>>We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. >>Hey, good morning Davis. Nice to meet, Meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so a few years ago IT security and an enterprise was primarily putting a wrapper around the data center because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the one small enough control today with the distributed data, intelligent software, different systems, multi-cloud onement and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's, you know, data driven world, it operates everywhere. And that has created and accessed everywhere so far from, you know, the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a wrap around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the entire enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying, or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape, primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you're thinking about securing network infrastructure, when you are looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say, rules for that metal in a role based access control, whether you are security admin or a network admin or a storage admin. >>And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. We talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get und desired results in terms of, say validation of the images. It's, it needs to be done through in digital signature. So, so it's important that when you're talking about say, software integrity, A, you are ensuring that the platform is not compromised, you know, is not compromised, and B, that any upgrades, you know, that happens to the platform is happening through validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i, I think response, but please continue. >>Yeah, so you know, the third myth about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different. You know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And this are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It prides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like say segmentation isolated segments, I know via vrs or, or some micro segmentation via partners, this allows various level of security for each of those segments. >>So it's important, you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? You know, there are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. >>If you look at say that you know the different pillars of a zero touch architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trusted platform in a trusted platform models tpms on certain offer products and you know, the physical security know, plain, simple old one lab port enabled from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. If you look at say a transport and a session trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain or telenet or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority based certification. >>And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the VGP peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here in now, you know, it's, it's typical that if you don't have a contra plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. >>And I did talk about, say the digital signature and the cryptographic checks and that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about say multitenancy aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift a vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz sec op teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our portfolio, >>It enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the anti fabric and you know, from a deployment and you know, the management of the network infrastructure, there are simplicities, you know, using, you know, like Ansible s for Sonic for example, are, you know, for a better or settle and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and awareness and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NAS is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center. You now right up to the edge. Now if you look at our north from a smart traffic voice 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment day zero. I mean rather day one, day two deployment expansion plans and the life cycle management of our conversion infrastructure and hyper and hyperconverge infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature in know prior to any upgrade process. And if you are looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control that pretty do attacks and say access control from multifactor authentication. >>We do have various tech hacks for entry control to the network and things like CSAC and P IV support, you know, from a federal perspective, we do have, say logging wherein, you know, any event, any auditing capabilities can be possible by say, looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say networks, you know, say network separation and you know, these, you know, separation, you know, ensures that that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone. And you know, this can be implemented by a, the micro segmentation, you know, just a plain old wheel are using virtual route of framework vr, for example. >>A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in, in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the Cube, your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>> Robert: It feels like we're talking because it's boring TV. Tech people love tech. Consumers love the benefit of tech. No consumer opens up their iphone and says oh my gosh, I love the technology behind my iphone. >> What's it been like, being on the Shark Tank? >> You know filming is fun and hanging out is fun and it's fun to be a celebrity at first. Your head gets really big and you get really good tables at restaurants. >> Who says tech isn't got a little pizazz. >> Voiceover: More skin in the game. In charge of his destiny, Robert Herjavec is Cube Alumni. Live from Santa Clara, California, it's the Cube covering Open Networking Summit 2017. Brought to you by the Linux foundation. >> Hey, welcome back everybody, Jeff Rick here with the Cube. We're at the open networking summit 2017 in Santa Clara, California. I think it's the fourth year of the conference. We've been coming for a long time. It's pretty amazing, a lot of transformation is happening as this project moves from the conversational to the testing to actual. A lot of deployments being talked about in the keynotes. So happy to have Scott Raynovich joining me again. >> Pleasure as always, thank you. >> Did you have a good night last night? >> Excellent. >> Alright, super. Super guest Drew Schulke, he is the vice president of converged networking at Dell EMC. Drew, Welcome. >> Thanks, thanks for having us. >> You've been busy at this show. You're doing panels, you're doing keynotes, they're working you. >> It's been a bit of a whirlwind going on thus far. Yeah, I had a keynote talk on economic and organizational impacts of open networking, which went really, really well. A lot of great questions from the audience, really insightful questions on that. Have met with folks like yourself, some other folks in the media, some analysts, talking to some customers which is always nice to have. We'll close it out tomorrow with one of the keynotes. A panel discussion on the role of open source and moving to 5G where I'll be participating with some folks from Intel and Ericsson. I'm looking forward to that, but yeah, definitely a whirlwind week. >> So before we get into some of the specifics, just your general impressions as to how this thing has evolved over time. Impressions of this show this year. >> Yeah, great question. I think the thing that struck me the most this year was the amount of customers coming in and actually talking about putting a lot of the things we've been talking about at this summit for several years into production environments and seeing results out of it. Some great keynotes last night by some folks, Amadeus in the travel industry and talking about their journey actually moving things into production, I thought was fabulous. Which gives people a vision of what really is possible and moving these out of the theoretical and here's the vision, the strategy into here's how you can actually get things done and getting into results. Ultimately, when you put things into production, that's how you ultimately learn and refine things over time. It's a great move forward for us. >> Awesome, so on the economics and organizational impact of open networking, your keynote. What are some of those really key economic drivers that you outlined in that conversation? >> Yeah, great question. You can kind of break it into a capex and an opex discussion. On the capex side, what we've seen is this whole open networking model is built on merchant silicon and the commoditization of hardware, which may sound like okay, that's a bad thing. Well no, it's really, really good because what it's doing is it's allowing all of us to take the benefits of huge volume and scale that's going on. From the biggest cloud providers down to the enterprise, as we move into this hardware model that's based upon merchant silicon and more standard network designs that are capable of supporting multiple OS's, we all benefit from the economies of scale that go in that. We can amortize R&D investments over a larger number of things. That's all goodness, so there's a huge tailwind on the capex side. On the opex side, as we start to disaggregate the network stack and focus on the individual layers, it creates a different operational model that allows for a high degree of automation. One of the things that we brought up in the session was contrasting a study from 2013 where the typical enterprise network admin was controlling about 300 ports. That was the breadth of support that they had back in 2013. That same year, Facebook came out and said an individual operator can support up to 20,000 servers. It's not like they're just super humans. What happened in there was a level of automation. That's a key ingredient of our open networking strategy, is driving that automation. That's where you get true economies of scale on the opex side. Those are the main points on that one. >> Jeff: Yeah, good ones. >> So Drew, one of the themes we've seen here is that the Linux foundation has done a good job of consolidating some of the open source technology and putting them in the same place so we can all track them and figure out what's going to happen. You just told us about Dell donating some of your code to the Linux foundation. >> Drew: Correct. >> Why don't you explain how you made that decision and what you think it's going to do for your customers. >> Yeah absolutely, as a little bit of context, what we see happening in terms of networking software is one, it's become decoupled from the hardware. That's already done right now. But even when we start to look at the software side, we think there's more disaggregation possible. We can peel apart the layers of what currently is a network operating system today and create a based operating system upon which several different companies can come in and put in what at that point becomes applications on top of it to do things like an L2, L3 stack, or to do MLAG, or tapping, or anything like that. It creates an ecosystem similar to what we had with servers 20 years ago, where I've got an operating system that basically keeps the box running. Then I've got applications which are really the magic on top of it. That's sort of the context. What we donated was that base OS. We've worked on something called OS 10. We have an open edition of it which you can go out to the web and download for free today and start playing around with it. It's an unmodified Linux kernel currently based on the Debian distribution which we believe will serve as a solid foundation for that evolving network and ecosystem going forward. Linux foundation agreed with that and accepted our donation of that to be the foundation of the open switch project, which was talked a little bit about at this particular summit as well. We couldn't be happier to be working with the Linux foundation on the open switch project. Look forward to getting even more of the ecosystem working on that with someone like the Linux foundation behind it to build a very, very capable stack which ultimately benefits all of our customers at the end. >> Where will we see this code go into? What types of products and what markets? Is it NFE for telecom? Is it cloud servers? Where are we going to see this stuff? >> The wonderful thing about it is the answer is all of the above. That's the flexibility of it. Think of it as this way, which is maybe you have a telecom network that's focused on something like MPLS. A company that has a lot of good IP around MPLS can then write an application that can run on that base operating system giving the customer the ability to pick that specific application without having to worry about dragging on an operating system and hardware that may not be what they want. That's the telecom use case. Maybe it's a big cloud provider that has some very specific needs around an L2, L3 stack. Maybe they even have their own IP around that that they want to build on top of this OS. We've really opened up the degrees of freedom in that space across all of those industries. I certainly think where we see the early adopters and starting from that OS 10 base solution today, will be more in the telco service provider and in the cloud space, just because of the level of scale and what it is that they can benefit out of this level of flexibility. >> Excellent. >> There had to be some detractors before you open sourced this. I'm just curious, the conversation in the room about should we or should we not open source this project and take it out to the Linux foundation? What was ultimately the decision that pushed it out the door? >> Yeah, we had been working with some other open source based projects for a couple of years already, so there was a comfort level internally. But what we saw, I think going on in the networking space, was heavily influenced by what we saw going on in the server space 20 years ago when client server hit the scene. That stack became massively disaggregated. The folks who tried to keep these things stitched together into monolithic silos ultimately weren't successful. Either had to change their strategy, or drifted off into the sunset. We certainly was influenced by that history and looking forward at what we saw happening in this space. I'd say as well looking at a lot of the innovation coming out from open source projects and start ups in this space as well, doing some new and exciting things in networking. There was a big keynote yesterday and the panel discussion where a venture capitalist starting talking about, hey networking's cool again. I couldn't agree more where we're seeing startups come in and do really interesting things really, really well. What we're trying to do is create a model where those startups don't have to develop their own operating system and develop their own hardware and then all the management tools that go on top of it. Let them focus at what they're good at, which is a certain piece of IP. Let us work through things like the open networking foundation to drive disaggregation of the stack, making them successful. >> It's an interesting way too to build your community almost indirectly if you will. It's not like you have to sign a bunch of partner agreements and you can't keep track of all these startups and all your alliance people running around. But by putting it into the open source, especially with the Linux foundation just automatically, you're exposed to all these different types of new companies and innovations and that exposure goes both ways. >> Drew: Absolutely. >> It's a really cool trend, where we're seeing these big companies donate parts of these things into this formal situation that is the Linux foundation so it has a home and a place to live and grow. >> Absolutely. >> I want to shift gears a little bit. Today's keynote is about 5G. A lot of talk about 5G, mobile world congress is all about 5G but some people saying wait, it's not here yet, it's far out. But clearly, I think the message this morning from Sandra and also on the Cube yesterday is it's coming, but you don't just turn it on one day. You got to put all the pieces in place. What's Dell EMC's perspective on 5G? Where are you guys on this journey? >> For us in terms of where we play at an infrastructure level in the data center, for us, the key step right now is to get to this model where we can decouple function from location. Which is what the telecoms and the mobile networks have been trying to do through things like NFV. What we've been trying to do is help them on that journey long before we even get to the point where 5G is knocking at the door. Working with them today to put in the right infrastructure capable of supporting highly virtualized workloads and also capable of supporting a variety of different software defined networking solutions. If you get those components right, you're setting yourself up with a really good foundation for 5G. If 5G gets here and you haven't decoupled function and location yet in terms of your infrastructure or strategy that's going to be a tough one. What we're trying to do is shepherd that along and move that as fast as we can right now. >> We got Dell EMC World coming up pretty soon right? >> That's right, I hope to see you guys there. >> Previews of this? What can we expect to see? >> It will be interesting. This is the first time that as a combined company we're doing this event in Vegas. We had a preview in October as a newly closed transaction. This will have the full force effect of the combined Dell EMC firm coming together to put on a great show. Looking forward to it. Huge venue, I know you guys play a prominent role there. I'm hoping to see you guys there as well. Yes, there will be lots of announcements. I'm not going to go get myself in trouble by saying what any of those are four weeks in advance of when that's going to happen. >> No hints or anything. >> No hints, but certainly on the networking side, you'll hear a couple of announcements from us in terms of new products that we'll be talking about and stay tuned. >> I'll ask you the softer way to get to the same answer, but I know you're not going to give me the answer, but looking forward, 2017 what are some of your priorities top of mind that you guys are working on where if we see you a year from now, you'll report back that here's what we did in 2017? >> Clearly, this OS 10 strategy that we have, building upon this base is going to be key for that. Continuing to support the donations that we've made through the Linux foundation and Open Switch. Bringing in additional partners to develop on top of that to get their IP ready to be able to take advantage of that will be a key focus for us. But as well, there's some key networking speed transitions coming up that you got to keep pace with from a road map perspective, so you'll probably hear some things about that. Then as well just thinking from a Dell EMC perspective, as we look at how our portfolio as a company is evolving, a big shift toward software defined storage models, converged infrastructure, hyperconverged infrastructure. On the networking side, we're clearly trying to do everything we can to position ourselves to be a value add in any of those solutions today. That'll be the hint of the areas you can expect to hear about in May. >> That's good, that's a good little hint. It's a month to the Dell EMC World again the first combined Dell EMC World >> Drew: In Vegas. >> Well, last year we had EMC World in Vegas and Dell EMC World, it got very confusing. Now there's just one. We're like is it the Vegas one or the Austin one? So now there's just one, it's easier to keep track. >> Drew: One forum to rule them all. >> We look forward to Michael coming on, we had him on at both as well as VM World and it's always great to get his take as well. So Drew, thanks for stopping by and we look forward to seeing you in about a month in Vegas. >> Likewise, thanks guys, great time. >> Drew Schulke, Scott Reynovitch, Jeff Rick. You're watching the Cube from Open Networking Summit 2017. Thanks for watching. We'll be back after this short break. (bright music)

extracting the signal from the noise it's the cube covering vmworld 2015 brought to you by vmware and its ecosystem sponsors now your host John furrier and Dave vellante okay welcome back everyone we are here live in San Francisco for vmworld 2015 SiliconANGLE media's the cube star flagship program we go out to the event and extract the students from noise i'm john furry the founders looking angle to of my coast and partner david lonte co-founder Wikibon calm slipping angles research are my next guess is sanjay poonen executive vice president general manager of vmware's end-user computing great to see you again welcome back to the cube John's pleasure to be here but I got to say one thing I'm waiting for the day when you have the tie and dave has the non-tidal I mean seriously you gotta quit that purple tile no I'm just getting a pleasure to be on your show I happy to wear tie but people would know it's phony baloney but I'm happy cape looks good d looks good in the neck but I'm California gotta be chillax a little bit here are you relaxed you feeling good I'm feeling great okay so you get a big body through your anniversary at vm work this month Wow excited to be here at the show so choice so give us the state of the union au CSAP to vmware now two years air wash huge acquisition we saw your an event you had here in San Francisco with all the top customers you have big name box big time player is working with you guys cloud needs a theme that you guys are really driving hard what's this all about where are we right now in your group and user computing is all the rage developer attraction and DevOps kind of connects the dots where are we with this yeah no I think it's been a fabulous two years we've hired a fantastic team I talked about this in my last show your some of the new people that joined us summative on Bob Jules no awasum were some of the people we promoted from within kit Kohlberg Eric Freiburg and then many of the people in the field we really really put together I think the best end-user computing team in the industry bar none it always starts to the people you know my people values where it's all started secondly we really started to innovate on product that differentiates us from the competition and made the bold move and mobile because mobile is the new desktop we joked internally that you could end user computing without a strategy you got that Josh yes yeah you know so that's in essence what we've done to be invisible and taking up the complexities away that's really the key will you yeah absolutely and making yourself relevant to where the world is going in this digitization of the workplace so we see this as a phenomenal opportunity for us to become the de facto brand in a Switzerland set of proposition you've got apple iOS you've got google android about windows microsoft OS 10 VMware's propositions via Switzerland type of company that can manage and secure all of those devices in very transparent fashion then lead and lead with that mobile story right I mean isn't that part of it yeah no absolutely mobile is the new desktop so it does become the key outcome the people are looking for and our proposition that we talked about last year working at the speed of life being able to go all the way from desktop to Tesla many of those things are really starting to resonate now as we talked to CIOs and so you know 10 at 2010 when we first did the cube six years ago Palmer its laid out the whole manifesto and user computing had a lot of disparate parts some of gods and have left explain to the folks out there and clarify the positioning of end-user computing visa V all the turmoil in the marketplace with customers cloud has got obviously hybrid cloud people I try to get their arms around that virtualization a lot of plumbing going on with SD and Isis and growth there a lot of stuff going on underneath your layer that's going to affect you how do you manage that clarify the positioning and then talk about how you respond to the growth that's going to come out of underneath you and the infrastructure yeah I think Paul Maritz had it right down he's one of the visionaries of our time and as he talked in 2010 that was around the time we actually coined the term workspaces the inwards 12 companies had coined the term mobile workspace and now many of those technologies are coming to bear so much of the demos that Paul actually noah was here at the time Steve Herod showed you know I'm actually sort of sitting on the shoulders of many of those giants in terms of driving this so the time has come now where the desktop virtualization market now is less costly and less complex so we've taken cost and complexity out and that's why now we're taking market share from Citrix and other players in that market in the mobile place we weren't moving fast enough we acquire the leader AirWatch in mobile security and we've now created an ecosystem out of that of the leading application providers that are all partnering at a Salesforce workday Adobe SI p everyone in the app space the telco providers players like a TMT vodafone singtel partnering with us and then the security players like palo alto networks of all embraced AirWatch and then we actually created some blue technologies that really bring the desktop and the mobile together like identity management identity as a service is becoming one of those very critical like critical items that's a life blood that ties desktop and mobile together because you're your device now becomes your second factor of authentication right you can use your fingerprint or retina scan all of these now really coming in a mature fashion so we're seeing huge growth out of particularly AirWatch side I think sixty percent last last quarter path to profitability I believe in 2016 no Pat's talking about it Carl's talking about at jonathan's talking about Joe Tucci's talk of everybody's talking about your business so what's driving that growth you just talked about that ecosystem that's got to be a lot of the leverage but maybe help us unpack deck wrote a little bit I think it has been and I'm biased so obviously next to VMware being acquired by emc one of the best acquisitions of modern you know last 18 months in enterprise software we were diligent just the same way EMC a treated VMware to be somewhat separate and independent we kept AirWatch fairly dependent for the first six months and gradually began the integration because there was a motion that Alain de Biron John Marshall had in the context the way they ran their what's that we did not want to break and then over time in the second half of last year in the first half of this year we began to get two parts of VMware that we do well in to play the value side of big deals so we start to participate in elas now where larger conversations with customers the big accounts the volume site are the transaction partners our channel partners 75,000 partners of VMware now have an opportunity to take this mobile solution as a door-opener the CIO but remember now we're bringing together horizon on the desktop site air watching the mobile side with glue types of technologies like identity so the proposition just got like one plus one equals like 111 and that's a huge often you mentioned he'll I mean huge year renewal year in 2016 so that's going to be a tailwind it cloud-based solution around one of the reasons with why I watch it was there with a leader in cloud-based mobile John and Alan were very smart and creating a cloud-based solution not to say that they can't deploy on premise but its cloud first so think Salesforce in a world where everyone else looks like a siebel so we were very astute basically saying we want to look at a way by which the subscription revenue starts to become a flywheel yeah so I want to ask you about business mobility that's a theme that you guys have been big big on your ace application configuration I think it's called or yeah happy creating for the enterprise you had Salesforce box cisco workday and a bunch of other partners showing nsx identity the hard stuff the stuff that you will think about i was there at the event and I want you to compare that visa V some news at hit today with apple and cisco partnering on iOS traffic and prioritizing traffic for iOS apps on cisco hardware yeah which is essentially deep packet inspection looking at the routes and giving them a fast lane if you will that seems to be the trend this consumerization where new Apple examples saying okay differentiate with apple stuff versus Android are the business people thinking about that that way are we looking at nsx innovating under the hood explain the consumerization of business mobility why that's relevant and how hard it is when some things that you guys are doing we coined the term john consumer simple meets and a prize secure and you hear about that more tomorrow in my keynote which i encourage all your viewers to come to tomorrow the clock at nine o'clock there's some very special in huge news hint at and little bit but let's bring that together because who is one of the best at consumers simplicity today Apple okay and we basically are Google and much of what they do too but we took basically a strong partnership with apple and dialed it further and and his apples talked about publicly they have a group of enterprise partners where one among a very few 30 40 50 that they're working with in the EMM space and we investigated meaning enterprise mobile manager okay guy and as we we did that we also then looked at all the apps players that were very key to this mobile cloud ecosystem box you know native people exactly these are folks who are building a cloud-based mobile set of applications and we signed all of them up to this need of integration called app config with enterprise that the device operating system vendors like Apple and Google and us invented now what's happening is you're starting to see that ecosystem getting stronger so actually it's awesome because the apps that were announced today in the cisco apple announcement were WebEx spark the same applications i build laughs and fig yes for so we actually copying you guys well no they actually joining the ecosystem so i think it's awesome when you have an IBM in the ecosystem of vmware in the ecosystem now is cisco on the ecosystem it's amazing there you know there's lots of players we partner with SI PE last you're gonna see us doing more with them so our goal is to ensure that the lead players whether it's an applications world whether it's the networking world what's the security world start plugging into appropriate platform I remember the proposition of vmware though is to be Switzerland so we have to build strong relationships with apple with Google and Microsoft Windows 10 because they're all viable ecosystems in the post-pc world well of course you want to be neutral because you want to have you know rising tide as you said but your announcement also highlighted box docusign was in their AT&T you talk about some cool things I can split outspent reports by having an iphone so the rant random example but the but it highlights a new way of doing things right but i thought i asked her the question those are cloud native companies mean box workday mean they were born in the cloud if you will but what about the enterprises that aren't they have a lot of legacy that's a problem right so it's not easy to be cloud- talk about the challenges there and the opportunities how you guys are addressed i love that word because the each side of that coin is a challenging the opportunity so when we go to traditional enterprises they have client server applications or all browser applications that they want us to real deployment and you'll hear my keynote tomorrow a very key phrase any application on any device so you've got a client-server application and old browser application or native mobile app we can deliver into any device you pick your device you've got a traditional windows laptop at in client a mac OS and Android and iOS or a tesla with running some kind of you know maybe android inside it we can deploy those applications on any device and that requires the combination the technology we have from a horizon and AirWatch so what do we do in those traditional applications we virtualize them we can either virtualize the desktop or the app and deploy them onto at incline we think john the future is thin client computing where you know your glass that you present on is going to be like the glass the Corning makes us projectable and this phone becomes your remote control into your entire life so I love this conversation because there's so much talk in this business Gardner has bimodal IT IDC has the third platform and and but what you just described is doesn't doesn't say old stuff over here and new stuff over there it says extend the client-server apps the 19-year old legacy apps and allow them to participate in this cloud native cloud native doesn't mean throw away the old stuff and start with a blank piece of paper I wonder if you could first of all do you agree with that and what if you could talk about that as a strategy it's a very important strategy because if you are a new company like an uber or Netflix you don't have legacy infrastructure you can start completely new on a cloud native all cloud apps but for the majority of global 2000 companies they have existing applications client-server primarily some running in all browsers ie8 ie9 and you've got to bring those apps to the new world so we see the world moving clearly to mobile and html5 long term but there's still going to be many of those applications 3d applications for example you go to many of our large manufacturing customers they've got jet engine parts or parts of various different manufacturing processes that are still not yet html5 or mobile apps so bringing those old world of apps to a Chromebook or to an iOS device is something we can magically do but for these native mobile apps you want to make it one touch so the benefit of what we had with app configures now with one-touch secured by air watch you can now automatically get access to Salesforce or DocuSign or box this is the best of both worlds for the new apps single touch easy seamless access those apps for the old world world of apps you can seamlessly virtualize them in other words abstract them and then send them over to the ecosystem is critical in all of this and and a lot of times we see this trend toward vertical integration we watch what Oracle's do and you see what Amazon's doing the e così i'm hearing the ecosystem is still vital to your strategy absolutely and the ecosystem takes various different forms the device operating system players the system integrators the security players people like Paul all tanks and then in this world apps players are really really important I talked last year about SI p we had many new apps in that and you know just a small little hint tomorrow at nine o'clock you're going to see a major ecosystem player on stage with us never in the history of the world I don't want to blow the cat out of the bag and I want every one of your viewers gonna be big my lap gonna be huge so you got to come there okay so ecosystem just real quick profitable good economics people making money how's that economics work yeah you know via MERS all about ecosystem right you go to the show floor and vmworld has got thousands including companies that compete with us what you got to do is ensure that you're open and you allow even competitors to integrate with you ok I've got competitors that I compete with in my part of the business they've got to integrate with vsphere vice versa I've got to make sure that I can play in a heterogeneous world with a variety of companies that might compete in the STD sea world and part of the magic of doing this is to ensure that the ecosystem is proliferating but you have some platform player that's what's made vm VMware successful 600,000 greatest infrastructure company balls out I have box again to wrap here so I have a final question then I have a final final question because I need to get two questions in first api api f occasion as a term that we've been kicking around the openstack cloud community coined by google's Craig mcluckie on the cube it's been kicking around but API making your api's available if you overdo it you could cause some problems but you're mentioning interacting with of all these apps your take on that and the second final final question is how do you view DevOps do you care you're looking down at it saying go faster or you're agnostic what are you guys doing specifically around this API ification trend yeah i mean the devops in particular they're both of a related questions let me cover them in sort of a quick sequence everything that we should do as a platform you're a platform if you create a service-oriented architecture that allows others to plug into you so when we talk about app config for the enterprise part of what we did was created an API set with the device operating system players like Apple Google is an open it's an open standard that all EMS can can embrace and now then we natively integrate sales force or workday or essay p into that so the api's are absolutely important in every layer of vmware whether it's the desktop side was the mobile side with its SDDC we live by those principle as a platform company no doubt then as you think about DevOps there's aspects of now the management complexity in the cloud world that needs rethought because this isn't systems management the old way in which the client-server were looked at it DevOps really has a very key way which you can go from tested Evra production where you've got multiple clouds you've got federated clouds and we've got to make sure and this is something that we use internally a lot of our AirWatch solutions that are deployed because they're cloud first have DevOps built into them build an integration built between AirWatch and the management tools of vmware their customers who asked us to integrate in the service now this whole management platform the next generation mobile cloud management platform is going to have DevOps at the key at the heart of it and we think that's a huge opportunity for VMware and for our ecosystem so yes or no question senior management's behind DevOps we are absolutely behind everything that drives in the ecosystem DevOps is one key part of it but there are many other aspects this is one key part where the management platform is going and we're very very committed to making that I know you got to run to your meeting thanks so much Sanjay put in the general man and your EVP of then use a computer big announcement tomorrow watch his keynote tomorrow at 9am I nair on SiliconANGLE TV the cube is going to be covering all the keynotes then keep watching we'll be right back more with live coverage from San Francisco vmworld 2015 this is the cube with John fair and Dave vellante we'll be right back thanks John