>> From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Hi, and welcome to another CUBE Conversation. I'm Stu Miniman coming to you from our Boston area office. We've been in the cloud native ecosystem for many years. We know many open source projects, really helping to drive innovation, help companies modernize what they're doing. And one of the companies that leads one of those initiatives, happy to welcome to the program, we're going to be talking to the co-founder and CTO of Styra, that is Tim Hinrichs. First time on theCUBE, of course, company behind OPA. Tim, thank you for joining us. Welcome to the program. >> Hi Stu, thanks for having me. >> All right, so we've had the CEO of Styra, Bill Mann, on the program before, he's many time CUBE alum, it's your first time, and I always love when I get the founder on the program. Of course the question is, give us the why Tim. There's no shortage of tools out there in the industry, but as we've seen in the ecosystem, there's always companies, I wish something could happen, I wish we had something there. Often they've built it for themselves, and then, create a project. So bring us back a little bit to that origin story and what you and the team, what was the inspiration? >> So when we... the first thing to know is that really at Styra what we're focused on is helping enterprises that are embracing cloud native technology, sort of enforce and control the authorization policies across all their different Cloud native software. So I remember authorization is that problems of which people and which machines can perform which actions on software. And so the way this all got started was we were at DIEMware, before we founded Styra, and we were talking to a number of our customers from finance and tech, and what they did was they had built one of these things. They had built a unified solution policy to manage their authorization needs across many different pieces of software. So at that point we knew that the problem was very real, cause people had to solve it themselves. And so when- >> I'm sorry Tim. Just one thing to make sure I understand this. So in the policy management you talk about there, help me understand how that fits into say identity management which is one of the top things we think about when I'm managing my IT, when I go to the Cloud. It seems related but different, yes? >> Absolutely, yeah. So identity management is really this problem of who are you? It's often solved, from a user's point of view, by providing a username and a password, or a thumbprint, or a multi-factor authentication. That's an important problem that needs to be solved. That's authentication or identity. And it's really about proving who you are. But authorization is the next step, it's about what actions can you perform once you've convinced the machine who you are. And so really that's the piece that we focus on. >> All right, yeah, once can we get people in we need... It's usually you want to give them the least amount of access possible. We understand that from a security standpoint, we need to do this. So you've said what the kind of problem was, and that this is there so how open source?... I mean we know often it's, there's many reasons why projects end up open source. So give us the journey here. >> So it started, we've really got two pieces of software, So one of which, as you say is completely open source, it's become the open policy agent project, we decided to open source it and then eventually donate it to the CNCF because it's sort of mission in life is to make authorization decisions make decisions about if an action that a user or machine is trying to take a safe or not. And, that project is really designed to be a decision maker across all the different kinds of software in the cloud native ecosystem. And so naturally, there's a need for a lot of expertise about a whole bunch of different areas, about a whole bunch of different pieces of software and the best way to sort of leverage all of the world's knowledge about all those different pieces of software is to put that project out into the open. And so for us, it was just an easy, very easy thing to do. Every single line of OPA of code that goes into OPA has been done. >> Well, absolutely it's a project I know I've seen the stickers, I've seen people talking about it in the breakout at KubeCon CloudNativeCon shows. Let's not leave everybody, waiting for the news though Tim, it had been an incubating project, believe you've got some news for us. Yeah, absolutely so OPA has now officially graduated, it's now moved from incubation into the graduation portion the CNCF. And for us, it's really exciting because it really is a reflection of the maturity of the project. Right? There's so many people using OPA and using it to solve all kinds of different use cases. We're even seeing vendors pick it up and offer native integrations with their homegrown software. So it's really exciting to see the progress of the project has made >> It just for audience that might not be familiar. What does this mean now that it's graduated as a maturity level? Is it production? Ready? What what are those criteria that allowed to go from that incubating stage to the graduation? Yeah, so there are a bunch of criteria, but I think the biggest one really is really users in production, right? It has been proven at scale for many different users all over the world, right? CNCF just did a survey recently there, a couple hundred different organizations all across the world who were using open in some way, shape or form. We see it all the time and KubeCon and CloudNativeCon talks, you can hear all about all the folks who were using it. >> Yeah, so maybe it would help if you've got a customer example or use case that you can walk us through as to how exactly that fits. >> For sure yeah. So the nice thing about OPA and more generally Styra is that you can apply it to all different kinds of use cases. So there are a couple of very popular ones using it for Kubernetes admission control or micro service authorization, those are the two most popular right now. And they both work roughly the same way but I'll give you a concrete example. For Kubernetes, anytime some end users trying to spin up any resource, whether the pod or an Ingress or anything on the Kube cluster, you can integrate OPA with that Kube API server and allow open make a decision, is this new resource safe to deploy on the cluster? Or is it not? Micro service authorization works almost exactly the same way, every time one of those micro services receives an API call, it can ask OPA is this API call safe for me to off to execute or not? And so both of those are going to work in basically the same way and that's true for all the other applications and use cases for OPA. >> Okay, and give us some of the stats if you would, how many people how many companies and people contribute to it? What was the customer base look like? >> So think they're a bunch of interesting metrics I think that was the one that's most interesting to me is that number of downloads a week. Right now, we're at roughly a million downloads a week, which is super exciting. I remember those days when we hit that one million mark total and we were very excited. And so now we're at a point where it's every week, we're hitting a million downloads, all kinds of contributors as well and I think, another good metric there to think about are, talks I think we had nearly 50 talks, organic talks from end users on OPA that we ran across it last year. >> Well it's wonderful is the thing we love in that ecosystem there is it's not just using it contributing, to the code, sharing with the community. Tim, what are the challenges in this ecosystem? if you go to the CNCF website and you look at the landscape, it's a little bit scary and taunting just because there's so many different pieces. What I understand from OPA is, are there any dependencies there when you think about, the other services that it interacts with? Or does it just, kind of do its own thing enables customers? >> Yeah, so OPA is, wasn't designed to be a standalone project, right? It doesn't depend on really any other CNCF or really any other project. It was designed to make these policies of these authorization decisions and but at the same time, it's also designed to make it very easy to integrate with a wide range of software systems. And so, I think on the OPA website we've got over 25 different integrations that we are the community have built around OPA, to go ahead and give you and deliver on that vision of unified authorization. >> You mentioned that styro has kind of two pieces help us understand, what is graduating mean for customers in general? And for Styra? Help us understand a little bit more of the business that goes along with it. >> So like I said, that first piece that we build that first piece of software we built was the policy agent project open source, the second piece of software that we built is a control plane for OPA. The idea architecturally behind OPA is that you don't have one copy of OPA running, typically, you might have 10, or 100, or thousand copies of OPA running. And you do that for availability and performance aid for decision making. And so Styra second piece of software is what we call the declarative authorization service. It is a control plane and management plane, a single pane of glass that allows you to operationalize OPA at scale for the enterprise. So it really is designed to give you that ability to control and manage distribute policy, right policy log all the policy decisions for all those Opus. And so that's really where we're, that's the second piece of software that we're putting a lot of effort energy into. >> All right, now that the great graduation is there, what does this mean? Give us a little bit of the roadmap, you're the CTO, we know, there's always, feedbacks and other updates coming. So what should we be expecting to be seeing going forward? >> So there a couple of things I'll mention here, one of which is that with OPA we did a survey recently, just trying to get a sense as to what the community needs and how they're using OPA and so one of the things we found was that the fastest growing use case for OPA, it looks to be application authorization, right? So if you're building a custom application, maybe it's a banking application, that application needs to decide every time a user performs an action is this authorized or not? So if I'm trying to withdraw money from an account, is it safe or not? And so that's the fastest growing use case for OPA that we saw on that and so what I expect to see is more and more people talking about using OPA for that application level authorization. On the Styra side, I think what we're looking forward to is just continuing to chat with the community and understand what they need around operationalizing OPA and making that control plane, that management plane do all the things that enterprises need to operationalize OPA at scale. >> Tim, you've reached the graduation, which is a phenomenal milestone in the project there, there's so many other projects out there wonder what advice you would give to other people starting business, starting a project engaging with the open source community? What have you learned along the way? Any lessons learned? And what feedback would you give others? >> Absolutely, so if I'm talking to somebody else who's interested in, starting an open source project, I'll give them a little bit of advice. So the first of which is that certainly the code matters a lot, it's codes got to be technically sound, it's got to be solving real problems. Everybody understands that. I think what a lot of people understand less of is that when you start a project, you need to put a lot of energy into growing, that community that communication, you need to focus a lot, you need to reach out to end users, and actively engage with them. Help them understand what the project's good for. Help them be successful with it. And so I think that piece is what a lot of people don't really understand, and it's something that I think we that if more people did, we'd see a lot more successful open source projects. >> Alright, Tim, I'll let you have the final word and any final things you want to feed back to the community or, potential customers for Styra? >> Sure, so first of all, I'd like to say thank you to all of our community members, all the users who've worked with us, all the vendors who are taking her doing integrations with OPA, we'd love to see it, we'd love to see more of it. And at the end of the day, I got to say I'm super excited to be working both with OPA and our commercial declared authorization service really deliver on that vision of unified authorization and deliver that to the vote to the world at large. >> Tim, congratulations to you and the OPA team and Styra definitely looking forward to seeing you at the next gathering of the community. And we'l hear more updates in the future. >> Thanks so much for having me. Steve, this is great. >> All right, and be sure to check out the cube.net for all the back catalog of interviews that we've done, including with the CEO Styra as well as upcoming events that we will be at including, of course KubeCon CloudNativeCon North America happening later this year virtually. I'm Stu Miniman, and thank you for watching theCUBE.

>> Host: From around the globe, it's theCUBE, with coverage of KubeCon and CloudNativeCon North America 2020 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hi everyone, I'm John Furrier with theCUBE. We are here covering KubeCon and CloudNativeCon North America 2020, November 17th to the 20th, a virtual event. Normally we're there in person, but again, 2020 has been a crazy year, we're not going to be able to be there in person, but we're here remotely. We have two great guests, the co-chairs of KubeCon and CloudNativeCon Stephen Augustus senior, open source engineer VMware KubeCon CloudNativeCon chair and Constance Caramanolis principal software here at Splunk and you guys are co-chairs of KubeCon. Big responsibility, thank you for coming on. >> Thank you. Thank you for having us. >> Thank you for having us. >> Okay so we, the number one question every year is before it gets started is, how did you make the selections for the talks, what's the hottest thing going on, what's the focus for this KubeCon? >> Well, so actually we use a Ouija board to choose the talks. (laughing) No, I'm joking it doesn't happen that way. >> Yeah, yeah, it's pretty much all out of a hat, but seriously, we spent a lot of time with talks that showed, I guess diversity and integration in the community. So, what projects are starting to pick up steam? What projects are starting to integrate more deeply with other ones? So you'll see lots of commentary around, multi cluster items within cloud native technologies, as well as, lots of content on security, which I'm excited about. >> Yeah, and also things are like, there's a little bit like, kind of to your point about like things layered on, like we're starting to get to the point where people are talking about like hey, I deployed Kubernetes and Envoy and something else. And like, these are starting to be a lot more of these kind of joint talks there that actually even make it harder for us to place. Like, does it belong in networking? Does it belong in application development? Like there've been some really good challenges trying to figure out where things are slotted and what's right- >> You know one of the things I love about KubeCon besides being fun to go to while it's face to face is even with the virtual, it's still a great community. The talks are awesome, people are submitting talks. But you got the sixth year, I think it's a six year or fifth year. We've been there for all years. I think this is the sixth year for us, the maturation, the growth and of Kubernetes now it's pretty clear. This glue layer, is gluing things together the API is extending to service and more services. Can you guys comment on what you guys are seeing in terms of some of the practical projects and how they're playing out for developers? Because you're starting to see you know, more clusters you've got cloud you've got multi-cloud around the horizon. So you've got more of these conversations where you have more capabilities but the focus on the modern application building is the number one business focus. So, you know, the developers are trying to build out under the covers and say, how do I scale this? So, this seems to be the kind of a growth year and inflection point for that next level. It seems like next level. Steven, what's your thoughts and reactions to that? >> Yeah absolutely. So, as a former, I've been out a few cloud native companies at this point so more or less from Red Hat before heading over to VMware. And as a former field engineer and solutions architects at some of these places, we spent a lot of time thinking through what is the days, zero day one story, right? And it's very clear that as a community, we've gotten to the point where like that is officially the boring stuff, right? Seeing a lot of the features within projects like (indistinct) and Cluster API come to maturation. We start to focus a lot more on that developer story, right? And ultimately that's what we care about, right? Businesses are not necessarily looking for a new tool to play around with, right? There are business goals that are tied to the new technologies, right? So the velocity in which you deploy your applications, the feedback loop in terms of understanding, you know, what ties into your application, where things are going wrong and, you know, Constance can definitely speak to the, the observability layer for all of these cloud native applications that are out there. >> Constance, observability I hear is really hot right now, what's your take on it, I mean is observability everywhere? New startup comes out and you work at Splunk, they're the King King of observability, they started out with very small observation space now it's a full platform. You have to look at the observation space to get the data that's the internet. >> You do. >> That's semi application. What's hot in observability? Take us through your thoughts. >> I think what's also starting to like, so you're still like, there's some, I can think of like one talk right now, it's a little bit talking about like, you know, observability at scale in a sense of just like now we have these massive applications and saying we globally and to observe and monitor observe right now, I'm not going to use a tourism changeable. I know that's a total different debate the available topic, but for now, just keep it at that. But it's also now, I think one thing as observability space and maturing is we're not talking only about like, hey, I instrument my like application with metrics, logs, traces, or some other thing there. It's now being a little bit more critical about how, if I'm using all three of these are all different telemetries, like how to be smart about it. Like, okay, I'll need to use traces for some things and let me use logs for something else. And like kind of getting to reach a part of like, now that we have that data let's actually think about better ways to use that data. So we don't, you know, collect everything cause you can't collect everything as much as we want to. >> Well, I mean this is something that I want to get your both thoughts on because one of the conversations we're hearing from developers and we hear it from them on the business size everything is a service, that's like the ivory tower you know, the CXOs, everything is as a service and then it down into the developers in the engineering community and they're like, well, it's not that easy 'cause you got tools for every platform, right? And that's a problem because these siloed tools are tools that were built for a certain products. And then you've got the systems thinking you guys talk about this integration is a key area. So making everything is as a service, just isn't that easy, right? So the goal is to make it easy, right? So this is the systems conversation. How do you guys look at that from a KubeCon, CloudNativeCon because cloud native does enable a lot of, good things. It's horizontally scalable cloud from a resource standpoint, you've got programmability. You can look at it as a system but people are stuck with these tools for the platform. I mean, you have tools for this, tools for that and five different tools, how do you make observability work? How do you make security work? These are tough questions. What's your reaction to that? >> I think that a lot of it comes down to, from a building perspective and, you know, taking the builder perspective and then also taking the consumer perspective. For builders, and I actually spent some time with, at some developer heads in New York, we sat down for a dinner and kind of talked, talked through some of the problems in the space. And I think what it really comes down to is when we build tools we need to think about who we're building the tools for, right? There are multiple personas that you might look at in the cloud native space. And, you know, one might be the persona of that systems integrator, of the classic Opsy, DevOps SRE role, right? Then you've got someone who may be building tools on top of one of those Ops platforms, right? And then you've got the consumers that may be in your company maybe they're external, right? That's for their experience, they're really only interested in how do I ship my app, right? So whether we're talking about building out Kubernetes or whether we're talking about a server less platform, right? So sort of Alyssa and the cloud, right? You often hear the, it runs on, it's running on someone else's machine, right? You know, it's not really, so I think in that space you have to consider a developer experience, right? So I think one of the overarching themes that you'll see throughout this KubeCon is, how do we talk about the developer experience? Who are we building these tools for? How can we actually get outcomes that end users are looking for? Right, cause it's not, again, it's not about the tools it's about the outcomes for the respective businesses. >> Constance what's your reaction to this trend of tools. >> I think. >> Edge computing, 'cause you you don't want to have to build security for everything, single thing. I've got an edge device, I want to have that'd be software operated, right? It makes total sense. But making that happen is hard. >> Yeah, I think this is something that as a community like we're really, I guess like kind of how I use example like end user docs versus restaurants documentation. I think that we've been, done a really good job at creating these really powerful tools but like in terms of, we still need to simplify them for anyone who doesn't want to learn, like say Kubernetes or Envoy or open telemetry, like the back of their hand. And I think that's where we're starting to finally start to close that gap. And as I think also why KubeCon is getting a lot more popular is like now things are a little bit more accessible to those who don't have, you know, either don't have the bandwidth or it just it isn't in their interest to learn all these things in details. And so we're slowly going from those who want to be deep, deep experts into, yeah I kind of want to play around with it and make it more manageable. And, I do think we still have quite a bit of ways to go. Like I think, you know, what's been helpful like at least like our end user stories that we get and like the application development track, especially that one, like the case studies that there's no longer track but it is highlighted as like these talks and case studies. I think that shows it's kind of giving people more like, hey, these are stories of how I can take these tools and start making them more digestible in my own way. 'Cause going from like, oh, this feature does XYZ to, this is a whole story that you can do around it. It's been a little very gap, we're closing. >> Yeah, and I think one of the things about you kind of being shy there, I'll say, KubeCon, CloudNativeCon, CNCF in general has been very successful because of the end user focus I will say that. But also the ecosystem of the vendors that are there. So you have kind of the best of both worlds and they'll want to get better, right? So, but they al have to make money at the same time. So you have this balance, is open source, is what it is, it's out in the open. Can you guys comment on how the community is thriving and surviving? We're in a tough time with the pandemic. It's been a big challenge honestly, we're not in person we're remote. How is everything going with the community? Because it's such a great end user vendor community working together out in the open shipping code, trying to make things better. What's the state of the community? >> Yeah, so I would say that honestly, what it comes down to is that word community, we're all friends, right? There are people who, you know, as the, as we moved towards is kind of like cloud native consolidation of companies. A lot of us have worked together before, right? A lot of us are active in multiple communities and what comes out of that is really open and honest collaboration as a result. You know, even today there's a Twitter thread going, you know, I started talking about the Kubernetes release cadence, right? And if, and how it should change. Given 2020, we had an extended release cycle for 119, right? And questions became, what do we do? Like, do we continue with three releases a year? Do we try for, to do the switch back to four? Like, what does that look like? Right. And reaching out across the Kubernetes community across the CNCFC, the contributor strategy saying in CNCF and getting feedback from all of these people who depend on the products that we build day to day is huge. So I think what it comes down to really is, is open and honest collaboration. I think, you know, when you were strained I know that everyone has a lot going on in life right now. What's great about it is being forthcoming with that, right? We have all of these teams that are, that are built to support the people that are around them. So, if anything, I, you know, I'd love to see all of the collaboration and feedback coming from everyone who works on these projects day to day. >> Yeah. >> Constance what's your reaction? I mean when, I've talked of some developer friends of mine, they're like, hey, this is great, I can work virtually, I've been doing it for years anyway. So no big deal. It's not like the people who have to go to the office every day. So they're used to virtual format. The other comment was, I get more time to do some gaming too. Trying to make light out of the bad situation, but you know, it is serious. What's your reaction to the survival and the thriving continue thriving of the community? >> Yeah, I also want to eventually go back to cause you're making a comment about vendors and now this is my first time as vendor. I have interesting, I like, it's a really interesting perspective to come from, but let's talk about the community. I think like, you know, it's like one of the things that like I think actually has been one of the highlights of this year for me, for 2020, it like to be co-chair but it's also just to like be able to work with Stephen and Nancy and the rest of the CNCF community. And also like any attendees, like has actually even though this is a big year of change and it's, you know, it was a change that no one was planning. It has definitely been like really nice to just get like Kube, I guess would say as an example, the story like for KubeCon you, like I was surprised at how many people were engaged in the Slack channel and asking questions and like Priyanka has set up these happy hours and people are just joining and we're starting to talk and so it wasn't quite hallway track but we still had that connection. And there was definitely, there are people who are attending from all parts of the world. And I thought that was really nice. Like, we think CNCF has made it, like they have made the statement before that there will always be a virtual component to it to address the fact that, you know, our community we're so used to being in person, but that does, you know it does reduce accessibility to those who can't travel or for whatever reason they can't be there in person. So now it is becoming more open. And, I know, I mean kind of turning back a little bit a little bit derail, I'm a little bit derailing but to your point about like also like the vendors. And so this is my first time being a part of a vendor. And I think what's really interesting is like, there's this natural like, you know, tension between like, oh, some were like, oh, I don't want to do it from the vendors, or like, I only want things from end users. But I think the thing that I've kind of forget is that both of them are like active, you know, they're active in the community, both in either contributing or enabling others to be successful using CNCF projects. And so we all have, you know, valid points and perspectives on it really. You can maybe sometimes argue that sometimes being a vendor is almost a bonus because you get to talk to maybe more people who are trying to adopt the technology and you get to see trends. And then after as an end user, you could say like, hey, I have this really unique problem here and this is how I try to solve it and share that story with other people, so. >> Yeah, I mean, I think you're right. I mean, there's checks and balance I've observed over my years in open source you've seen certain things thrive certain ways. And I think that balance and, but having the mission and kind of a rules of engagement if always seen well, good, worked well for CNCF they embraced the vendors really well, but they're, I mean I will say paranoid cause that's my word. But like they're paranoid of the vendors I would be too, like, you know, only to get their fingers in the pie, but they're also contributing. So there's always been that checks and balance and that's, what's been magical I think about it is that they fostered the community, they fostered the engagement and they fostered that balance. And I think that's where the give and get comes in. And I think that's a healthy community and I just love to see and love to be involved with. So, it's super, super good approach. Now, putting back the vendor hat on, if I'm a vendor, I want a competitive advantage. So yeah, this brings us to the next gen conversation open source goes and going next gen, you're seeing a big focus on AI, you're seeing a big focus on, you know, edge computing which is going to be software operated, software defined, which cloud native will lead. I got to get your perspective on something. Steven said at the top was security. Every conversation for the past five months with Dave has been shift left. So, okay. Where are we going left? We're shifting left. This is about security. How do you build security in? This has been a big conversation. It's not easy problem. I know it's a top focus. I want to get your reactions Steve and we'll start with you then Constance I would like you to weigh in too. >> Yeah sure, so, security, security is already strict, right? And I think that people start to put the focus on security when it's a little too late, right? The move is always preventative as opposed to reactive, right? And security is an onion, right? So it's not enough to just think about security on one axis, right? It's, you know, how is this affecting, you know, how is this affecting my application, the systems that I build, the physical, you know, the physical restraints of the, you know, of the area, right? Infrastructure, the cloud providers that I'm running on, right? Are they a certain level of compliant, right? Especially when that comes up for federal customers, right? On the application side, right? You know, if you think of, you know, if you think of all the, the different ways that you can break an application that hurts security now with the cloud native space container security, right? Am I building a safe Docker files or build packs or what have you, however you package your application. And ultimately you have to, you know and then there's also the supply chain, right? Am I getting, how am I moving that stuff from some physical infrastructure or some cloud infrastructure into the hands of the developers, into the hands of the customers? How do I react to changes once those applications have actually been deployed? Right? So like all of these things to consider and when you look at that space, these are multiple teams, right? These are dozens and dozens of teams across, you know, multiple companies, right? You may not have, you may not have full control of your security story, right? So I think that, what, you know what you need to do is start the conversation internally about how we can build security at multiple layers, right? So some of the things that are kind of interesting to see pop up during this KubeCon and some of, you know, and some of the last ones, the continued work that's happening on OPA and Gatekeeper spiffy and Spire, right? And, you know, all of these, all these frameworks for authentication and authorization that are kind of cropping up, right? I think, you know, Spiffy and Spire really interesting story because, you know, the first thing that you think is I have these cloud native applications that I'm building and I also have these legacy applications, right? How can I build a bridge between the two? Right? And then you've also got things like, you know, service mesh, right? And you start to talk about service mesh and, you know, the security within applications that live inside a cluster or across cluster, right? And how you negotiate that. So tons of things to think about, and, you know, it's honestly going to it's honestly going to depend on where you are in your journey but I think that, you know, good security is only built by having the conversation and having the conversation across all teams and doing it before you get into trouble. >> Do it before you get in trouble have it baked in from the beginning, brush your teeth make sure you're all healthy. Constance your reaction, (laughing) your reaction. >> So I will say like, I am unfortunately one of those people that like security, well security is just not something that I guess going to say I find super exciting. And it mostly just because I, I really love observability and like service mesh and so I usually defer to the experts on that, but I do want to like, I guess plus when some of what Steven said, obviously using git hub, you know, terminology for plus and what you know, enhancing things like definitely started early and it, but I think, you know, start early, start a conversation. But I think we also need just be cognizant of like for any of the technologies, like if it's security say networking whatever, all of these things are behavior changes and just bucket more time than you think you're going to need. There's going to be so many roadblocks and especially when it comes like, especially when it comes to behavior changes. Like, if you're and behavior, but not like necessarily like a personal, but like, you know, technology behavior like you're used to sending things without MTLS, right? Or, you know, with our backs, things are going to fail and, you know, there's going to be that initial friction and so definitely trying to make this smooth as possible. >> Yeah, I mean, I think that's the focus I like to see more of which is having it be built in. So if you're really not into it, but you don't want to screw it up either so you want to be on top of it without doing it, right? That's the end game, right? That's what DevOps is about. So if you don't have programming infrastructure write code. So all these things, this is the trend this is the trend that we're seeing in cloud native. Can you guys share your thoughts this year on, on the most important stories that you think people should think about or lean into or at least look at for KubeCon? What are some of the things that attendees or people watching remotely or participating virtually or in the Slack channels, what should they pay attention to? >> So starting with, I think even with the last KubeCon and some of the products that have recently come out from certain vendors, we're starting to look a lot more at the, what is that conversion story for someone who is a classic CIS admin, right? Who may be learning all about cloud native technology for the first time, or how do we, you know, how do we welcome a new KubeCon attendee to the community? So I think one of the best things that we did was instantiate that's a one-on-one track, right? So with the one-on-one track, I think we got a bunch of great feedback. So we work to make sure that they were actually, we eliminated I believe we fully eliminated the lightning talks and work to include more one-on-one content as well as tutorials within this program. >> Constance, your reaction, Constance your reaction to thoughts on the most important story to pay attention to? >> I think it's more, right, cause, okay, I know this is like a common line that we say at KubeCon and like, you know, depends what group your on. But since so many more of our talks we're now talking about intersections between like, you know, using X and Y try to build Z, Zed. Oh my goodness I'm trying, I'm losing my Zeds. I think trying to like, you know looking for those talks that at least somewhat resonated like, hey, I've already talked to communities, let me see how I add Envoy. Like, trying to find those there because there's a lot more of that content now, right? Cause maybe you know, about like to even last KubeCon or like last KubeCon North America, a lot of the things were more focused on like one project, maybe a hint or you're just going to see more of these combinations. And so there are a lot more, there's a lot more of that content available for you to find. I'm doing two, three, maybe four, It's a lot of projects at once, adoptions and seeing how that works too. Oh yeah, one-on-one track has definitely been definitely like a great hit. I'm going to say, right? The first time it was launched and we got so many CFPs for one-on-one it was just amazing to see all these ways that people wanted to make KubeCon more accessible to everyone else who hasn't been a part of, you know. >> It's every year, it's every year the onboarding of new members of the community would be impressive. And having that tracker laddering or different ways to work as a community to help people along has been another thing I noticed you guys do really well on. There's a real camaraderie amongst the community. So a hat tip for you guys on that. Final question for you guys is more about the format. Obviously it's virtual this year the game is still the same. There's talks, there's people, there's hallways, but they're virtual, I guess you're virtually walking through Slack and discord or Twitter, whatever. What's the learnings from last event, as we're going into virtual, how does an attendee maximize their time, their engagement there's times to lean in and be present, attending a talk, you mentioned Slack Constance. What's some of the learnings that you guys have learned from virtual? And what can people think about and prepare for, for KubeCon virtual this year? >> Yeah, I think one way you start it. So, there's actually a resource, this came from our debrief for me, it was like there's a resource like, hey, let me help get the day off. And like, we even provided template to like provide to your, you know, direct to your managers. Say like can I please get this day off so I could focus on it? And I think that's one thing that and I think we'd all probably seen on Twitter and blogs is that even though it is virtual it is still a brain drain, well it's still, you know, you have to engage with a topic so set aside time. I would probably even say attend fewer talks, than you would normally do in person there is zoom fatigue, I guess it's been from on screen fatigue. So just give yourself a lot more space to consume the information and just debrief and also join the activities, right? Like ask questions in Slack. There's a lot of the virtual events like there's bingo there's even an escape room, which sounds like a lot of fun, all these different activities too that you can do with everyone. So like definitely enjoy that part, right? 'Cause you still get a little bit off until you just say like hey, you mentioned this project, let's chat offline. And then, you know, a few weeks later you may be on a four hour long Zoom meeting talking about some project. And so, yeah >> Yeah, I noticed the hang space kind of mindset of virtual was pretty cool. Be mindful to introduce yourself and either do a sidebar or jump on some back channel. I mean, there's plenty of tools, developers know what they are, so pretty good point I want to call that out. Good, good point Constance. Steven, your thoughts on learnings from the virtual format and then things this year people should pay attention to and jump in and use the site for. >> Yeah, so I would say if anything the previous attendees gave lots of thoughtful feedback about how to improve the overall program. One of my favorite parts of any conference and it's the part that I prioritize more than anything else in the conference even the talks, right? Is the hallway track, right? It's one of the few times, you know, especially with KubeCon and the various contributors across the cloud native space that's the, you know, the one time every quarter or so that I get an opportunity to see these people face to face, right? So, you know, we wanted to do our best to bring in experience that felt, you know, it's not the, you know, it's not the same as the physical hug, right? Or the, you know, or going out for, you know, going out for dinner after a long day. But we tried and we laughed through lots of crazy ideas that the event team, to see what they would come up with for me as a New York resident and having a conference that is any virtual but would have been in Boston, I thought it was important thinking about screen fatigue, as well as just the physicality of where people would have been at the time, is the start time of the conference, right? So as Constance was mentioning screen fatigue it's, I think with all of the virtual conferences going on, it's very hard to have that time during the day, right? So this KubeCon for folks on the East coast it starts basically at your lunchtime. So the idea is, hopefully you get some, you get some of your meetings in for the day, grab a bite to eat and then you sit down for lunch and you, and you dig into some KubeCon, so. >> Yeah, and you can have any lunch you want and then later of you will be able to eat lunch from the conference. That's awesome. The other thing I love about the, what you guys said is the hallway tracks. And I think one of the things I've noticed going to a lot of virtual events and doing them is, Constance you're right, it's mentally draining to lean into a talk because you're present, even though you're virtual. So taking time to get involved in the fun activities or just, you know, wandering Slack or doing a sidebar with the hallways is kind of a have some time off like the time to regroup and not be so, you know, leaned into a session, I find that to help on the fatigue side for sure. The other one is viewing parties. We popped into some, you know, Zooms together and we watched each other watch the session, right? So viewing parties has been one trick I've seen work well, other ones I've seen people toast beer at a certain time. The Germans obviously do at first, cause they're on the time zone, but you start to see these playful things. You know, people can share their kind of position where they are. So it's fun. We'll look forward to seeing that. Okay, final comments, Steven, Constance. What's the bumper sticker this year for KubeCon? >> Ooh, have we decided yet Constance? (laughing) >> Velvet jackets are required for entry. (laughing) I'll make word sense after you see a special message from us. (laughing) >> It's a lot of fashion on stage, on stage, right? >> All right we stumped the co-chairs. (laughing) We stumped the, well, I want to say thank you very much for coming on and sharing little color commentary on KubeCon around the program, some of the things when the virtual event too some of the talks, really appreciate it and we really appreciate what you do, the community does. It's been a hard year. We're not going to be there in person. We'll continue to ride the wave in to back to the normal. So thanks for doing what you doing and thank you for coming on. >> Thank you so much for having us. >> Yeah, thank you. >> Okay. This is theCUBE, virtual coverage of KubeCon CloudNativeCon virtual November 17th to the 20th. I'm John Furrier, your host for theCUBE. Thanks for watching. (upbeat music)

>>Hi everyone, This system A fellow from the University of Tokyo before I thought that would like to thank you she and all the stuff of entity for the invitation and the organization of this online meeting and also would like to say that it has been very exciting to see the growth of this new film lab. And I'm happy to share with you today or some of the recent works that have been done either by me or by character of Hong Kong Noise Group indicating the title of my talk is a neuro more fic in silica simulator for the commenters in machine. And here is the outline I would like to make the case that the simulation in digital Tektronix of the CME can be useful for the better understanding or improving its function principles by new job introducing some ideas from neural networks. This is what I will discuss in the first part and then I will show some proof of concept of the game in performance that can be obtained using dissimulation in the second part and the production of the performance that can be achieved using a very large chaos simulator in the third part and finally talk about future plans. So first, let me start by comparing recently proposed izing machines using this table there is adapted from a recent natural tronics paper from the Village Back hard People. And this comparison shows that there's always a trade off between energy efficiency, speed and scalability that depends on the physical implementation. So in red, here are the limitation of each of the servers hardware on, Interestingly, the F p G, a based systems such as a producer, digital, another uh Toshiba purification machine, or a recently proposed restricted Bozeman machine, FPD eight, by a group in Berkeley. They offer a good compromise between speed and scalability. And this is why, despite the unique advantage that some of these older hardware have trust as the currency proposition influx you beat or the energy efficiency off memory sisters uh P. J. O are still an attractive platform for building large theorizing machines in the near future. The reason for the good performance of Refugee A is not so much that they operate at the high frequency. No, there are particle in use, efficient, but rather that the physical wiring off its elements can be reconfigured in a way that limits the funding human bottleneck, larger, funny and phenols and the long propagation video information within the system in this respect, the f. D. A s. They are interesting from the perspective, off the physics off complex systems, but then the physics of the actions on the photos. So to put the performance of these various hardware and perspective, we can look at the competition of bringing the brain the brain complete, using billions of neurons using only 20 watts of power and operates. It's a very theoretically slow, if we can see. And so this impressive characteristic, they motivate us to try to investigate. What kind of new inspired principles be useful for designing better izing machines? The idea of this research project in the future collaboration it's to temporary alleviates the limitations that are intrinsic to the realization of an optical cortex in machine shown in the top panel here. By designing a large care simulator in silicone in the bottom here that can be used for suggesting the better organization principles of the CIA and this talk, I will talk about three neuro inspired principles that are the symmetry of connections, neural dynamics. Orphan, chaotic because of symmetry, is interconnectivity. The infrastructure. No neck talks are not composed of the reputation of always the same types of non environments of the neurons, but there is a local structure that is repeated. So here's a schematic of the micro column in the cortex. And lastly, the Iraqi co organization of connectivity connectivity is organizing a tree structure in the brain. So here you see a representation of the Iraqi and organization of the monkey cerebral cortex. So how can these principles we used to improve the performance of the icing machines? And it's in sequence stimulation. So, first about the two of principles of the estimate Trian Rico structure. We know that the classical approximation of the Cortes in machine, which is a growing toe the rate based on your networks. So in the case of the icing machines, uh, the okay, Scott approximation can be obtained using the trump active in your position, for example, so the times of both of the system they are, they can be described by the following ordinary differential equations on in which, in case of see, I am the X, I represent the in phase component of one GOP Oh, Theo F represents the monitor optical parts, the district optical parametric amplification and some of the good I JoJo extra represent the coupling, which is done in the case of the measure of feedback cooking cm using oh, more than detection and refugee A then injection off the cooking time and eso this dynamics in both cases of CME in your networks, they can be written as the grand set of a potential function V, and this written here, and this potential functionally includes the rising Maccagnan. So this is why it's natural to use this type of, uh, dynamics to solve the icing problem in which the Omega I J or the Eyes in coping and the H is the extension of the rising and attorney in India and expect so. >>Not that this potential function can only be defined if the Omega I j. R. A. Symmetric. So the well known problem of >>this approach is that this potential function V that we obtain is very non convicts at low temperature, and also one strategy is to gradually deformed this landscape, using so many in process. But there is no theorem. Unfortunately, that granted convergence to the global minimum of there's even 20 and using this approach. And so this is >>why we propose toe introduce a macro structure the system or where one analog spin or one D o. P. O is replaced by a pair off one and knock spin and one error on cutting. Viable. And the addition of this chemical structure introduces a symmetry in the system, which in terms induces chaotic dynamics, a chaotic search rather than a >>learning process for searching for the ground state of the icing. Every 20 >>within this massacre structure the role of the ER variable eyes to control the amplitude off the analog spins to force the amplitude of the expense toe, become equal to certain target amplitude. A Andi. This is known by moderating the strength off the icing complaints or see the the error variable e I multiply the icing complain here in the dynamics off UH, D o p o on Then the dynamics. The whole dynamics described by this coupled equations because the e I do not necessarily take away the same value for the different, I think introduces a >>symmetry in the system, which in turn creates chaotic dynamics, which I'm showing here for solving certain current size off, um, escape problem, Uh, in which the exiled from here in the i r. From here and the value of the icing energy is shown in the bottom plots. And you see this Celtics search that visit various local minima of the as Newtonian and eventually finds the local minima Um, >>it can be shown that this modulation off the target opportunity can be used to destabilize all the local minima off the icing hamiltonian so that we're gonna do not get stuck in any of them. On more over the other types of attractors, I can eventually appear, such as the limits of contractors or quality contractors. They can also be destabilized using a moderation of the target amplitude. And so we have proposed in the past two different motivation of the target constitute the first one is a moderation that ensure the 100 >>reproduction rate of the system to become positive on this forbids the creation of any non tree retractors. And but in this work I will talk about another modulation or Uresti moderation, which is given here that works, uh, as well as this first, uh, moderation, but is easy to be implemented on refugee. >>So this couple of the question that represent the current the stimulation of the cortex in machine with some error correction, they can be implemented especially efficiently on an F B G. And here I show the time that it takes to simulate three system and eso in red. You see, at the time that it takes to simulate the X, I term the EI term, the dot product and the rising everything. Yet for a system with 500 spins analog Spain's equivalent to 500 g. O. P. S. So in f b d a. The nonlinear dynamics which, according to the digital optical Parametric amplification that the Opa off the CME can be computed in only 13 clock cycles at 300 yards. So which corresponds to about 0.1 microseconds. And this is Toby, uh, compared to what can be achieved in the measurements tobacco cm in which, if we want to get 500 timer chip Xia Pios with the one she got repetition rate through the obstacle nine narrative. Uh, then way would require 0.5 microseconds toe do this so the submission in F B J can be at least as fast as, ah one gear repression to replicate the post phaser CIA. Um, then the DOT product that appears in this differential equation can be completed in 43 clock cycles. That's to say, one microseconds at 15 years. So I pieced for pouring sizes that are larger than 500 speeds. The dot product becomes clearly the bottleneck, and this can be seen by looking at the the skating off the time the numbers of clock cycles a text to compute either the non in your optical parts, all the dog products, respect to the problem size. And and if we had a new infinite amount of resources and PGA to simulate the dynamics, then the non in optical post can could be done in the old one. On the mattress Vector product could be done in the low carrot off, located off scales as a low carrot off end and while the kite off end. Because computing the dot product involves the summing, all the terms in the products, which is done by a nephew, Jay by another tree, which heights scares a logarithmic any with the size of the system. But this is in the case if we had an infinite amount of resources on the LPGA food but for dealing for larger problems off more than 100 spins, usually we need to decompose the metrics into ah smaller blocks with the block side that are not you here. And then the scaling becomes funny non inner parts linear in the and over you and for the products in the end of you square eso typically for low NF pdf cheap P a. You know you the block size off this matrix is typically about 100. So clearly way want to make you as large as possible in order to maintain this scanning in a log event for the numbers of clock cycles needed to compute the product rather than this and square that occurs if we decompose the metrics into smaller blocks. But the difficulty in, uh, having this larger blocks eyes that having another tree very large Haider tree introduces a large finding and finance and long distance started path within the refugee. So the solution to get higher performance for a simulator of the contest in machine eyes to get rid of this bottleneck for the dot product. By increasing the size of this at the tree and this can be done by organizing Yeah, click the extra co components within the F p G A in order which is shown here in this right panel here in order to minimize the finding finance of the system and to minimize the long distance that the path in the in the fpt So I'm not going to the details of how this is implemented the PGA. But just to give you a new idea off why the Iraqi Yahiko organization off the system becomes extremely important toe get good performance for simulator organizing mission. So instead of instead of getting into the details of the mpg implementation, I would like to give some few benchmark results off this simulator, uh, off the that that was used as a proof of concept for this idea which is can be found in this archive paper here and here. I should result for solving escape problems, free connected person, randomly person minus one, spin last problems and we sure, as we use as a metric the numbers >>of the mattress Victor products since it's the bottleneck of the computation, uh, to get the optimal solution of this escape problem with Nina successful BT against the problem size here and and in red here there's propose F B J implementation and in ah blue is the numbers of retrospective product that are necessary for the C. I am without error correction to solve this escape programs and in green here for noisy means in an evening which is, uh, behavior. It's similar to the car testing machine >>and security. You see that the scaling off the numbers of metrics victor product necessary to solve this problem scales with a better exponents than this other approaches. So so So that's interesting feature of the system and next we can see what is the real time to solution. To solve this, SK instances eso in the last six years, the time institution in seconds >>to find a grand state of risk. Instances remain answers is possibility for different state of the art hardware. So in red is the F B G. A presentation proposing this paper and then the other curve represent ah, brick, a local search in in orange and center dining in purple, for example, and So you see that the scaring off this purpose simulator is is rather good and that for larger politicizes, we can get orders of magnitude faster than the state of the other approaches. >>Moreover, the relatively good scanning off the time to search in respect to problem size uh, they indicate that the FBT implementation would be faster than risk Other recently proposed izing machine, such as the Hope you know network implemented on Memory Sisters. That is very fast for small problem size in blue here, which is very fast for small problem size. But which scanning is not good on the same thing for the >>restricted Bosman machine implemented a PGA proposed by some group in Brooklyn recently again, which is very fast for small promise sizes. But which canning is bad So that, uh, this worse than the purpose approach so that we can expect that for promise sizes larger than, let's say, 1000 spins. The purpose, of course, would be the faster one. >>Let me jump toe this other slide and another confirmation that the scheme scales well that you can find the maximum cut values off benchmark sets. The G sets better cut values that have been previously found by any other >>algorithms. So they are the best known could values to best of our knowledge. And, um, or so which is shown in this paper table here in particular, the instances, Uh, 14 and 15 of this G set can be We can find better converse than previously >>known, and we can find this can vary is 100 times >>faster than the state of the art algorithm and cp to do this which is a recount. Kasich, it s not that getting this a good result on the G sets, they do not require ah, particular hard tuning of the parameters. So the tuning issuing here is very simple. It it just depends on the degree off connectivity within each graph. And so this good results on the set indicate that the proposed approach would be a good not only at solving escape problems in this problems, but all the types off graph sizing problems on Mexican province in communities. >>So given that the performance off the design depends on the height of this other tree, we can try to maximize the height of this other tree on a large F p g A onda and carefully routing the trickle components within the P G A. And and we can draw some projections of what type of performance we can achieve in >>the near future based on the, uh, implementation that we are currently working. So here you see projection for the time to solution way, then next property for solving this escape problems respect to the prime assize. And here, compared to different with such publicizing machines, particularly the digital and, you know, free to is shown in the green here, the green >>line without that's and, uh and we should two different, uh, prosthesis for this productions either that the time to solution scales as exponential off n or that >>the time of social skills as expression of square root off. So it seems according to the data, that time solution scares more as an expression of square root of and also we can be sure >>on this and this production showed that we probably can solve Prime Escape Program of Science 2000 spins to find the rial ground state of this problem with 99 success ability in about 10 seconds, which is much faster than all the other proposed approaches. So one of the future plans for this current is in machine simulator. So the first thing is that we would like to make dissimulation closer to the rial, uh, GOP or optical system in particular for a first step to get closer to the system of a measurement back. See, I am. And to do this, what is, uh, simulate Herbal on the p a is this quantum, uh, condoms Goshen model that is proposed described in this paper and proposed by people in the in the Entity group. And so the idea of this model is that instead of having the very simple or these and have shown previously, it includes paired all these that take into account out on me the mean off the awesome leverage off the, uh, European face component, but also their violence s so that we can take into account more quantum effects off the g o p. O, such as the squeezing. And then we plan toe, make the simulator open access for the members to run their instances on the system. There will be a first version in September that will >>be just based on the simple common line access for the simulator and in which will have just a classical approximation of the system. We don't know Sturm, binary weights and Museum in >>term, but then will propose a second version that would extend the current arising machine to Iraq off eight f p g. A. In which we will add the more refined models truncated bigger in the bottom question model that just talked about on the supports in which he valued waits for the rising problems and support the cement. So we will announce >>later when this is available, and Farah is working hard to get the first version available sometime in September. Thank you all, and we'll be happy to answer any questions that you have.

(upbeat music) >> Narrator: From the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is the Cube Conversation. >> Welcome to this Cube Conversation. I'm Lisa Martin, excited to talk to the CEO of Styra, Bill Mann today. Bill, welcome to the Cube. >> Hi Lisa, how are you doing? >> I'm doing well. I should say welcome back. You've been on the Cube at a previous company, but we're excited to talk to you today about Styra, what's going on? So let's go ahead and start informing our audience who Styra is and what you do? >> Sure, so who Styra is and what do we do? So Styra is a company that's focused on reinventing policy and authorization in the cloud native stack. We're the company that created an open source project called Open Policy Agent, it's part of CNCF. And on top of Open Policy Agent, we built a control plane, a management plane to help organizations really put OPA into production and operationalized OPA. >> An OPA is Open Policy Agent. That's what the company actually developed with CNCF, correct? >> So, we actually founded Open Policy Agent and then we contributed Open Policy Agent to CNCF. And the real goal of contributing the Open Policy Agent to CNCF was we believe that we want to get authorization defacto in the market, right? And the only way to get something out there that everybody uses is to put it into the open source and having an entity like the CNCF supporting the project. So, really it's about getting everybody, all enterprises and vendors to use Open Policy Agent as a way of solving authorization for the cloud native environment. >> So you say Styra is reinventing policy and authorization for cloud native applications, your target audience, security folks, developer folks, what changes has cloud native brought to security and development teams? >> Sure, so what changes has cloud native brought to security and development teams? So fundamentally there've been three changes in the marketplace. One, as you know we're shifting from this monolithic architecture of building applications to now this new distributed architectures of kubernetes, microservices and Deep-coupled architecture. So fundamentally the way we build applications is fundamentally changed because everybody wants to have scale up and scale down and so forth. Second, the way we actually developed software, we've moved now to a DevOps model where we're doing more things earlier on in the cycle so we can innovate faster and we're producing code on an hourly basis versus when I joined the industry which was probably three releases a year. And then thirdly which is kind of a major topic that all of us kind of understand is our focus on privacy and security is higher than it's been before. And if these applications are going to be way more complex and more distributed and we're going to innovate faster than the way we focus on security and privacy has to be done differently as well. And if we don't do it differently, then we're going to have to all the breaches that we had in the previous generation of the app stack. >> And we don't want that, but you're right privacy and security are increasing concerns in any environment. How do you help address those and also with the thought of privacy and security are going to be concerned for quite a long time? >> Yeah, so let me take a step back. So how do we address privacy and security? So, at a fundamental level, authorization is a foundational part of security and authorization has never really been solved or re-imagined ever for the last 50 years or so. Every application developer or security vendor has built authorization into their own stack and done it in a very proprietary way. And it's been locked away within these applications and these stacks and so forth. So what happens now when you've got a highly distributed environment is that you've got so many moving parts, you still need to apply authorization. So, the way we've tackled it is by building Open Policy Agent. And there's three fundamental kind of tenants around Open Policy Agent that make it really ideal for this cloud native environment. Number one, it's policy as code and everything in the market now, everything is as code. You buy infrastructure as code. So this is now policy as code. So you can describe in a declarative model, how you want the policy for a system to be developed and you can use the language called Rego to do that. Second is the fact that all the cloud native projects out there which are all developed based upon open source technologies, kubernetes, microservices, envoy, SDO, cafco, all these kinds of buzzwords you hear in the marketplace, they all integrate with Open Policy Agent already. And then thirdly the architecture of Open Policy Agent is that it's distributed, which means that it's ideally suited for this distributed architecture for cloud native. And those are the three kind of characteristics of Open Policy Agent leading to developers loving it. And when I say they love it, we've got hundreds and thousands of users of Open Policy Agent. When you go to the CNCF shows co op con earlier this year and there's two more coming this year. There's many, many talks on it. You've got cloud vendors like Google and Microsoft adopting Open Policy Agent, got a lot of enterprises adopting Open Policy Agent. So, that's really fundamentally what we've built is we've built an authorization architecture for this new world to really address the security and privacy concerns, which have always existed and I'm going to be more exponential in this new world. >> And I think you've also built a community around OPA. Can you share a little bit of information about that and how they help with the co-development and even some of the other things that you're commercializing? >> Sure, yeah. So, now what have we done in from a community point of view with Open Policy Agents? So yeah, the community is a integral part of any open source project and we're lucky to have a great community. We've got a great community of enterprise users of Open Policy Agents and vendors as well, vendors like Microsoft and Google who are now contributing to OPA and building it up. And for me, the most important part of a community is that you learn how enterprises are using your software and they share ideas and they share use cases and you're able to innovate really, really fast. And what we've learned from that is the use cases that they use Open Policy Agent for, for instance, one of the major use cases for Open Policy Agent is for kubernetes Admission Control. So, essentially we can test the configuration of an application which is described in a file called YAML before it goes into production. So, think of it as pre-production tests, but companies are using it for microservices and applications and data and so forth. So, it helps us understand what they're using it for, but also we use it to help us develop our commercial product, which is the management control plane for OPA. So, we learn about what they're missing in the open source project that we can use to build our commercial product >> which is ready for enterprise use. >> So you've had a lot of success with OPA. Talk to me about Styra DAS and why the need for that? >> Sure, so why do we need Styra DAS recognizing that OPA is very, very successful. So, the fundamental difference is OPA is a very focused on developers and it's very focused on an environment for an individual node or cluster, but it doesn't have all the enterprise features necessary for a real enterprise to go into production. So what we notice is companies use OPA for pre-production, but when they want to go into production, they need a user interface. They need a way to author policies, distribute policies, monitor policies, do impact analysis and a whole bunch of other features and capabilities that are needed for enterprise deployments and so forth. So that's a fundamental difference between OPA and the commercial product. The commercial product is really operationalizing in OPA for an enterprise deployment. >> So the relationship between Styra and OPA seems very collaborative to me that what you just described with the commercial product of Styra DAS is really one that was developed based on what the OPA community and Styra have learned together? >> Correct, Yes. So, OPA was created by the CTO, the founders of the company saw early on several years ago, the need for distributed architectures and the need for unified policy so they left and created OPA. And from day one they wanted to get OPA into everybody's hands. That's why they contributed it to open source as part of CNCF. And then the next kind of strategy is to focus on the control apps aspects, the enterprise aspect. So yes, the same team that created OPA is the same team that's creating the Styra DAS commercial offering as well. >> So from the enterprise perspective, talk to me about some of the companies that you're talking to. I imagine any organization that's focused on cloud native, but any industry in particular that you see is really kind of leading edge right now? >> Yeah, so which industries are we talking to in terms of using Styra DAS and OPA? What we've actually found it's across the board. And we've seen in the early days that financial services and high tech were using OPA, but now it's really across the board. So it's all verticals really. And what we've noticed is any organization which is going through a cloud transformation project where they're either building new applications based upon cloud native app stacks like kubernetes and microservices and so forth or shift to the cloud are the companies that are also adopting OPA and the Styra DAS product, right? Because it's all part of the same solution set. And what we're noticing now and this is a fundamental difference is platform architects and developers are kind of prime to use these technologies. They learn about these technologies by going to the conferences and unlike the past which was very much top down selling from the sea level down, this is very much bottomed up. So developers learn about OPA from going to the conferences. They use it within their own environment and then they tell their management that, "Look, we're using OPA already. "We're missing these capabilities," or they come to us and we educate them about the Styra DAS product and so forth. So it's a very different sales model as well and that's why it's very important for ourselves and any open source company to really keep developers happy and provide a solution, that's meeting their requirements. >> On that side with so many of us and developers included working from home for the past nearly four months. We now are doing things like this virtual conversations, virtual events, how is Styra helping to continue to feed and educate those developers so that they can understand how you can impact their job functions and how they can then elevate you guys up the stack. >> Sure, so what's changed over the last three months or so in the market as a consequence of COVID-19 and from an educational point of view. So, what we've seen is fundamentally in the early days of COVID-19 everybody was kind of get the head around how to work from home and so forth, but what we've seen across the all verticals is developers have now really focused on educating themselves and just as a data point and the audience that we get to the OPA website is as high as it's ever been for the last three months. And what we're doing as a company is a lot of training sessions, video content, write-ups, blogs and so forth, right? And really helping the community learn about OPA and how to solve these kind of fundamental problems around policy and authorization within the environment. We've also been helped by the community as well. So there's been talks about a number of companies, Microsoft, Google, Palo Alto had a talk and many many companies are talking about OPA now and I love it because ultimately being an open source company and building a project which we want to become defacto, we want to raise the bar for security across the world, right? And if we can do that then it's going to be an achievement for us and it's very gratifying knowing that we're really fixing security problems for organizations because ultimately we always want to be able to use an application or a banking service and not worry about privacy and security concerns and that's ultimately what we're all after. But this is such a fundamental component that once we want to have developers learn this now because if they can incorporate this into the DevOps app stack then in future years when these applications are built and they're exposed there'll be more secure. >> And so it sounds like maybe there's even more engagement now during COVID when everybody is at home. Tell me about some of the things that are coming down the pipe for Styra in light of all of this exciting collaboration with the community. >> Sure, yeah. There's definitely been way more collaboration as a consequence of COVID-19. People are at home and they're focusing and they're going through learning sessions and browsing the website going through the video content and so forth. So what we're engaging as much as we have ever been, in fact I would argue that we're engaging even more so now, because it's just a different environment to work in. And what we're focused on now is really adding more features to the Styra DAS product, just to step back for a second, Open Policy Agent works across the cloud native stack and Styra DAS has been focused first on the kubernetes use case and now it also supports microservices as well. And then what we're continuing to do is add more of those enterprise features into Styra DAS and move up and up across the stack. But it is all driven by developers that we're talking to on a daily basis and that's leading to where the project is moving forward and the development for the roadmap and so forth. >> And Styra DAS was only launched in 2019, is that correct? >> 2019 yes, that's correct. That's correct. Yes, time flies, right? So, yes. >> A lot of change and a lot of development in a short period of time. >> That's right and 2019 was a big year for us, right? We started last 2019 with a soft launch at the RSA conference and we finished 2019 with series a funding led by Xcel. And yeah, it's great to see how the commercial product has been gaining traction in the marketplace as well as OPA as well and I think it's a combination of events. One, the fact that cloud native is now really well understood. Second, the fact that kubernetes at the beginning of 2019, it was still, "What does kubernetes mean, "is it going into production?" Now kubernetes is absolutely going into production and there's such a desire for organizations to make sure that security and policy and compliance are resolved before applications go into production otherwise we're going to have the same kind of challenges we had with previous app stacks. >> Well, the momentum is certainly with you. I can definitely hear that in your voice bell. Thank you so much for joining me talking about Styra, how you're reinventing policy and authorization for cloud native applications. >> Thank you, Lisa. >> For my guest Bill Mann, I'm Lisa Martin. You're watching the Cube Conversation. Thanks for your time. (upbeat music)

(upbeat music) >> Narrator: From the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is the Cube Conversation. >> Welcome to this Cube Conversation. I'm Lisa Martin, excited to talk to the CEO of Styra, Bill Mann today. Bill, welcome to the Cube. >> Hi Lisa, how are you doing? >> I'm doing well. I should say welcome back. You've been on the Cube at a previous company, but we're excited to talk to you today about Styra, what's going on? So let's go ahead and start informing our audience who Styra is and what you do? >> Sure, so who Styra is and what do we do? So Styra is a company that's focused on reinventing policy and authorization in the cloud native stack. We're the company that created an open source project called Open Policy Agent, it's part of CNCF. And on top of Open Policy Agent, we built a control flame, a management plane to help organizations really put OPA into production and operationalized OPA. >> An OPA is Open Policy Agent. That's what the company actually developed with CNCF, correct? >> So, we actually founded Open Policy Agent and then we contributed Open Policy Agent to CNCF. And the real goal of contributing the Open Policy Agent to CNCF was we believe that we want to get authorization defacto in the market, right? And the only way to get something out there that everybody uses is to put it into the open source and having an entity like the CNCF supporting the project. So, really it's about getting everybody, all enterprises and vendors to use Open Policy Agent as a way of solving authorization for the cloud native environment. >> So you say Styra is reinventing policy and authorization for cloud native applications, your target audience, security folks, developer folks, what changes has cloud native brought to security and development teams? >> Sure, so what changes has cloud native brought to security and development teams? So fundamentally there've been three changes in the marketplace. One, as you know we're shifting from this monolithic architecture of building applications to now this new distributed architectures of kubernetes, microservices and Deep-coupled architecture. So fundamentally the way we build applications is fundamentally changed because everybody wants to have scale up and scale down and so forth. Second, the way we actually developed software, we've moved now to a DevOps model where we're doing more things earlier on in the cycle so we can innovate faster and we're producing code on an hourly basis versus when I joined the industry which was probably three releases a year. And then thirdly which is kind of a major topic that all of us kind of understand is our focus on privacy and security is higher than it's been before. And if these applications are going to be way more complex and more distributed and we're going to innovate faster than the way we focus on security and privacy has to be done differently as well. And if we don't do it differently, then we're going to have to all the breaches that we had in the previous generation of the app stack. >> And we don't want that, but you're right privacy and security are increasing concerns in any environment. How do you help address those and also with the thought of privacy and security are going to be concerned for quite a long time? >> Yeah, so let me take a step back. So how do we address privacy and security? So, at a fundamental level, authorization is a foundational part of security and authorization has never really been solved or re-imagined ever for the last 50 years or so. Every application developer or security vendor has built authorization into their own stack and done it in a very proprietary way. And it's been locked away within these applications and these stacks and so forth. So what happens now when you've got a highly distributed environment is that you've got so many moving parts, you still need to apply authorization. So, the way we've tackled it is by building Open Policy Agent. And there's three fundamental kind of tenants around Open Policy Agent that make it really ideal for this cloud native environment. Number one, it's policy as code and everything in the market now, everything is as code. You buy infrastructure as code. So this is now policy as code. So you can describe in a declarative model, how you want the policy for a system to be developed and you can use the language called Rego to do that. Second is the fact that all the cloud native projects out there which are all developed based upon open source technologies, kubernetes, microservices, envoy, SDO, cafco, all these kinds of buzzwords you hear in the marketplace, they all integrate with Open Policy Agent already. And then thirdly the architecture of Open Policy Agent is that it's distributed, which means that it's ideally suited for this distributed architecture for cloud native. And those are the three kind of characteristics of Open Policy Agent leading to developers loving it. And when I say they love it, we've got hundreds and thousands of users of Open Policy Agent. When you go to the CNCF shows co op con earlier this year and there's two more coming this year. There's many, many talks on it. You've got cloud vendors like Google and Microsoft adopting Open Policy Agent, got a lot of enterprises adopting Open Policy Agent. So, that's really fundamentally what we've built is we've built an authorization architecture for this new world to really address the security and privacy concerns, which have always existed and I'm going to be more exponential in this new world. >> And I think you've also built a community around OPA. Can you share a little bit of information about that and how they help with the co-development and even some of the other things that you're commercializing? >> Sure, yeah. So, now what have we done in from a community point of view with Open Policy Agents? So yeah, the community is a integral part of any open source project and we're lucky to have a great community. We've got a great community of enterprise users of Open Policy Agents and vendors as well, vendors like Microsoft and Google who are now contributing to OPA and building it up. And for me, the most important part of a community is that you learn how enterprises are using your software and they share ideas and they share use cases and you're able to innovate really, really fast. And what we've learned from that is the use cases that they use Open Policy Agent for, for instance, one of the major use cases for Open Policy Agent is for kubernetes Admission Control. So, essentially we can test the configuration of an application which is described in a file called Yammer before it goes into production. So, think of it as pre-production tests, but companies are using it for microservices and applications and data and so forth. So, it helps us understand what they're using it for, but also we use it to help us develop our commercial product, which is the management control plane for OPA. So, we learn about what they're missing in the open source project that we can use to build our commercial product which is ready for enterprise use. >> So you've had a lot of success with OPA. Talk to me about Styra DAS and why the need for that? >> Sure, so why do we need Styra DAS recognizing that OPA is very, very successful. So, the fundamental difference is OPA is a very focused on developers and it's very focused on an environment for an individual node or cluster, but it doesn't have all the enterprise features necessary for a real enterprise to go into production. So what we notice is companies use OPA for pre-production, but when they want to go into production, they need a user interface. They need a way to author policies, distribute policies, monitor policies, do impact analysis and a whole bunch of other features and capabilities that are needed for enterprise deployments and so forth. So that's a fundamental difference between OPA and the commercial product. The commercial product is really operationalizing in OPA for an enterprise deployment. >> So the relationship between Styra and OPA seems very collaborative to me that what you just described with the commercial product of Styra DAS is really one that was developed based on what the OPA community and Styra have learned together? >> Correct, Yes. So, OPA was created by the CTO, the founders of the company when the team was actually part of Nicira and they left Nicira which got acquired by VMware and so on early on several years ago, the need for distributed architectures and the need for unified policy so they left and created OPA. And from day one they wanted to get over into everybody's hands. That's why they contributed it to open source as part of CNCF. And then the next kind of strategy is to focus on the control apps aspects, the enterprise aspect. So yes, the same team that created OPA is the same team that's creating the Styra DAS commercial offering as well. >> So from the enterprise perspective, talk to me about some of the companies that you're talking to. I imagine any organization that's focused on cloud native, but any industry in particular that you see is really kind of leading edge right now? >> Yeah, so which industries are we talking to in terms of using Styra DAS and OPA? What we've actually found it's across the board. And we've seen in the early days that financial services and high tech were using OPA, but now it's really across the board. So it's all verticals really. And what we've noticed is any organization which is going through a cloud transformation project where they're either building new applications based upon cloud native app stacks like kubernetes and microservices and so forth or shift to the cloud are the companies that are also adopting OPA and the Styra DAS product, right? Because it's all part of the same solution set. And what we're noticing now and this is a fundamental difference is platform architects and developers are kind of prime to use these technologies. They learn about these technologies by going to the conferences and unlike the past which was very much top down selling from the sea level down, this is very much bottomed up. So developers learn about OPA from going to the conferences. They use it within their own environment and then they tell their management that, "Look, we're using OPA already. "We're missing these capabilities," or they come to us and we educate them about the Styra DAS product and so forth. So it's a very different sales model as well and that's why it's very important for ourselves and any open source company to really keep developers happy and provide a solution, that's meeting their requirements. >> On that side with so many of us and developers included working from home for the past nearly four months. We now are doing things like this virtual conversations, virtual events, how is Styra helping to continue to feed and educate those developers so that they can understand how you can impact their job functions and how they can then elevate you guys up the stack. >> Sure, so what's changed over the last three months or so in the market as a consequence of COVID-19 and from an educational point of view. So, what we've seen is fundamentally in the early days of COVID-19 everybody was kind of get the head around how to work from home and so forth, but what we've seen across the all verticals is developers have now really focused on educating themselves and just as a data point and the audience that we get to the OPA website is as high as it's ever been for the last three months. And what we're doing as a company is a lot of training sessions, video content, write-ups, blogs and so forth, right? And really helping the community learn about OPA and how to solve these kind of fundamental problems around policy and authorization within the environment. We've also been helped by the community as well. So there's been talks about a number of companies, Microsoft, Google, Palo Alto had a talk and many many companies are talking about OPA now and I love it because ultimately being an open source company and building a project which we want to become defacto, we want to raise the bar for security across the world, right? And if we can do that then it's going to be an achievement for us and it's very gratifying knowing that we're really fixing security problems for organizations because ultimately we always want to be able to use an application or a banking service and not worry about privacy and security concerns and that's ultimately what we're all after. But this is such a fundamental component that once we want to have developers learn this now because if they can incorporate this into the DevOps app stack then in future years when these applications are built and they're exposed there'll be more secure. >> And so it sounds like maybe there's even more engagement now during COVID when everybody is at home. Tell me about some of the things that are coming down the pipe for Styra in light of all of this exciting collaboration with the community. >> Sure, yeah. There's definitely been way more collaboration as a consequence of COVID-19. People are at home and they're focusing and they're going through learning sessions and browsing the website going through the video content and so forth. So what we're engaging as much as we have ever been, in fact I would argue that we're engaging even more so now, because it's just a different environment to work in. And what we're focused on now is really adding more features to the Styra DAS product, just to step back for a second, Open Policy Agent works across the cloud native stack and Styra DAS has been focused first on the kubernetes use case and now it also supports microservices as well. And then what we're continuing to do is add more of those enterprise features into Styra DAS and move up and up across the stack. But it is all driven by developers that we're talking to on a daily basis and that's leading to where the project is moving forward and the development for the roadmap and so forth. >> And Styra DAS was only launched in 2019, is that correct? >> 2019 yes, that's correct. That's correct. Yes, time flies, right? So, yes. >> A lot of change and a lot of development in a short period of time. >> That's right and 2019 was a big year for us, right? We started last 2019 with a soft launch at the RSA conference and we finished 2019 with series a funding led by Xcel. And yeah, it's great to see how the commercial product has been gaining traction in the marketplace as well as OPA as well and I think it's a combination of events. One, the fact that cloud native is now really well understood. Second, the fact that kubernetes at the beginning of 2019, it was still, "What does kubernetes mean, "is it going into production?" Now kubernetes is absolutely going into production and there's such a desire for organizations to make sure that security and policy and compliance are resolved before applications go into production otherwise we're going to have the same kind of challenges we had with previous app stacks. >> Well, the momentum is certainly with you. I can definitely hear that in your voice bell. Thank you so much for joining me talking about Styra, how you're reinventing policy and authorization for cloud native applications. >> Thank you, Lisa. >> For my guest Bill Mann, I'm Lisa Martin. You're watching the Cube Conversation. Thanks for your time. (upbeat music)

>> Announcer: Live from San Diego, California, it's theCUBE! Covering KubeCon and CloudNativeCon. Brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome back. I'm Stu Miniman, my cohost, John Troyer, and this is theCUBE's fourth year of coverage of KubeCon, CloudNativeCon 2019. We're in here San Diego and happy to welcome to the program a first-time guest, Amr Abdelhalem, who is the head of Cloud Platforms at Fidelity Investments. Of course, Fidelity, we love talking to an end user. Big financial company. Your boss was up on the main stage in front of 8000 people, just in that room, there's over 12,000 here in person. Fidelity itself, you know, founded in 1946, first computers in 1965. In the last year, you've now got over 500 applications running in the public cloud, and Fidelity also joined the CNCS. So let's start there, Amr, if we would. Just kind of how does Fidelity look at kind of Kubernetes and CNCS? How does that fit into your company's mission? >> Absolutely, I mean thank you so much for inviting me here. Innovation in Fidelity is, a big part of the process. We're very focused at this time in cloud computing and machine learning, NEI technology. We had the first financial robot in 2015, I believe. We have the first augmented reality financial advisor, was actually released this year as a prototype. So a part of that innovation, we're seeing, CNCF and cloud computing and Cloud Native, is keys for strategy for our innovation part. >> All right, maybe if you could, give us a little bit of the breadth and depth of your team, what they cover, cloud platforms. What does that mean inside of Fidelity? >> Sure, so Fidelity had over, like, over 10,000 of IT. Hundreds and hundreds of develop teams, thousands of applications. It's globally distributed. It had all kind of workloads, that you can imagine. And it's in a highly regulated environment as well. And that's where we are seeing that we are all looking for this autonomy between teams, and agility, and improved time to market and customer experience. And the key for that is Cloud Native. We're seeing Kubernetes and CNCF and Cloud Native technology is like a key player for us when we go, multicloud to hypercloud model. >> Can you talk a little bit about more into that portfolio of technologies? You know, there's a lot of talk about public cloud verses on-prem, and, as if one thing is going to, one knife is going to be the only thing you need in your kitchen. >> Amr: Right. >> So you have a portfolio of platforms, you have a portfolio of destinations and a portfolio of applications. Can you talk a little bit, both about what you're using, and maybe how you're organized to access and address all those needs? >> Absolutely. So, I think, 2019, I would say, is the year of multicloud-hypercloud modeling, right? Actually, I would say that 2020 is going to more about distributed cloud, where you can distribute your workload across multicloud providers. We're not there yet. I don't think we're, anyone, is there yet. But at least we should start somewhere. We already has this multicloud providing. Distributing the workload itself between, I mean, it's a journey to move thousands of applications and thousands workloads and data as well, between on-premises data centers to a public cloud. You need to move through this journey of hypercloud models. And be able to move apps slowly and aggressively to other apps. >> All right. Amr, I want to dig into what you talked about there, multiclouds. >> Sure. >> So when you talk about multiple clouds, yes, everybody has that. I've got, walk us through a little bit, you know, where you have workloads and how many public clouds you use in life, but I want to set you up with a premise. You know, we really said, for multicloud to really be a reality-- >> Amr: Right. >> The value that you extract should be greater than the sum of its parts. And most of us lived through the multi vendor years, and that wasn't necessarily happiness and joy, when I had to span between those environments. So how do we make sure that multicloud doesn't become the least common denominator or a detriment to what I need to do with my data, my applications, the value that the company has? >> And that's why we are here. We are actually incorporated at Kubecon for that reason. That where we see this abstract layer that guarantee you the portability for moving your application from one cloud provider to another. That capability of the ability to deploy the same workload into multiclouds, the ability to have the workload itself, managed in different characteristic, next to assess services that you will find in AWS via Azure, via Google Cloud, the others. That's were we need that flexibility, and Kubernetes and Cloud Native itself, the ability to have the same deployable structure for your application, the ability to have the same ecosystem around that construction, around that artifact. The ability to move all of that, as-is, from one cloud provider to another cloud provider is big, big key. And that you can only find with script native. >> All right, Amr, can you share which cloud or clouds you're working on today, and what is your roadmap, do you have a timeline to when that vision becomes reality? >> At this moment, we're with a major cloud provider keys that, you guys can name them, all the colors. >> Stu: You're using all of them, okay. >> All the colors. >> And how are you using Kubernetes today? Where are you in that journey? >> So Kubernetes is mainly, I mean, I would say the majority is still running on premise. We are very intensively moving to public cloud in the Kubernates side. At this moment, actually, we're building an offer, inside my team, which is a cloud platform team. That offer will guarantee that portability between all the cloud provider. So for development team to port our platform, it will be kind of seamless for them, where it's going to land, is it going to be landing in AWS or Azures or on premise. >> Okay, joining the CNCF as a member, bring us inside. I understand the journey. Are there any specific goals you have? How do you measure the investment, and what you're hoping to, both as a company as well as part of the community, get out of it? >> So we have a big hold right now and opensource our project our little project about multiclouding, and our focus is mainly about the high regulation part. We're very focused in compliance and security, and in that way we can, I think, we can contribute back to the open source community around that. >> So Amr, you talked about, you know, we talked about the platforms here, and Kubernetes, but that goes hand-in-hand with the culture, and the up-skilling, and the organization and the processes. What intrigued me is you said, well, we put some things on Kubernetes on-prem, and then, and you know some things in the cloud, but then we're going to move some of those apps over time, we'll move to other appropriate homes. So that implies that you've changed process and you've changed, or maybe to be able to build cloud native apps, and that was actually separate, in some cases, from being in the public cloud. Is that the case, can you talk a little bit about how you've approached from the perspective of people who are listening or watching who are IT admins, and wondering how a company, a major organization, like your org, gets there? >> Right, and this is a main challenge. The challenge is not in the technology side itself, or the tools, that seems a majority there in the ecosystem at this moment. The challenge is mainly building the sculpture inside teams. So we're building many like, star-point or COEs across all of our business unit and all of our teams. And again, to build a sculpture across 10,000 developers plus, that's a major. >> And it's funny, because sometimes people go, well, COE is a dirty word, right, don't do a COE, but you said multiple COEs distributed across. >> So it's like nuclear reaction, our COEs, the first one, that will communicate with few COEs, each one of them would be with other COEs, and that's how that chain will go and expand quite quickly. >> All right. >> And this is happening at this moment. >> So, Amr, I have a few friends that this is the first time that they've come, and they go into the keynote, or they look at the schedule, and they're a bit overwhelmed. >> Amr: Right >> They say, it's not just Kubernetes, there's dozens and dozens of projects. The ecosystem is sprawling. If you could, give us a little walkthrough as to, the projects you're using, any key partners that you're allowed to talk about that are useful in helping you to achieve your mission. >> So, we're very focused at this moment, actually, in the Kubernetes project itself. We start exploring some of the open source project and in the CICD part, additional to that, we are starting using few frameworks like Flux, this is one of the frameworks like GitOps in general, building this culture of GitOps deployment, and moving toward, like, more ops of deployment, that's one of areas that we are very invested in. We're exploring service mesh at this time, and I hope like, we're going to get, like, maybe next year we can talk about service mesh more. >> Yeah, is there something that's holding you back on service mesh, 'cause there's a few options out there at various maturity levels, and who's driving them. What will some of your criteria be? >> I would say it's mainly, I'm waiting little bit more, I feel like 214 for me, when we had that discussion, instead of sitting here, 214, you will be discussing Mesos via Kubernetes via Swarm. So I think we are still moving at this time, service mesh as well. >> Any partners that you can speak to from a technology standpoint that are helping you, that you're allowed to talk about? >> Amr: Well, I mean, first of all CNCF. >> Yeah. >> I greatly appreciate all their help in that. Most of the public cloud providers are helping us in this areas as well, yeah. >> I'll be interested in catching you after the show and seeing how you thought, I mean this is, in some ways, it's a science project a few years ago, and now it's this robust thing. Did you bring, I'm curious, did you bring mostly engineers, mostly managers, a mix of the two? >> Amr: Mostly engineers, yeah, mostly engineers. >> Hands on? >> All hands on, I mean, this is like another change in culture right now, where most of our engineers are in innovation, like, they are full stack engineers. We're using VDI process at this moment, to move forward. All our road maps, in turn, have been published, it's being used like evolving process, to go, like, with continuous deployment, and continues feature enhancement for the teams. So it's fantastic honestly, yeah. >> Okay, Amr, what things does your team hope to achieve this week, anything that is on your roadmap, or on the public open source road map that you're waiting on? We talked a little bit, service mesh? >> We're definitely exploring OPA at this moment. I think that's like, that's big potentials there. So that's one of them, yeah. I think going through that showroom and try to see what option we have as well, that's on the area where we going to be very interested at. >> OPA, the Policy Agent, I mean, you talked about compliance before >> Yeah. >> A few years ago, with folks in the financial industry, you would have some arguments, some discussions, sometimes heated discussions about security in the cloud and et cetera and highly regulated industry, yet, kind of, maybe ironically or somewhat, maybe surprisingly for some, right? Very advanced in many areas, the whole industry. That's well known if you're in it. Do you still have to have discussions about compliance and security in the cloud? Maybe, I guess, maybe when you talk about data locality and international borders more? >> Right, and that's why we already have our own policy management tool, which is built in, we build it ourself, and that's where I see the potential, like, our moving from building it yourself to more of using an open source project and try to reuse it and contribute back to that open source community, like something like OPA, for example. So that's the next generation, where I can see it will help us as well. >> Amr, any advice you'd give your peers out there, if they're new to the community? Things you've learned along the journey so far? >> I would say start small, don't boil the ocean. Start with small COEs, small pilots program. Look for success, look for goals. Technology is great, but don't just move toward technology, because it's a moving target, it will never end. Try to set business goals for you, like targets for your project, and that's how you can achieve success. >> Well, Amr, really appreciate you sharing Fidelity's update. >> Thank you. >> Wish you and your team the best of luck here at the show and beyond, and we definitely hope to catch up soon. >> Thank you, I appreciate it. >> All right, for John Troyer, I'm Stu Miniman, be sure to checkout theCUBE.net for all of the coverage of this, as well as all the cloud, Cloud Native, and more shows that we have. Thank you for watching theCUBE. (upbeat electronic music)