sessions about how fast a Node adoption is happening in some of these enterprises and we're excited to have Michael Dawson. He's a software developer, but more importantly, he's a Node.js community lead for IBM. Michael welcome. >> Alright, thank you. It's great to be here. Nice to be able to talk to you and talk about Node.js and what's going on in the community. >> Just to get your impressions in terms of a temporal perspective, of how this has changed and evolved over time. A lot of talk about the community. I think the facility here only holds like 800 people. I think it's full to the capacity. You know, how has it been growing and kind of what's your perspective from a little bit of a higher point of view. >> It's really great, you know I was at Node Summit three years ago, and other conferences, and it's great to see that over the years how we get more and more people involved. Different constituencies, you know, more people who are deploying Node.js. And even just, you know, day-to-day we see a larger and larger number of collaborators who are getting involved in contributing to make the success of Node really grow and the functionality and all that great stuff. >> Jeff: Right. So what's your function inside of IBM as being kind of a Node advocate for the community I assume outside the walls of IBM, but then also inside the walls of IBM? >> So, I really have sort of the pleasure to be able to work out in the community. That's the large part of my job. But I also work very closely with our internal teams with a focus on Node.js, supporting it for our bundling products. IBM has about 50-60 products that bundle Node.js. We also support it through our platforms like Bluemix, and so I work with the team who supports those. You know if you're running Bluemix in Node it's the code that we've contributed and built. And our development approach is very much do that out in the community, so if a particular product needs some sort of feature we'll go out and work in the community to do that and then pull that back in to use it. So you see we have about 10 collaborators. I'm one of them and the great thing is that I get to be involved in a lot of the working group efforts like the N-API, the build work groups, the LTS work groups. And, you know, so my role is really to sort of bridge the community work that we do there to our internal needs and consumers as well. >> Right, so how is the uptake in the IBM world of this technology within all the different stats that you guys have? >> I work in the run time technologies team and we were called the Java Technology Center for a number of years, we're now called the Run Time Technology Center because we see it's a polyglot world with Node.js being one of the three key run times you know, it's Node.js, Java and Swift. [Jeff] - Right. >> And, we see that because we see our costumers as well as our products, you know, really embracing Node and using it in all sorts of places. They've mentioned earlier that Bluemix ARPAs is a very heavy user of Node.js in terms of the implementation of the UIs and the backend services, as well as Node.js is the biggest run time in terms of deployments in that environment as well. >> So it's interesting, we had Monica on earlier from Intel. I think you're going to be on a panel with her later today about benchmarking. >> Yeah. >> And she talked about that there's some unique challenges in trying to figure out how to benchmark these types of applications against kind of the benchmark standards of old. I wondered if you could share some of your thoughts on this challenge, and for the folks that aren't going to be here watching the panel, what are some of the topics that you want to make sure that get exposed in that panel. >> So, you know, I've been working with the benchmarking work group. I actually kicked it off a number of years back. The approach that we're following is we want to document the key use cases for Node, as well as the key attributes of the run time, like you know, like starting up fast, being small, the things that have made it successful. [Jeff] - Right. >> As well as the key use cases like a web front end, backend services for mobile, and then fill in that matrix with important benchmarks. I mean that's where one of the challenges comes in; other languages have a more mature and established set of benchmarks that different vendors and different people can use. >> Right. >> Whereas the work in the working group is to try and either find benchmarks and encourage people to write those benchmarks, and pull together a more comprehensive suite that we can use because performance is important to people, and as a community, we really want to make sure that we encourage a rapid pace of change, but be able to have a good handle on what's going on on the other side. >> Jeff: Right. >> And, having the benchmarks in place should be an enabler, in that if we can easily and quickly find out what a change impact has, a positive or negative, that'll help us move things forward as opposed to if you're uncertain it's a lot harder to make the decision as to which way you should go. >> It's funny on benchmarking, right, because on one hand, people can just poo-poo benchmarks because I'm writing my benchmark so that it beats your product and my benchmark, and you can write a benchmark the other way. But I think what you've just touched on is really important; it's really for optimization of what you're doing for improving your own performance over time. That's really the key to the benchmarks. >> Yeah, absolutely, the focus of the work in the benchmarking work group has been on a framework for like regression testing, and letting us make the right decision, not competition. >> Jeff: Right. >> I think that some of the pieces that we develop will perhaps factor into that, but the core focus is to get a good established set, and other individual companies can then maybe use it for other purposes as well. >> Jeff: Right. So Michael before I let you go I just wanted to get your perspective. You work for a big company. >> Michael: Yep. >> I don't think it's this as much anymore; there used to be a lot of opened source conferences people like oh we don't want the big people coming in, they're going to take it over. And to get your perspective of being kind of that liaison between kind of this really organic open source community with Node and big Blue back behind you, and how you kind of navigate that and in your experience of the acceptance of IBM into this community as well as your ability to bring some of that open source essos back into IBM. >> Right. You know, I found that it's been really great. I love this community, they've been very welcoming. I've had no issues at all, you know, getting involved. I think IBM is respected in the way that we've contributed. We're trying to contribute in a very constructive and collaborative way, you know, nothing that we do, do we really do on our own. If you look at the N-API, we're working with other individuals. People from different companies or just individual contributors to come to a consensus on what it should be, and to basically move things forward. So yeah, in terms of a big company coming in, you do hear some concerns, but I haven't seen any on the ground impediments or problems. You know, it's been very welcoming and it's been a great experience. >> Alright, very good. Alright, well, before I let you go, kind of final thoughts on this event where we are. >> It's a great event, I always enjoy being able to come and meet people. A lot of time you work on Git Hub you know somebody's handle, but there's nothing like making that personal connection to be able to like put the face to the name, and I think it affects your ongoing sort of interactions when you're not face-to-face. >> Jeff: Absolutely. >> So it's a really important thing to do, and that's why I like to come to a lot of these events. >> Alright, well Michael Dawson, we'll let you get back to meeting some more developers. Thanks for taking a few minutes out of your day. >> Thank you very much, bye. >> Absolutely, he's Michael Dawson from IBM. I'm Jeff Frick, you're watching theCUBE. Thanks for watching, we'll catch you next time.

>> Hey welcome back everybody Jeff Frick here with theCUBE. We're at Node Summit 2015 in Downtown San Francisco Mission Bay Conference Center. About 800 people talking about nodes, Node JS. The crazy growth in this application development platform and we're excited to have our next guest to talk about security. Which I don't think we've talked about yet. He's Guy Podjarny, I'm sorry. >> Podjarny Correct. >> Welcome, he's a CEO of Snyk, not spelled like Snyk. (laughing) You'll see it on the lower third. >> It's amazing how often we that question. How do you pronounce Snyk? >> Well I know, obviously people that have never had this start up and tried to go through a URL search. >> Indeed. >> Just don't know what's it's all about. >> It's sort of Google dominance. It's short for so now you know. So now you know. >> Oh, so now you know. Okay perfect, super. First off welcome, great to see you. >> Thank you. Thanks for having me. >> You said this is your second year at the conference. Just kind of share your general impressions of what's going on here. >> Sure, well I think Node Summit is an awesome conference. I think this year's event is bigger, better organized. I don't know if it's bigger people wise but definitely feels that way. It sort of feels more structured. It's nice to see in the audience as well. Just an increased amount of larger organizations that are around and talking about their challenges and a little bit a lot earlier in the conference but a little bit of more experienced conversations. So conversations about hey, we've used node and we've encountered these issues versus we're about to use it. We're thinking of using it so definitely can see the enterprise adoption kind of growing up. That's my primary impression so far. >> Yeah and it's it in 'cause you're a start up but Microsoft is here, Google's here, Intel is here, IBM is here so a lot of the big players. Who've demonstrated in other open source communities that they have completely embraced open source as a method and way to get actually more than the software is getting closer to development community. >> Yeah, agreed and I think another adjacent trend that's happening is ServerList and ServerList has grown ridiculously, by massive amounts in these last while. And Node JS is sort of the de facto default language for ServerList. LAM just started with it and AWS and many of the other platforms only support it. I think that contribution also brings the giants a little bit more in here. The Cloud giants but also I think again just sort of boost the Node JS. As though the Node JS echo system needed a boost. They get another amplifier. Just raise enterprise awareness and general usage. >> Okay, so what's the Snyk all about? Gives us, some people aren't familiar with the company. >> Cool, so Snyk deals with open source security and specifically in Node JS, the world of MPMs. MPM is amazing and it allows us to build on the shoulders of giants and all the others in the community. But there are some inherent security risks with just pulling code off the internet and running it in your application. >> Jeff: Right, right. >> What we do at Snyk is we help you find known security flaws, known vulnerabilities in MPM packages, and do that in a natural fashion as part of your continuous development process, and then fix those efficiently and monitor for them over time. That's basically. >> That's your focus is really keeping track of all these other packages that people are using to their development. Precisely and we're helping you just use open source code and stay secure. The word node is our flag ship and it's where we started and build and now we support a bunch of other systems as well. >> It's interesting, Monica from Intel said that in some of their work they found that some of these applications. The actual developers only contributing 2% of the code 'cause they're pulling in all this other stuff. >> Precisely, I have this example I use in a bunch of my talks that shows ServerList example that has 19 lines of codes. Copies some file from URL and puts it on S3. That's 19 lines of codes which is awesome. Uses two packages which in turn use 19 packages which bring in 190,000 lines of code. >> Wow. >> That's a massive-- >> So what is that step function again? Start from the beginning. >> 19 to 190,000. >> It starts at two? >> 19 lines of code use two MPM packages. They use 19 packages because every package uses other packages as well, and combined those 19 packages bring in 190,000 lines of code. >> Wow, that's amazing. That's an extreme example but you see that pattern. You see this again and again that the majority of your code in your applications especially node is not first party it's third party code. >> Jeff: Right. >> And that means most of your security risks. Most of your vulnerabilities, they come from there so there is a lot of challenges around managing dependencies. I know it's called dependency help for a reason but specifically security is still not sufficiently taken care of. It's still overlooked and we need to make sure that it's not just addressed by security people. But it's addressed a part of the development process by developers. >> How do you keep up? Both with the number as the proliferation grows as well as the revisions and versions inside of any particular package? You kind of chasing a multi headed beast there. >> It's definitely tough. First of all the short answer is automation. Any scale solution has to start with automation. I've got a security research team in Israel that has a vulnerability pipeline that feeds in from activity in the open source world. Some developer opens an issue and gets helps that say SQL injection in some package and that disappears into the ether. So we try to surface those, get it to our security analysts, determine if it's a real vulnerability curated in our database, and then just build that database with your own research but a lot of it is around tapping into community. And then subsequently when you consume this if you want to be able to apply security correctly as you develop your applications Node JS or otherwise. It has to come to you. The security tool has to be a seamless integration with how you currently work. If you impose another step, another two steps, another three steps on the developers. They're just not going to use it. That's a lot of our emphasis is scale on the consumption and the tracking of the database and simplicity and ease of use on the developer on the user side. >> And do you help with just like flagging. Flagging is a problem or is there an alternative. I mean I would imagine with all these interdependencies, you find one rotten apple kind of have a huge impact. It's a huge scale of impact right. >> Absolutely so we do really what our moniker is that we don't find vulnerabilities, we fix them and our goal is to fix vulnerabilities. So we actually, first of all in the flow we have single click, open a fixed PR. We figure out what changes we need to do. What upgrades you need to make the vulnerability go away. Literally click a button to fix it. Put on one bat for everything and then what we also do. We build patches, sort of a little known fact is in the world of operation systems RedHat and Canonical. They build a lot of fixes or they back port a lot open source fixes, and they put them into their repository. You can just say on updates or upgrade and just get those fixes. You don't even know which vulnerabilities you're fixing. You're just getting the fixes so we build patches for our MPM packages as well to allow you to patch vulnerabilities you can not upgrade away. A lot of it is around fix. Make fix easy. >> Right and then the other part as you said is baking security in the development all the way through which we hear over and over and over. >> Build it in and bolt it in. >> The cast in method doesn't work anymore. You've got to have it throughout the application so you said you're speaking on a panel tomorrow. And I wondered if you can just highlight some of the topics for tomorrow for the folks that aren't going to be here and see the panel. When you look at ServerList security. Say that three times fast. What are some of the real special challenges that people need to be thinking about? >> Sure, so you know I actually have two talks tomorrow. One is a panel on Node JS security as a whole and that's sort of a broader panel. We have a few other colleagues in there and we talk about the evolution of Node JS security that includes the platform itself which is increasingly well handled by the foundation. Definitely some improvements there over the years and some of it is around best practices like the ones that was just discussed which is understanding known pitfalls and Node JS sort of security mistakes that you might do as well as handling the MPM echo system. The other talk that I have later in the day is around ServerList security. ServerList security is interesting because a lot of the promise of ServerList is function as a service is that a lot of the concerns. A lot of the earlier or lower levels get abstracted away from you. You don't need to manage servers. You don't need to manage operation systems and with those auto security concerns go away. Which in turns focuses the attackers and should focus you on the application. As attackers are not just going to give up because they can't hack the operating system that the pros are managing. They would look at the next low hanging fruit and that would be the application. Platform as a service and function as a service really increase the importance of dealing with application security as a whole. So my talk is a lot about that but also deals with other security concerns that you might of course any new methodology introduces its own concerns so talk a little bit about how to address those. ServerList like Node JS is an opportunity to build security into the culture and into our methodologies from the early day so trying to help us get that right. >> Alright, as you look forward, the next 12 months. I won't say more than 12 months, 6 months, 9 months, 12 months. What are some of your priorities at Snyk? What are you working on if we get together a year from now, what will we be talking about? I think, so two primary ones. One is continuing the emphasis on fix. Making fixing trivial in the Node JS environments as well as others. I think we've done well there but there is more work to be done. It needs to be as seamless as possible. The other aspect is indeed in this sort of past and fast world and platform and function as a service. Where increasingly there is this awareness as we work with different platforms to the blind spot that they have to open source libraries. They fix your NGX vulnerabilities but not your express vulnerabilities. I sometimes refer to MPM packages or open source packages as sprinkles of infrastructure that are just scattered through your application. And today, all of these Cloud platforms are blind to it so I expect us at Snyk to be helping past and fast users dealing with that security concerns efficiently. >> Alright, well I look forwards to the conversation. >> Thanks. >> Thanks for stopping by. >> Thank you. >> He's Guy Podjarny. He is from Snyk. The CEO of Snyk. I'm Jeff Frick, you're watching theCUBE. (uptempo techno music)

(switch clicking) >> Hey, welcome back, everybody. Jeff Frick, here with theCUBE. We're at the Mission Bay Conference Center in downtown San Francisco at Node Summit 2017. TheCUBE's been coming here for a number of years. In fact, Ryan Dahl's one of our most popular interviews in the history of the show, talking about Node. And, the community's growing, the performance is going up and there's a lot of good energy here, so we're excited to be here and there's a lot of big companies that maybe you would or wouldn't expect to be involved. And, we're excited to have Gaurav Seth. He is the Product Manager for Several Things JavaScript. I think that's the first time we've ever had that title on. He's from Microsoft. Thanks for stopping by. >> Yeah, hey, Jeff, nice to be here. Thanks for having me over. >> Absolutely, >> Yes. >> so let's just jump right into it. What is Microsoft doing here in such a big way? >> So, one of the things that Microsoft is, like, I think we really are, now, committed and, you know, we have the mantra that we are trying to follow which is any app, any developer, any platform. You know, Node actually is a great growing community and we've been getting soaked more and more and trying to help the community and build the community and play along and contribute and that's the reason that brings us here, like, it's great to see the energy, the passion with people around here. It's great to get those connections going, have those conversations, hear from the customers as to what they really need, hear from developers about their needs and then having, you know, a close set of collaboration with the Core community members to see how we can even evolve the project further. >> Right, right, and specifically on Azure, which is interesting. You know, it's been interesting to watch Microsoft really go full bore into cloud, via Azure. >> Right. >> I just talked to somebody the other day, I was talking about 365 being >> Uh huh. >> such a game-changer in terms of cloud implementation, as a big company. There was a report that came out about, you know, the path at 20 billion, >> Right. >> so, clearly, Microsoft is not only all-in, but really successfully >> Right. >> executing on that strategy >> Yeah, I mean-- >> and you're a big piece of that. >> Yes, I mean, I think one of the big, big, big pieces, really, is as the developer paradigms are changing, as the app paradigms are changing, you know, how do you really help make developers this transition to a cloud-native world? >> Right, right. >> How do you make sure that the app platforms, the underlying infrastructure, the cloud, the tools that developer use, how do you combine all of them and make sure that you're making it a much easier experience for developers to move on >> Right. >> from their existing paradigms to these new cloud-native paradigms? You know, one of the things we've been doing on the Azure side of the house and when, especially when we look at Node.js as a platform, we've been working on making sure that Node.js has a great story across all the different compute models that we support on Azure, starting from, like, hey, if you you want to do server list of functions, if you want to do BasS, if you want to go the container way, if you want to just use WEAMS, and, in fact, we just announced the Azure container instances, today, >> Right. >> so it's, one of the work, some of the work we are doing is really focused on making sure that the developer experiences as you migrate your workloads from old traditional, monolithic apps are also getting ready to move to this cloud native era. >> Right, so it's an interesting point of view from Microsoft 'cause some people, again, people in-the-know already know, but a lot of people maybe don't know, kind of, Microsoft's heritage in open source. We think, you know, that I used to buy my Office CD, >> Right. >> and my Outlook CD >> Right. >> you know, it's different, especially as you guys go more heavily into cloud, >> Right. >> you need to be more open to the various tools of the developer community. >> That's absolutely true and one of the focus areas for us, really, has been, you know, as we think through the cloud-native transition, what are the big pieces, the main open source tools, the frameworks that are available and how do we provide great experiences for those on Azure? >> Right, right. >> Right, because, at times, people come with the notion that, hey, Azure probably might just be good for dot NET or might just be good for Windows, but, you know, the actual fact, today, is really that Azure has great supporting story for Linux, Azure has great story for a lot of these open source tools and we are continuing to grow our story in that perspective. >> Right. >> So, we really want to make sure that open source developers who come and work on our platform are successful. >> And then, specifically for Node, and you're actually on the Board, so you've got >> Right. >> a leadership position, >> Yep. >> when you look at Node.js within the ecosystem of opensource projects and the growth that we keep hearing about in the sessions, >> Yep. >> you know, how are you, and you specifically and Microsoft generally, kind of helping to guide the growth of this community and the development of this community as it gets bigger and bigger and bigger? >> Right, I think that's a great question. I think from my perspective, and also Microsoft's perspective, there are a bunch of things we are actually doing to engage with the community, so I'll kind of list out three or four things that we are doing. I think the first and foremost is, you know, we are a participant in the Node.js Foundation. >> Right. >> You know, that's where like, hey, we kind of look at the administrative stuff. We are a sponsor of, you know, at the needed levels, et cetera, so that's just the initial monetary support, but then it gets to really being a part of the Node Core Committee, like, as we work on some of the Core pieces, as we evolve Node, how can we actually bring more perspectives, more value, into the actual project? So, that's, you know, we have many set of engineers who are, right now, working across different working groups with Node and helping evolve Node. You know, you might have heard about the NAPI effort. We are working with the Diagnostics Working Group, we are working with the Benchmarking Working Group and, you know, bringing the thing. The third thing that we did, a while back, was we also did this integration of bringing Chakra which is the JavaScript Runtime from Microsoft that powers Microsoft Edge. We made Node work with Chakra because we wanted to bring the power of Node to this new platform called Windows IoT >> Right, right. >> and, you know, the existing Node could not get there because some of the platform limitations. So, those are like some of the few examples that we've, and how we've been actually communicating and contributing. And then, I think the biggest and the foremost for me, really, are the two pillars, like when I think about Microsoft's contribution, it's really, like, you know, the big story or the big pivot for us is, we kind of go create developer tools and help make developer live's easier by giving them the right set of tools to achieve what they want to achieve in less time, be more productive >> Right, right. >> and the second thing is, really, like the cloud platforms, as things are moving. I think across both of those areas, our focus really had been to make sure that Node as a language, Node as a platform has great first-class experiences that we can help define. >> Right. Well, you guys are so fortunate. You have such a huge install base of developers, >> Right. >> but, again, traditionally, it wasn't necessarily cloud application developers and that's been changing >> Yep. >> over time >> Yep. >> and there's such a fierce competition for that guy, >> Yep. >> or gal, who wakes up >> Yep. >> in the morning or not, maybe, the morning, at 10:00, >> Yep. >> has a cup of coffee >> Yep. >> and has to figure out what they're going to develop today >> Right. >> and there's so many options >> Right. >> and it's a fierce competition, >> Right. >> so you need to have an easy solution, you need to have a nice environment, you need to have everything that they want, so they're coding on your stuff and not on somebody else's. >> That's true, I mean I, you know, somehow, I kind of instead of calling it competition, I have started using this term coopetition because between a lot of the companies and vendors that we talk about, right, it's more about, for all of us, it's working together to grow the community. >> Right. >> It's working together to grow the pie. You know, with open source, it's not really one over the other. It's like the more players you have and the more players who engage with great ideas, I think better things come out of that, so it's all about that coopetition, >> rather than competition, >> Right. >> I would say. >> Well, certainly, around and open source project, here, >> Yes, exactly. >> and we see a lot of big names, >> Exactly. >> but I can tell you, I've been to a lot of big shows where they are desperately trying to attract >> Right, right, yes. >> the developer ecosystem. "Come develop on our platforms." >> Yes, yes. >> So, you're in a fortunate spot, you started, >> Yes, I mean that-- >> not from zero, but, but open source is different >> Yes. >> and it's an important ethos because it is much more community >> Exactly, exactly. >> and people look at the name, they don't necessarily look at the title >> Exactly. >> or even the company >> Yep, exactly. >> that people work for. >> Exactly, and I think having more players involved also means, like, it's going to be great for the developer ecosystem, right, because everybody's going to keep pushing for making it better and better, >> Right. >> so, you know, as we grow from a smaller stage to, like, hey, there's actually a lot of enterprised option of these use case scenarios that people are coming up with, et cetera, it's always great to have more parties involved and more people involved. >> Gaurav, thank you very much >> Yeah. >> and, again, congratulations on your work here in Node. Keep this community strong. >> Sure. >> It looks like you guys are well on your way. >> Yeah. Thanks, Jeff. >> All right. >> Thanks for your time, take care, yeah. >> Guarav Seth, he's a Project Lead at Microsoft. I'm Jeff Frick. You're watching theCUBE from Node Summit 2017. Thanks for watching. (upbeat synthpop music)

>> Hey welcome back everybody. Jeff Frick here at theCUBE. We're at Node Summit 2017 in Downtown San Francisco. 800 people hanging out at the Mission Bay Conference Center talking about development and really monumental growth curve. One of the earlier presenters have one project last year. I think 15 this year, 22 in development and another 75 toy projects. The development curve is really steep. IBM's here, Microsoft, Google, all the big players so there is a lot of enterprise momentum as well and we're happy to have our next guest. Who's really started this show and one of the main sponsors of the show He's Charles Beeler. He's a general partner at Rally Ventures. Charles great to see you. >> Good to be back. Good to see you. >> Yeah, absolutely. Just kind of general impression. You've been doing this for a number of years I think when we talked earlier. Ryan Dawles interview from I don't even know what year it is I'd have to look. >> 2012, January 2012. >> 2012. It's still one of our most popular interviews of all the thousands we've done on the theCUBE, and now I kind of get it. >> Right place, right time but it was initially a lot. In 2011, we were talking about nodes. Seemed like a really interesting project. No one was really using it in a meaningful way. Bryan Cantrell from Joint. I know you all have talked before, walked me through the Hello World example on our board in my office, and we decided let's go for it. Let's see if we can get a bunch of enterprises to come and start talking about what they're doing. So January 2012, there were almost none who were actually doing it, but they were talking about why it made sense. And you fast forward to 2017, so Home Away was the company that actually had no apps. Now 15, 22 in development like you were mentioning and right now on stage you got Twitter talking about Twitter light. The breath and it's not just internet companies when you look at Capital One. You look at some of the other big banks and true enterprise companies who are using this. It's been fun to watch and for us. We do enterprise investing so it fits well but selfishly this community is just a fun group of people to be around. So as much as this helps for our rally and things. We've always been in awe of what the folks around the node community have meant to try to do, and it did start with Ryan and kind of went from there. It's fun to be back and see it again for the fifth annual installment. >> It's interesting some of the conversations on stage were also too about community development and community maturation and people doing bad behavior and they're technically strong. We've seen some of these kind of growing pains in some other open source communities. The one that jumps out is Open Stack as we've watched that one kind of grow and morph over time. So these are good. There's bad problems and good problems. These are good growing pain problems. >> And that's an interesting one because you read the latest press about the venture industry and the issues are there, and people talk more generally about the tech industry. And it is a problem. It's a challenge and it starts with encouraging a broad diverse group of people who would be interested in this business. >> Jeff: Right, right. >> And getting into it and so the node community to me is always been and I think almost any other out source community could benefit at looking at not just how they've done it, but who the people are and what they've driven. For us, one of the things we've always tried to do is bring a diverse set of speakers to come and get engaged. And it's really hard to go and find enough people who have the time and willingness to come up on stage and it's so rewarding when you start to really expose the breath of who's out there engaged and doing great stuff. Last year, we had Stacy Kirk, who she runs a company down in L.A. Her entire team pretty much is based in Jamaica brought the whole team out. >> Jeff: Really? >> It was so much fun to have whole new group people. The community just didn't know, get to know it and be in awe of what they're building. I thought the electron conversation. They were talking about community, that was Jacob from GitHub. It's an early community though. They're trying to figure it out. On the Open Stack side, it's very corporate driven. It's harder to have those conversations. In the node community, it's still more community driven and as a result they're able to have more of the conversation around how do we build a very inclusive group of people who can frankly do a more effective job of changing development. >> Jeff: Right, well kudos to you. I mean you open up the conference in your opening remarks talking about the code of conduct and it's kind of like good news bad news. Like really we have to talk about what should basically be. It's common sense but you have to do it and that's part of the program. It was Woman Attack Wednesday today so we've got a boat load of cards going out today with a lot of the women and it's been proven time and time again. That the diversity of opinions tackling any problem is going to lead to a better solution and hopefully this is not new news to anybody either. >> No and we have a few scholarship folks from Women who code over here. We've done that with them for the last few years but there are so many organizations that anyone who actually wants to spend a little time figuring out how can I be apart of the, I don't know if I'd call it solution but help with a challenge that we have to face. It's Women who code. It's Girls who code. It's Black girls code and it's not just women. There's a broad diverse set of people we need to engage. >> Jeff: Right, right. >> We have a group here, Operation Code who's working with Veterans who would like to find a career, and are starting to become developers and we have three or four sponsored folks from Operation Code too. And again, it's just rewarding to watch people who are some of the key folks who helped really make node happen. Walking up to some stranger who's sort of staring around. Hasn't met anybody. Introduce himself say, "Hey, what are you interested in "and how can I help?" And it's one of the things that frankly brings us back to do this year after year. It's rewarding. >> Well it's kind of interesting piece of what node is. Again we keep hearing time and time again. It's an easy language. Use the same language for the front end or the back end. >> Yep. >> Use a bunch of pre-configured model. I think Monica from Intel, she said that a lot of the codes they see is 2% is your code and everything you're leveraging from other people. And we see in all these tech conferences that the way to have innovation is to label more people to contribute. That have the tools and the data and that's really kind of part of what this whole ethos is here. >> And making it. Just generally the ethos around making it easier to develop and deploy. And so when we first started, Google was nowhere to be found and Microsoft was actually already here. IBM wasn't here yet and now you look at those folks. The number of submissions we saw for talk proposals. The depth of engagement within those organizations. Obviously Google's got their go and a bunch of it but node is a key part of what they're doing. Node and I think for both IBM and also for Google is the most deployed language or the most deployed stack in terms of what they're seeing on their Cloud, Which is why they're here. And they're seeing just continued growth, so yeah it drives that view of how can we make software easier to work with, easier to put together, create and deploy and it's fun to watch. Erstwhile competitors sitting comparing notes and ideas and someone said to me. One of the Google folks, Miles Boran had said. Mostly I love coming to this because the hallway chatter here is just always so fascinating. So you go hear these great talks and you walk out and the speakers are there. You get to talk to them and really learn from them. >> I want to shift gears a little. I always great to get a venture capitalist on it. Everybody wants to hear your thoughts and you see a lot of stuff come across your desk. As you just look at the constant crashing of waves of innovation that we keep going through here and I know that's apart of why you live here and why I do too. And Cloud clearly is probably past the peak of the wave but we're just coming into IoT and internet of things and 5G which is going to be start to hit in the near future. As you look at it from an enterprise perspective. What's getting you excited? What are some of the things that maybe people aren't thinking about that are less obvious and really the adoption of enterprises of these cutting edge technologies. Of getting involved in open source is really phenomenal thing of environment for start ups. >> Yeah and what you're seeing as the companies, the original enterprises that were interested in nodes. You decided to start deploying. The next question is alright this worked, what else can we be doing? And this is where you're seeing the advent of first Cloud but now how people are thinking about deployment. There's a lot of conversation here this week about ServerList. >> Jeff: Right, right. We were talking about containers. Micro services and next thing you know people are saying oh okay what else can we be doing to push the boundaries around this? So from our perspective, what we think about when we think about when we think of enterprise and infrastructure and Dev Ops et cetera is it is an ever changing thing. So Cloud as we know it today is sort, it's done but it's not close to being finished when you think about how people are making car-wny apps and deploying them. How that keeps changing, questions they keep asking but also now to your point when you look at 5G. When you look at IoT, the deployment methodology. They're going to have to change. The development languages are going to change and that will once again result in further change across the entire infrastructure. How am I going to go to place so I would say that we have not stopped seeing innovative stuff in any of those categories. You asked about where do we see kind of future things that we like. Like NEVC, if I don't say AI and ML and what are the other ones I'm suppose to say? Virtual reality, augmented reality, drones obviously are huge. >> It's anti drones. Drone detection. >> We look at those as enabling technology. We're more interested from a rally perspective and applied use of those technologies so there's some folks from GrowBio here today. And I'm sure you know Grail, right they raise a billion dollars. The first question I asked the VP who is here. I said, did you cure cancer yet? 'Cause it's been like a year and a half. They haven't yet, sorry. But what's real interesting is when you talk to them about what are they doing. So first they're using node but the approach they're taking to try to make their software get smarter and smarter and smarter by the stuff they see how they're changing. It's just fundamentally different than things people were thinking about a few years ago. So for us, the applied piece is we want to see companies like a Grail come in and say, here's what we're doing. Here's why and here's how we're going to leverage all of these enabling technologies to go accomplish something that no one has ever been able to do before. >> Jeff: Right, right. And that's what gets us excited. The idea of artificial intelligence. It's cool, it's great. I love talking about it. Walk me through how you're going to go do something compelling with that. Block chain is an area that we're spending, have been but continue to spend a lot of time looking right now not so much from a currency perspective. Just very compelling technology and the breath of our capability there is incredible. We've met in the last week. I met four entrepreneurs. There are three of them who are here talking about just really novel ways to take advantage of a technology that is still just kind of early stages, from our perspective of getting to a point where people can really deploy within large enterprise. And then I'd say the final piece for us and it's not a new space. But kind of sitting over all of this is security. And as these things change constantly. The security needs are going to change right. The foot print in terms of what the attack surface looks like. It gets bigger and bigger. It gets more complex and the unfortunate reality of simplifying the development process is you also sometimes sort of move out the security thought process from a developer perspective. From a deployment perspective, you assume I've heard companies say well we don't need to worry about security because we keep our stuff on Amazon. As a security investor, I love hearing that. As a user of some of those solutions it's scares me to death and so we see this constant evolution there. And what's interesting you have, today I think we have five security companies who are sponsoring this conference. The first few years, no one even wanted to talk about security. And now you have five different companies who are here really talking about why it matters if you're building out apps and deploying in the Cloud. What you should be thinking about from a security perspective. >> Security is so interesting because to me, it's kind of like insurance. How much is enough? And ultimate you can just shut everything down and close it off but that's not the solution. So where's the happy medium and the other thing that we hear over and over is it's got to be baked in all the layers of the cake. It can't just be the castle and moat methodology anymore. >> Charles: Absolutely. >> How much do you have? Where do you put it in? But where do you stop? 'cause ultimately it's like a insurance. You can just keep buying more and more. >> And recognize the irony of sitting here in San Francisco while Black Hat's taking place. We should both be out there talking about it too. (laughing) >> Well no 'cause you can't go there with your phone, your laptop. No, you're just suppose to bring your car anymore. >> This is the first year in four years that my son won't be at DEF CON. He just turned seven so he set the record at four, five and six as the youngest DEF CON attendee. A little bitter we're not going this year and shout out because he was first place in the kid's capture the flag last year. >> Jeff: Oh very good. >> Until he decided to leave and go play video games. So the way we think about the question you just asked on security, and this is actually, I give a lot of credit to Art Covella. He's one of our venture partners. He was the CEO at our safe for a number of years. Ran it post DMC acquisition as well is it's not so much of a okay, I've got this issue. It could be pay it ransom or whatever it is. People come in and say we solve that. You might solve the problem today but you don't solve the problem for the future typically. The question is what is it that you do in my environment that covers a few things. One, how does it reduce the time and energy my team needs to spend on solving these issues so that I can use them? Because the people problem in security is huge. >> Right. >> And if you can reduce the amount of time people are doing automated. What could be automated task, manual task and instead get them focused on hired or bit sub, you get to cover more. So how does it reduce the stress level for my team? What do I get to take out? I don't have unlimited budget. That could be buying point solutions. What is it that you will allow me to replace so that the net cost to me to add your solution is actually neutral or negative, so that I can simplify my environment. Again going back to making these work for the people, and then what is it that you do beyond claiming that you're going to solve a problem I have today. Walk me through how this fits into the future. They're not a lot of the thousands of-- >> Jeff: Those are not easy questions. >> They're not easy questions and so when you ask that and apply that to every company who's at Black Hat today. Every company at RSA, there's not very many of that companies who can really answer that in a concise way. And you talk to seesos, those are the questions they're starting to ask. Great, I love what you're doing. It's not a question of whether I have you in my budget this year or next. What do I get to do in my environment differently that makes my life easier or my organization's life easier, and ultimately nets it out at a lower cost? It's a theme we invest in. About 25% of our investments have been in the securities space and I feel like so far every one of those deals fits in some way in that category. We'll see how they play out but so far so good. >> Well very good so before we let you go. Just a shout out, I think we've talked before. You sold out sponsorship so people that want to get involved in node 2018. They better step up pretty soon. >> 2018 will happen. It's the earliest we've ever confirmed and announced next year's conference. It usually takes me five months before >> Jeff: To recover. >> I'm willing to think about it again. It will happen. It will probably happen within the same one week timeframe, two week timeframe. I actually, someone put a ticket tier up for next year or if you buy tickets during the conference the next two days. You can buy a ticket $395 for today. They're a $1000 bucks. It's a good deal if people want to go but the nice thing is we've never had a team that out reaches the sponsors. It's always been inbound interest. People who want to be involved and it's made the entire thing just a lot of fun to be apart of. We'll do it next year and it will be really fascinating to see how much additional growth we see between now and then. Because based on some of the enterprises we're seeing here. I mean true Fortune 500, nothing to do with technology from a revenue perspective. They just used it internally. You're seeing some really cool development taking place and we're going to get some of that on stage next year. >> Good, well congrats on a great event. >> Thanks. And thanks for being here. It's always fun to have you guys. >> He's Charles Beeler. I'm Jeff Frick. You're watching theCUBE, Node Summit 2017. Thanks for watching. (uptempo techno music)

(upbeat music) >> Live from the Mission Bay Conference Center in San Francisco, California, it's theCUBE at Google Cloud Platform Live. Here are your hosts, John Furrier and Jeff Frick. >> Okay welcome back everyone, we are live. This is theCUBE in San Francisco, California for Google Platform Conference Live, their developer conference for the cloud. I'm John Furrier, the founder of SiliconANGLE, Jeff Frick, my cohost, and we're excited to have CUBE alumni but also man about town coming to talk about containers, Kubernetes. We have Craig McLuckie, product manager at Google. Named the product Kubernetes. Welcome back. >> Thank you. It's great to be back on theCUBE. >> As I said, you're the man about town. Containers are the hottest thing going on. Really enabling a lot of new change. A lot of solidarity in the developer community around bringing cloud together, right? You're seeing people go, wow, containers are not a new concept. Docker has brought together the concept and made a huge push, just the ball got moved down the field big time. And then Kubernetes kind of tying it all together and you guys are open sourcing it. I wanted to first talk about, from your perspective, what's changed since VMware where we had a great conversation around Kubernetes? Obviously that was front and center in VMware's show, which is a huge IT enterprise vote of confidence. So now, here at Google, core developers. Large scale, backend network interconnect stuff going on. You almost connect the dots, right? Native developers really cranking out the apps? Large scale interconnect? There's a lot in the middle there between those bookends. What's changed? >> So a couple things I think have changed since I last spoke to theCUBE at VMworld. The first is we've seen an amazing amount of velocity around the Kubernetes community. Not just what Google's been doing but also what our open source community members have been contributing. And we're seeing a very fast acceleration of the overall platform. Moving quickly towards operation maturity, you know getting closer to production readiness and introducing a lot of features that are really need to both run real world applications and to go to new place, to go to a variety of new clouds. We're seeing the reality of a very highly portable and maturing way to build container based applications emerging. That's been very exciting. I think the other thing that's really interesting here is the way that we at Google have been introducing Kubernetes directly into the Google Cloud platform. Today we announced a new product called Google Container Engine which provides the quickest and easiest way to get a Kubernetes cluster up and running and managed for you on Google Cloud platform. And we're very excited about how easy it's making it for our customers to access this new way of building applications. >> Talk about this Container Engine because obviously App Engine's had huge success. Little bit of learning curve but you guys have some core front end developers that you're making that easier now but what is a Container Engine? Is it a Docker engine? Is it Docker compatible? Is it a whole new animal? What it is? What is it? >> That's great, I'm glad you asked that question. I would start by saying this, at Google we have Google Compute Engine which offers powerful, flexible, fast breeding VMs and at the other end of the spectrum we've had App Engine which offers a highly managed, very efficient way to get web applications up and running. And what we've encountered with our customers is that there is no natural way to move from one world to the other world. There's no connective tissue that exists in the middle that let's our customers think about building applications that are running on a cloud computer rather than just running on a virtual machine. And so what Google Container Engine is is a technology that let's our customers program at the cluster level. So Docker has provided this amazingly productive way to package up an application and deploy it into a node. Docker has done a great job of taking a lot of technologies that existed and making them incredibly accessible to developers. But the reality, in our experience, is that at least 80% of our customer's cost of maintaining applications comes out of the operation space so Kubernetes and Google Container Engine are an operationally viable way to build these distributed applications. It really moves our customers from thinking about deploying things into individual virtual machines to instead saying, hey, I'm just going to drop this into this cluster and it will all be wired together so I can take these little Lego building blocks I've got called containers, piece them together in ways that are intuitive and then have a very smart and effective system to run those for me on my behalf.. >> So basically a pool of VMs could be available to developer, if I get this right? So you're saying, I'm a developer, I don't have to worry about the dependencies by VMware, by VMware versus another form factor? I just let the container deal with that? Is that-- >> What we've done, yes, that's exactly right, we've created this strong separation between infrastructure operations and application operations. Docker has created a portable framework to take basically a binary and run it anywhere which is an amazing capability. But that's not enough. You also need to be able to manage that with a framework that can run anywhere so the union of Docker and Kubernetes provides this framework where you're completely abstracted from the underlying infrastructure. You could use VMware, you could use Red Hat Open Stack deployment, you could run on another major cloud provider like Rack Space or IBM and you could just build this application and deploy it there and experience this very powerful cluster first way of building and managing that app. >> Cluster first, I haven't heard that one. >> It's not a cluster you-know-what, it's a cluster first. (laughing) That trumps cloud first from Microsoft but let's go back to Kubernetes. You named the product, what does it mean? I mean it's kind of a, you don't look at a tech name, you say, it's not like alpha one, ya know? >> Kubernetes is the Greek word for the helmsman of a ship. I was looking to find a name and turns out, there's a lot of cluster management technologies and a lot of the obvious names were taken and so I had the inspiration of what is this doing? It's actually the thing that's overseeing the whole of your operation, and is planning what goes where and managing it. So Kubernetes is the helmsman of your cluster group, it's the thing that manages it. >> Did you design the algorithm to stay away from icebergs? (laughing) That's the key thing, you don't want to crash the system. But that's the challenge, you know, just joking aside, orchestration is really a hard thing. That's been a cloud phenomenon, automation. Everyone's been talking about, oh we have management software that automates and orchestrates cloud resources. But now in a cloud environment, it's more challenging now. Talk about what Kubernetes does different than older approaches to orchestration. >> I think is a very, very important consideration. When I look at the way that orchestration's been done traditionally, you tend to think about your application as being deeply tied to the underlying piece of infrastructure, so your orchestration process is provision me a basic machine, go get the packages I need, deploy my application pieces, wire it in explicitly to all the other pieces of my system and so you have to kind of build this relatively fragile system where all the piece are tied together and deeply coupled. What Kubernetes has done is provide a framework where you have a very principled, almost Lego building block that you can stick together and say, I want one of these things, I want it replicated six times, and I want it wired in to these other pieces without actually having to know about where those other pieces are deployed, how they relate to one another. It really is realizing this highly decoupled, very principled way of thinking about your environment as a cluster where you just drop your packages in and they're all wired together using virtualized networking and using this cluster centric paradigm and it radically, radically reduces the cost of operations. I could just give you an example of that. In the old days of Google, before we had these technologies inside the house, it was all we could do to keep the lights on. Like every day was an adventure, it was very hard, because our operations had our application pieces deeply tied into the physical infrastructure. When we introduced the system internally known as Borg, we changed the game. In less than a year-- >> Hold on, name is Borg? >> What was it called? >> Borg? >> Borg. >> Borg. >> Internally known as Borg. (laughing) >> Like connected to everything, like the Microsoft Borg, that's at Microsoft but Microsoft used to be called-- >> I was thinking more Arnold Schwarzenegger, but that's alright. >> Continue. I just wanted to make sure we heard that right. >> We literally doubled the number of production services we were running within a year. It's just so much easier to run things at scale. >> So provisioning, managing, it just makes a smoother operation? Smooth sailing if you will? >> It's really trying to hide provision, managing, right? You're basically, I have an app and I want to build it easily and then I want to deploy it easily and then I want it to be able to scale easily. >> Yes. >> Without having to go back and reconnect it to more stuff. It's funny because I think most people think that that's what clouds have already always done, right? There's basically compute, a networking and storage that's just in small units, virtually available to assemble however I want. But you say it, I used to have to still assemble it and disassemble it, now it's just-- >> Exactly. >> It's just plugging in. >> That's the challenge. The way we've seen cloud evolving has disappointed us a little bit because it really is just a re manifestation of the same existing first generation way of thinking about application development, application provisioning. If you challenge a lot of the fundamental assumptions, if you really step back and think about is there a better way to do this? If I have all this incredibly fungible resource that can turn up and turn down, is there a better way to build applications? Kubernetes is our invitation to the community to participate in defining that thing. We think it is a better way to build applications. We know it because we've been doing this for 10 years and it works really well for us. >> So talk about the open source angle because one, Kubernetes is open source, we've reported that live when we last chatted. Docker has huge success with their open source model. That's not well known in the main world, how the nuance and developers really are engaged and motivated to play with Docker which has it's own flywheel effect which is very viral in network effect. What's your strategy with Kubernetes? Is it standard open source blocking and tackling? Is there things you're doing to prime the pump? Is there a magical formula you guys are really nurturing and fostering? >> I am very happy with the way that the projects been run and it's been humbling to see the amount of adoption success we've had. I think that this manner of operating where we built Kubernetes as an open source project with the community, and then we take it and take exactly that and we turn it into a service and add a lot high value capabilities to it, is a pattern that's working very well for us. It's massively increased our velocity because it's not just us that are actually developing the project, we have amazing contributions from people like Red Hat. They're putting a lot of time and effort into making this thing great. Our friends at CoreOS are putting a lot of effort into it. We're able to do more because it's just more people working on it, so the velocity is far higher. The second thing is that we were able to go straight to an open offer. Normally we do these early adopter programs hidden behind the curtain, try to figure stuff out and do a lot of iteration. We didn't have to do that because the community has built the API with us, our customers have been working directly with us to shape the API. We know it's going to work for them. >> And that's helped you guys, so your differentiation doesn't really conflict with the community? >> Absolutely not. We recognized as we moved from a cloud that's worked mostly in the start up community and with internet facing companies to a cloud that's really engaging mainstream business. Our customers want multi cloud. It's critical to them. They want to be able to run in hybrid cloud. They want to have multi cloud provider relationships. They don't want to just rely on one provider and so our framework that works well everywhere but works especially well on Google, serves our business very well. >> Getting some great prompts on Crowd Chat so thanks for coming on theCUBE, always great to chat with you. You're in a hot area, we'd love to pick your brain but I want you to address three things I'm going to say to you, get your thoughts on. >> Okay. >> It can be your Google perspective, could be your own geeky perspective. Perimeter-less IT, multi cloud and mobile infrastructure. Three of the hottest areas on the planet right now in terms of people looking at investments, retooling, trying to figure things out, perimeter-less IT. Obviously perimeter IT, perimeter based security? >> Sure. >> Kind of goes away with the cloud right? >> Yeah. >> But you still need security, it's perimeter-less, so what does that mean? How do people understand and grasp that concept? >> I'm not sure I'm the right person to speak to perimeter less IT but I can say that-- >> Just in general. >> When I think about it, I think there's a couple of things that are happening here that are really interesting. When I look at the idea of perimeter-less IT, when I look at the idea of what I consider the democratization of IT, if you will, we've lived in a world where most businesses have been beholden to a specific organization that's controlled their provisioning, the policies and the set of bits they can use, everything's been controlled and IT hasn't been well loved by and large. We're moving into a world where it's a much more open ecosystem. Departments are far more empowered, anyone with a corporate credit card can go and get a machine and that's creating amazing agility and velocity for businesses. But it's introducing-- >> Creativity, too. >> A lot of creativity, but it's introducing a lot of pain as well. The hard thing is going to be creating a smart framework that allows empowered decentralization. Going from this world of highly controlled to decentralized empowerment, and I think that's where we're going to see a lot of interest from folks that are operating in the airplay space. >> Okay, multi cloud, just in general. Will people move to multiple clouds? Do you see that? UberClouds, we had Bitnami in earlier like, ah, people aren't really going to multiple clouds. They're not interested in moving workloads. Is that a state of the current situation or will it evolve to workloads anywhere? >> Multi cloud is the reality of our world. There's no serious customer I've spoken to in the last six months that has not been interested in a multi cloud relationship. Sorry, that's not true, there's no enterprise customer I've spoken to the last six months. >> That has not been interested? >> That has not been interested in multi cloud. >> And the reason is? >> In some ways. >> It's for what, resources? >> There's a couple of reasons. One is a lot of companies want to have just a multi provider relationship. They don't want to be beholden to a single cloud provider and frankly almost every customer I speak to has a massive investment in on premise infrastructure. They want to move away from a lot of the pain associated with managing that, but it's not going to happen overnight. Hybrid cloud is going to exist for quite a while. >> This is back to your empowered decentralization theme. >> And we have to provide them the tools to do that. We have to create positive pressure that moves them from those clouds to the public cloud. >> Final concept, and I've heard this a lot, kind of leads into the keynote, not necessarily the words but almost reeking of this concept of mobile infrastructure. I mean, mobile first, cluster first, kind of enables mobile first but mobile is obviously a form factor, whether it's an internet of things as a human or a device, doesn't matter it's still an endpoint the network. >> Yeah. >> It's a multitude of millions of devices so what is mobile infrastructure? Is it different? Is it the same? What's your take on it? >> It's an interesting question and the reality of our world is it's a mobile world. It's almost folly to do anything but think about mobile as the primary vehicle for customers, consumers and everyone else to interface with the internet, with the web. It certainly introduces an interesting set of challenges to application developers. I think one of the things that I am most sort of interested in cracking from a cloud provider's perspective is the world of multiple devices where you have a large set of devices in different form factors that are ultimately presenting a view of the same set of data, the same set of information and creating a set of experiences that work well in that multi device space. Moving away from a world where state is bound to a device to a world where state is based in your cloud and your device is simply providing a view or a way to interface with that data. We still have a way to go before that is fully materialized but I think that's going to be a big sort of anchor point of a lot of mobile development in the space. >> So Craig, where's the locus of competition move then? If the data center just becomes a resource that's on tap, basically, that I can just get? How do the cloud providers then differentiate? >> Basic infrastructure is relatively undifferentiated but when I look at the way that we run inside Google, we do some really, really scary smart things to make your application run for you. If you think about the way we run our infrastructure it's almost like the flight controller of a modern airplane. It's going from the old wire based control system where you move something to move a flap to a world where you have this controller that's taking in million of signals a second and making incredibly informed decisions that is optimizing the heck out of everything you do and making very fine grain corrections and I think that's going to be a huge avenue of differentiation. When you take an application, you package it and you give it to us and you trust us to run it for you and it's running at a slightly higher level, we have a much high extraction level, we can do incredibly smart things with things like machine learning technologies. We can watch how your application's running. We know how it ran last time so we can tell if something's going wrong because we have the ability to actually watch it. This is how we run internally. >> Right, right. >> It's not just about the infrastructure. It's going to be about smart systems that run your application for you. And that's going to be hard to-- >> It's really to abstract above the management of the application. It's actually the management of the application and the optimization of the application as opposed to the infrastructure? >> There's so much more value in moving from static, dumb infrastructure to actively managed, sort of precision managed container based capabilities. It's quite jarring. This was clear to me very soon after we shipped Google Compute Engine. I was able to see, we never looked inside VM so we were able to see what level of CP utilization our customer's were getting and we compared that to what we were able to run in our internal web loads and our customers are only getting like, there were several integer multiples less utilization than what they were paying for. So we knew that something could be done. We could actually move up the abstraction layer and just do a better job by actively managing and making smart decisions. And that would be very disruptive-- >> So let's play a game, we played a game with our last guest, we'll play the game of you and I are going to go into business together and be venture capitalist. >> Okay. >> Okay. >> Sounds like fun. >> What's our investment thesis? Knowing what we know, I mean, there's a lot of entrepreneurs out there really looking at the enterprise right now. The enterprise is hard, cloud is kind of like a proxy for the enterprise but it's not like your classic enterprise. I'm a tech entrepreneur, I'm a coder, I'm an architect, I'm an OS guy, systems guy, could be a creative filmmaker, whatever but I want to come in and get some white space. Is there white space out there that you see that is an opportunity for developers that could really come in and stake claim and build a really good business? It could be lifestyle business, it could be a home run. Where would we invest? >> Yeah, I think there's so much white space in this domain. We are in the very early days of getting these technologies to market. Obviously there's just bolstering the basic, sort of the fundamentals of the platform. Overlay networking, everyone's talking SDN. Obviously there's a lot of hype around that but being able to create an abstraction that allows high levels of plugability for different network fabrics as you move between clouds is interesting. Storage, and doing a better job of providing virtualized storage that is available to these containers is an area of opportunity. There's a lot of work to be done in the tuning environment, full on application lifecycle management, continuous integration, lots of opportunity in that space. And then frankly, as we start looking at taking these technologies to market and deploying them into real businesses that are running multi cloud, there's going to be a lot of the governance, risk management and compliance overlay capabilities that just don't exist. We have the ability to define policy and enforce it in a very effective way, whether it's security policy, data loss prevention policy-- >> But it has to be dynamic, right? >> And it has to by dynamically done and it has to be enforced at the node. >> That's software, that's hard software? >> And there's so much work to be done there. There's so many opportunities to either create niche, vertically oriented capabilities of service specific protocol or unique, highly valuable, cross coding capabilities. I'm very excited about the future in this space. >> Where would we get started if I was an entrepreneur? Like, hey Craig, I saw your interview, where do I get started? Writing an app engine code? I want to put the boat in the water and starting drifting into this area you just mentioned, how should I navigate in? How should I vector in? >> A lot of it depends on where you're going to be operating in the stack. I would suggest you go and learn Go. Go is rapidly, GoLang, if you want to talk about the sort of the development environment is rapidly emerging as the language for the new cloud. We're seeing a lot of work in the Go community. Docker is written in Go, Kubernetes is written in Go. So I'd start there. It's a great platform for systems development. So I'd start looking at some of the existing technologies, Docker, Kubernetes, start just assessing where the gaps are. I'd probably approach it from a systems development perspective if I was doing it but there's also going to be a lot of value higher up the chain where you can actually-- >> You can dance on top of the stack and around the stack? >> Absolutely. >> Alright so final question, are we going back to the old OS days? I know you were joking before we came on, conversational even in a way, that was pretty relevant. I mean, we're seeing concepts of systems programming of the 80's kind of, but in decentralized way. Comment on that because I think that's tying a lot of things together. >> I think that's an incredibly astute observation and I think we're moving away from a world, operating system today is a node local thing, right? So I have an operating system and it's providing an environment that abstracts me from the physical details of one piece of hardware, one machine, you know one set of resources. What we're starting to see now is the emergence of some of these distributed concepts where you're programming not to a specific singe piece of infrastructure, single piece of hardware but you're programming to a cluster and so I think it's very much like that. I think that's a very astute observation and we're going to see the buzz-- >> But no one vendor owns it. It's owned by the world. >> And nor should one. It needs to be a POSIX like ubiquitous framework that let's us get more out of these cluster centric applications. >> Very organic, I mean I love what's happening is a very organic development but yet there's some, kind of group dynamics going on around cluster and Docker's a great example. Came out of the woodwork to become a defacto standard. Probably the fastest defacto standard that I've ever seen-- >> It's been breathtaking how quickly that technology's taken hold. >> And that's just the crowd. >> Yeah. >> Just saying, hey if we don't like decide on something? We like these guys the best, they didn't piss anyone off or whatever, whatever the dynamic is. It could be double source, flywheel, but-- >> It's interesting, certainly from Google's perspective, we've noticed Docker a lot sooner than most the world did. We had technologies that we could have stood up as potentially competing capabilities but we chose not to, because the world is incredibly well served by a single standard for defining and packaging applications. Now we need to continue that and we need to build the standard for the POSIX like distributed systems standard, that people think about coding to when they're building these modern, next gen cloud V2 applications. >> Craig, I really appreciate you spending the time. Love the conversation, love kind of the long winding road we took there. We knocked out some Kubernetes. We talked about Docker containers. Talked about the future of the industry. Really appreciate it, you're awesome to have on theCUBE here, you're invited any time. CUBE alumni Craig McLuckie right on theCUBE. We'll be right back, here, live in San Francisco broadcasting exclusively from Google's developer conference here, the Cloud Platform Live Event from Google. We'll be right back after this short break. (light music)