(upbeat music) >> When Oracle acquired Sun in 2009, it paid $5.6 billion net of Sun's cash and debt. Now I argued at the time that Oracle got one of the best deals in the history of enterprise tech, and I got a lot of grief for saying that because Sun had a declining business, it was losing money, and its revenue was under serious pressure as it tried to hang on for dear life. But Safra Catz understood that Oracle could pay Sun's lower profit and lagging businesses, like its low index 86 product lines, and even if Sun's revenue was cut in half, because Oracle has such a high revenue multiple as a software company, it could almost instantly generate $25 to $30 billion in shareholder value on paper. In addition, it was a catalyst for Oracle to initiate its highly differentiated engineering systems business, and was actually the precursor to Oracle's Cloud. Oracle saw that it could capture high margin dollars that used to go to partners like HP, it's original exit data partner, and get paid for the full stack across infrastructure, middleware, database, and application software, when eventually got really serious about cloud. Now there was also a major technology angle to this story. Remember Sun's tagline, "the network is the computer"? Well, they should have just called it cloud. Through the Sun acquisition. Oracle also got a couple of key technologies, Java, the number one programming language in the world, and MySQL, a key ingredient of the LAMP stack, that's Linux, Apache, MySQL and PHP, Perl or Python, on which the internet is basically built, and is used by many cloud services like Facebook, Twitter, WordPress, Flicker, Amazon, Aurora, and many other examples, including, by the way, Maria DB, which is a fork of MySQL created by MySQL's creator, basically in protest to Oracle's acquisition; the drama is Oscar worthy. It gets even better. In 2020, Oracle began introducing a new version of MySQL called MySQL HeatWave, and since late 2020 it's been in sort of a super cycle rolling, out three new releases in less than a year and a half in an attempt to expand its Tam and compete in new markets. Now we covered the release of MySQL Autopilot, which uses machine learning to automate management functions. And we also covered the bench marketing that Oracle produced against Snowflake, AWS, Azure, and Google. And Oracle's at it again with HeatWave, adding machine learning into its database capabilities, along with previously available integrations of OLAP and OLTP. This, of course, is in line with Oracle's converged database philosophy, which, as we've reported, is different from other cloud database providers, most notably Amazon, which takes the right tool for the right job approach and chooses database specialization over a one size fits all strategy. Now we've asked Oracle to come on theCUBE and explain these moves, and I'm pleased to welcome back Nipun Agarwal, who's the senior vice president for MySQL Database and HeatWave at Oracle. And today, in this video exclusive, we'll discuss machine learning, other new capabilities around elasticity and compression, and then any benchmark data that Nipun wants to share. Nipun's been a leading advocate of the HeatWave program. He's led engineering in that team for over 10 years, and he has over 185 patents in database technologies. Welcome back to the show Nipun. Great to see you again. Thanks for coming on. >> Thank you, Dave. Very happy to be back. >> Yeah, now for those who may not have kept up with the news, maybe to kick things off you could give us an overview of what MySQL HeatWave actually is so that we're all on the same page. >> Sure, Dave, MySQL HeatWave is a fully managed MySQL database service from Oracle, and it has a builtin query accelerator called HeatWave, and that's the part which is unique. So with MySQL HeatWave, customers of MySQL get a single database which they can use for transactional processing, for analytics, and for mixed workloads because traditionally MySQL has been designed and optimized for transaction processing. So in the past, when customers had to run analytics with the MySQL based service, they would need to move the data out of MySQL into some other database for running analytics. So they would end up with two different databases and it would take some time to move the data out of MySQL into this other system. With MySQL HeatWave, we have solved this problem and customers now have a single MySQL database for all their applications, and they can get the good performance of analytics without any changes to their MySQL application. >> Now it's no secret that a lot of times, you know, queries are not, you know, most efficiently written, and critics of MySQL HeatWave will claim that this product is very memory and cluster intensive, it has a heavy footprint that adds to cost. How do you answer that, Nipun? >> Right, so for offering any database service in the cloud there are two dimensions, performance and cost, and we have been very cognizant of both of them. So it is indeed the case that HeatWave is a, in-memory query accelerator, which is why we get very good performance, but it is also the case that we have optimized HeatWave for commodity cloud services. So for instance, we use the least expensive compute. We use the least expensive storage. So what I would suggest is for the customers who kind of would like to know what is the price performance advantage of HeatWave compared to any database we have benchmark against, Redshift, Snowflake, Google BigQuery, Azure Synapse, HeatWave is significantly faster and significantly lower price on a multitude of workloads. So not only is it in-memory database and optimized for that, but we have also optimized it for commodity cloud services, which makes it much lower price than the competition. >> Well, at the end of the day, it's customers that sort of decide what the truth is. So to date, what's been the customer reaction? Are they moving from other clouds from on-prem environments? Both why, you know, what are you seeing? >> Right, so we are definitely a whole bunch of migrations of customers who are running MySQL on-premise to the cloud, to MySQL HeatWave. That's definitely happening. What is also very interesting is we are seeing that a very large percentage of customers, more than half the customers who are coming to MySQL HeatWave, are migrating from other clouds. We have a lot of migrations coming from AWS Aurora, migrations from RedShift, migrations from RDS MySQL, TerriData, SAP HANA, right. So we are seeing migrations from a whole bunch of other databases and other cloud services to MySQL HeatWave. And the main reason we are told why customers are migrating from other databases to MySQL HeatWave are lower cost, better performance, and no change to their application because many of these services, like AWS Aurora are ETL compatible with MySQL. So when customers try MySQL HeatWave, not only do they get better performance at a lower cost, but they find that they can migrate their application without any changes, and that's a big incentive for them. >> Great, thank you, Nipun. So can you give us some names? Are there some real world examples of these customers that have migrated to MySQL HeatWave that you can share? >> Oh, absolutely, I'll give you a few names. Stutor.com, this is an educational SaaS provider raised out of Brazil. They were using Google BigQuery, and when they migrated to MySQL HeatWave, they found a 300X, right, 300 times improvement in performance, and it lowered their cost by 85 (audio cut out). Another example is Neovera. They offer cybersecurity solutions and they were running their application on an on-premise version of MySQL when they migrated to MySQL HeatWave, their application improved in performance by 300 times and their cost reduced by 80%, right. So by going from on-premise to MySQL HeatWave, they reduced the cost by 80%, improved performance by 300 times. We are Glass, another customer based out of Brazil. They were running on AWS EC2, and when they migrated, within hours they found that there was a significant improvement, like, you know, over 5X improvement in database performance, and they were able to accommodate a very large virtual event, which had more than a million visitors. Another example, Genius Senority. They are a game designer in Japan, and when they moved to MySQL HeatWave, they found a 90 times percent improvement in performance. And there many, many more like a lot of migrations, again, from like, you know, Aurora, RedShift and many other databases as well. And consistently what we hear is (audio cut out) getting much better performance at a much lower cost without any change to their application. >> Great, thank you. You know, when I ask that question, a lot of times I get, "Well, I can't name the customer name," but I got to give Oracle credit, a lot of times you guys have at your fingertips. So you're not the only one, but it's somewhat rare in this industry. So, okay, so you got some good feedback from those customers that did migrate to MySQL HeatWave. What else did they tell you that they wanted? Did they, you know, kind of share a wishlist and some of the white space that you guys should be working on? What'd they tell you? >> Right, so as customers are moving more data into MySQL HeatWave, as they're consolidating more data into MySQL HeatWave, customers want to run other kinds of processing with this data. A very popular one is (audio cut out) So we have had multiple customers who told us that they wanted to run machine learning with data which is stored in MySQL HeatWave, and for that they have to extract the data out of MySQL (audio cut out). So that was the first feedback we got. Second thing is MySQL HeatWave is a highly scalable system. What that means is that as you add more nodes to a HeatWave cluster, the performance of the system improves almost linearly. But currently customers need to perform some manual steps to add most to a cluster or to reduce the cluster size. So that was other feedback we got that people wanted this thing to be automated. Third thing is that we have shown in the previous results, that HeatWave is significantly faster and significantly lower price compared to competitive services. So we got feedback from customers that can we trade off some performance to get even lower cost, and that's what we have looked at. And then finally, like we have some results on various data sizes with TPC-H. Customers wanted to see if we can offer some more data points as to how does HeatWave perform on other kinds of workloads. And that's what we've been working on for the several months. >> Okay, Nipun, we're going to get into some of that, but, so how did you go about addressing these requirements? >> Right, so the first thing is we are announcing support for in-database machine learning, meaning that customers who have their data inside MySQL HeatWave can now run training, inference, and prediction all inside the database without the data or the model ever having to leave the database. So that's how we address the first one. Second thing is we are offering support for real time elasticity, meaning that customers can scale up or scale down to any number of nodes. This requires no manual intervention on part of the user, and for the entire duration of the resize operation, the system is fully available. The third, in terms of the costs, we have double the amount of data that can be processed per node. So if you look at a HeatWave cluster, the size of the cluster determines the cost. So by doubling the amount of data that can be processed per node, we have effectively reduced the cluster size which is required for planning a given workload to have, which means it reduces the cost to the customer by half. And finally, we have also run the TPC-DS workload on HeatWave and compared it with other vendors. So now customers can have another data point in terms of the performance and the cost comparison of HeatWave with other services. >> All right, and I promise, I'm going to ask you about the benchmarks, but I want to come back and drill into these a bit. How is HeatWave ML different from competitive offerings? Take for instance, Redshift ML, for example. >> Sure, okay, so this is a good comparison. Let's start with, let's say RedShift ML, like there are some systems like, you know, Snowflake, which don't even offer any, like, processing of machine learning inside the database, and they expect customers to write a whole bunch of code, in say Python or Java, to do machine learning. RedShift ML does have integration with SQL. That's a good start. However, when customers of Redshift need to run machine learning, and they invoke Redshift ML, it makes a call to another service, SageMaker, right, where so the data needs to be exported to a different service. The model is generated, and the model is also outside RedShift. With HeatWave ML, the data resides always inside the MySQL database service. We are able to generate models. We are able to train the models, run inference, run explanations, all inside the MySQL HeatWave service. So the data, or the model, never have to leave the database, which means that both the data and the models can now be secured by the same access control mechanisms as the rest of the data. So that's the first part, that there is no need for any ETL. The second aspect is the automation. Training is a very important part of machine learning, right, and it impacts the quality of the predictions and such. So traditionally, customers would employ data scientists to influence the training process so that it's done right. And even in the case of Redshift ML, the users are expected to provide a lot of parameters to the training process. So the second thing which we have worked on with HeatWave ML is that it is fully automated. There is absolutely no user intervention required for training. Third is in terms of performance. So one of the things we are very, very sensitive to is performance because performance determines the eventual cost to the customer. So again, in some benchmarks, which we have published, and these are all available on GitHub, we are showing how HeatWave ML is 25 times faster than Redshift ML, and here's the kicker, at 1% of the cost. So four benefits, the data all remain secure inside the database service, it's fully automated, much faster, much lower cost than the competition. >> All right, thank you Nipun. Now, so there's a lot of talk these days about explainability and AI. You know, the system can very accurately tell you that it's a cat, you know, or for you Silicon Valley fans, it's a hot dog or not a hot dog, but they can't tell you how the system got there. So what is explainability, and why should people care about it? >> Right, so when we were talking to customers about what they would like from a machine learning based solution, one of the feedbacks we got is that enterprise is a little slow or averse to uptaking machine learning, because it seems to be, you know, like magic, right? And enterprises have the obligation to be able to explain, or to provide a answer to their customers as to why did the database make a certain choice. With a rule based solution it's simple, it's a rule based thing, and you know what the logic was. So the reason explanations are important is because customers want to know why did the system make a certain prediction? One of the important characteristics of HeatWave ML is that any model which is generated by HeatWave ML can be explained, and we can do both global explanations or model explanations as well as we can also do local explanations. So when the system makes a specific prediction using HeatWave ML, the user can find out why did the system make such a prediction? So for instance, if someone is being denied a loan, the user can figure out what were the attribute, what were the features which led to that decision? So this ensures, like, you know, fairness, and many of the times there is also like a need for regulatory compliance where users have a right to know. So we feel that explanations are very important for enterprise workload, and that's why every model which is generated by HeatWave ML can be explained. >> Now I got to give Snowflakes some props, you know, this whole idea of separating compute from storage, but also bringing the database to the cloud and driving elasticity. So that's been a key enabler and has solved a lot of problems, in particular the snake swallowing the basketball problem, as I often say. But what about elasticity and elasticity in real time? How is your version, and there's a lot of companies chasing this, how is your approach to an elastic cloud database service different from what others are promoting these days? >> Right, so a couple of characteristics. One is that we have now fully automated the process of elasticity, meaning that if a user wants to scale up or scale down, the only thing they need to specify is the eventual size of the cluster and the system completely takes care of it transparently. But then there are a few characteristics which are very unique. So for instance, we can scale up or scale down to any number of nodes. Whereas in the case of Snowflake, the number of nodes someone can scale up or scale down to are the powers of two. So if a user needs 70 CPUs, well, their choice is either 64 or 128. So by providing this flexibly with MySQL HeatWave, customers get a custom fit. So they can get a cluster which is optimized for their specific portal. So that's the first thing, flexibility of scaling up or down to any number of nodes. The second thing is that after the operation is completed, the system is fully balanced, meaning the data across the various nodes is fully balanced. That is not the case with many solutions. So for instance, in the case of Redshift, after the resize operation is done, the user is expected to manually balance the data, which can be very cumbersome. And the third aspect is that while the resize operation is going on, the HeatWave cluster is completely available for queries, for DMLS, for loading more data. That is, again, not the case with Redshift. Redshift, suppose the operation takes 10 to 15 minutes, during that window of time, the system is not available for writes, and for a big part of that chunk of time, the system is not even available for queries, which is very limiting. So the advantages we have are fully flexible, the system is in a balanced state, and the system is completely available for the entire duration operation. >> Yeah, I guess you got that hypergranularity, which, you know, sometimes they say, "Well, t-shirt sizes are good enough," but then I think of myself, some t-shirts fit me better than others, so. Okay, I saw on the announcement that you have this lower price point for customers. How did you actually achieve this? Could you give us some details around that please? >> Sure, so there are two things for announcing this service, which lower the cost for the customers. The first thing is that we have doubled the amount of data that can be processed by a HeatWave node. So if we have doubled the amount of data, which can be a process by a node, the cluster size which is required by customers reduces to half, and that's why the cost drops to half. The way we have managed to do this is by two things. One is support for Bloom filters, which reduces the amount of intermediate memory. And second is we compress the base data. So these are the two techniques we have used to process more data per node. The second way by which we are lowering the cost for the customers is by supporting pause and resume of HeatWave. And many times you find customers of like HeatWave and other services that they want to run some other queries or some other workloads for some duration of time, but then they don't need the cluster for a few hours. Now with the support for pause and resume, customers can pause the cluster and the HeatWave cluster instantaneously stops. And when they resume, not only do we fetch the data, in a very, like, you know, a quick pace from the object store, but we also preserve all the statistics, which are used by Autopilot. So both the data and the metadata are fetched, extremely fast from the object store. So with these two capabilities we feel that it'll drive down the cost to our customers even more. >> Got it, thank you. Okay, I promised I was going to get to the benchmarks. Let's have it. How do you compare with others but specifically cloud databases? I mean, and how do we know these benchmarks are real? My friends at EMC, they were back in the day, they were brilliant at doing benchmarks. They would produce these beautiful PowerPoints charts, but it was kind of opaque, but what do you say to that? >> Right, so there are multiple things I would say. The first thing is that this time we have published two benchmarks, one is for machine learning and other is for SQL analytics. All the benchmarks, including the scripts which we have used are available on GitHub. So we have full transparency, and we invite and encourage customers or other service providers to download the scripts, to download the benchmarks and see if they get any different results, right. So what we are seeing, we have published it for other people to try and validate. That's the first part. Now for machine learning, there hasn't been a precedence for enterprise benchmarks so we talk about aiding open data sets and we have published benchmarks for those, right? So both for classification, as well as for aggression, we have run the training times, and that's where we find that HeatWave MLS is 25 times faster than RedShift ML at one percent of the cost. So fully transparent, available. For SQL analytics, in the past we have shown comparisons with TPC-H. So we would show TPC-H across various databases, across various data sizes. This time we decided to use TPC-DS. the advantage of TPC-DS over TPC-H is that it has more number of queries, the queries are more complex, the schema is more complex, and there is a lot more data skew. So it represents a different class of workloads, and which is very interesting. So these are queries derived from the TPC-DS benchmark. So the numbers we have are published this time are for 10 terabyte TPC-DS, and we are comparing with all the four majors services, Redshift, Snowflake, Google BigQuery, Azure Synapse. And in all the cases, HeatWave is significantly faster and significantly lower priced. Now one of the things I want to point out is that when we are doing the cost comparison with other vendors, we are being overly fair. For instance, the cost of HeatWave includes the cost of both the MySQL node as well as the HeatWave node, and with this setup, customers can run transaction processing analytics as well as machine learning. So the price captures all of it. Whereas with the other vendors, the comparison is only for the analytic queries, right? So if customers wanted to run RDP, you would need to add the cost of that database. Or if customers wanted to run machine learning, you would need to add the cost of that service. Furthermore, with the case of HeatWave, we are quoting pay as you go price, whereas for other vendors like, you know, RedShift, and like, you know, where applicable, we are quoting one year, fully paid upfront cost rate. So it's like, you know, very fair comparison. So in terms of the numbers though, price performance for TPC-DS, we are about 4.8 times better price performance compared to RedShift We are 14.4 times better price performance compared to Snowflake, 13 times better than Google BigQuery, and 15 times better than Synapse. So across the board, we are significantly faster and significantly lower price. And as I said, all of these scripts are available in GitHub for people to drive for themselves. >> Okay, all right, I get it. So I think what you're saying is, you could have said this is what it's going to cost for you to do both analytics and transaction processing on a competitive platform versus what it takes to do that on Oracle MySQL HeatWave, but you're not doing that. You're saying, let's take them head on in their sweet spot of analytics, or OLTP separately and you're saying you still beat them. Okay, so you got this one database service in your cloud that supports transactions and analytics and machine learning. How much do you estimate your saving companies with this integrated approach versus the alternative of kind of what I called upfront, the right tool for the right job, and admittedly having to ETL tools. How can you quantify that? >> Right, so, okay. The numbers I call it, right, at the end of the day in a cloud service price performance is the metric which gives a sense as to how much the customers are going to save. So for instance, for like a TPC-DS workload, if we are 14 times better price performance than Snowflake, it means that our cost is going to be 1/14th for what customers would pay for Snowflake. Now, in addition, in other costs, in terms of migrating the data, having to manage two different databases, having to pay for other service for like, you know, machine learning, that's all extra and that depends upon what tools customers are using or what other services they're using for transaction processing or for machine learning. But these numbers themselves, right, like they're very, very compelling. If we are 1/5th the cost of Redshift, right, or 1/14th of Snowflake, these numbers, like, themselves are very, very compelling. And that's the reason we are seeing so many of these migrations from these databases to MySQL HeatWave. >> Okay, great, thank you. Our last question, in the Q3 earnings call for fiscal 22, Larry Ellison said that "MySQL HeatWave is coming soon on AWS," and that caught a lot of people's attention. That's not like Oracle. I mean, people might say maybe that's an indication that you're not having success moving customers to OCI. So you got to go to other clouds, which by the way I applaud, but any comments on that? >> Yep, this is very much like Oracle. So if you look at one of the big reasons for success of the Oracle database and why Oracle database is the most popular database is because Oracle database runs on all the platforms, and that has been the case from day one. So very akin to that, the idea is that there's a lot of value in MySQL HeatWave, and we want to make sure that we can offer same value to the customers of MySQL running on any cloud, whether it's OCI, whether it's the AWS, or any other cloud. So this shows how confident we are in our offering, and we believe that in other clouds as well, customers will find significant advantage by having a single database, which is much faster and much lower price then what alternatives they currently have. So this shows how confident we are about our products and services. >> Well, that's great, I mean, obviously for you, you're in MySQL group. You love that, right? The more places you can run, the better it is for you, of course, and your customers. Okay, Nipun, we got to leave it there. As always it's great to have you on theCUBE, really appreciate your time. Thanks for coming on and sharing the new innovations. Congratulations on all the progress you're making here. You're doing a great job. >> Thank you, Dave, and thank you for the opportunity. >> All right, and thank you for watching this CUBE conversation with Dave Vellante for theCUBE, your leader in enterprise tech coverage. We'll see you next time. (upbeat music)

>>Welcome everyone to the cubes presentation of the AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series and we're covering exciting and innovative startups from the AWS ecosystem. Today. We're going to focus on the open source community. I'm your host, Dave Vellante. And right now we're going to talk about open source security and mitigating risk in light of a recent discovery of a zero day flaw in log for J a Java logging utility and a related white house executive order that points to the FTC pursuing companies that don't properly secure consumer data as a result of this vulnerability and with me to discuss this critical issue and how to more broadly address software supply chain risk is Don Fisher. Who's the CEO of tide lift. Thank you for coming on the program, Donald. >>Thanks for having me excited to be here. Yeah, pleasure. >>So look, there's a lot of buzz. You open the news, you go to your favorite news site and you see this, you know, a log for J this is an, a project otherwise known as logged for shell. It's this logging tool. My understanding is it's, it's both ubiquitous and very easy to exploit. Maybe you could explain that in a little bit more detail. And how do you think this vulnerability is going to affect things this year? >>Yeah, happy to, happy to dig in a little bit in orient around this. So, you know, just a little definitions to start with. So log for J is a very widely used course component that's been around for quite a while. It's actually an amazing piece of technology log for J is used in practically every serious enterprise Java application over the last 10 going on 20 years. So it's, you know, log for J itself is fantastic. The challenge that organization organizations have been facing relate to a specific security vulnerability that was discovered in log for J and that has been given this sort of brand's name as it happens these days. Folks may remember Heartbleed around the openness to sell vulnerability some years back. This one has been dubbed logged for shell. And the reason why it was given that name is that this is a form of security vulnerability that actually allows attackers. >>You know, if a system is found that hasn't been patched to remediate it, it allows hackers to get full control of a, of a system of a server that has the software running on it, or includes this log for J component. And that means that they can do anything. They can access, you know, private customer data on that system, or really do anything and so-called shell level access. So, you know, that's the sort of definitions of what it is, but the reason why it's important is in the, in the small, you know, this is a open door, right? It's a, if, if organizations haven't patched this, they need to respond to it. But one of the things that's kind of, you know, I think important to recognize here is that this log for J is just one of literally thousands of independently created open source components that flow into the applications that almost every organization built and all of them all software is going to have security vulnerabilities. And so I think that log for J is, has been a catalyst for organizations to say, okay, we've got to solve this specific problem, but we all also have to think ahead about how is this all gonna work. If our software supply chain originates with independent creators across thousands of projects across the internet, how are we going to put a better plan in place to think ahead to the next log for J log for shell style incident? And for sure there will be more >>Okay. So you see this incident as a catalyst to maybe more broadly thinking about how to secure the, the digital supply chain. >>Absolutely. Yeah, it's a, this is proving a point that, you know, a variety of folks have been making for a number of years. Hey, we depend, I mean, honestly these days more than 70% of most applications, most custom applications are comprised of this third party open source code. Project's very similar in origin and governance to log for J that's just reality. It's actually great. That's an amazing thing that the humans collaborating on the internet have caused to be possible that we have this rich comments of open source software to build with, but we also have to be practical about it and say, Hey, how are we going to work together to make sure that that software as much as possible is vetted to ensure that it meets commercial standards, enterprise standards ahead of time. And then when the inevitable issues arise like this incident around the log for J library, that we have a great plan in place to respond to it and to, you know, close the close the door on vulnerabilities when they, when they show up. >>I mean, you know, when you listen to the high level narrative, it's easy to point fingers at organizations, Hey, you're not doing enough now. Of course the U S government has definitely made attempts to emphasize this and, and shore up in, in, in, in, in push people to shore up the software supply chain, they've released an executive order last may, but, but specifically, I mean, it's just a complicated situation. So what steps should organizations really take to make sure that they don't fall prey to these future supply chain attacks, which, you know, are, as you pointed out are inevitable. >>Yeah. I mean, it's, it's a great point that you make that the us federal government has taken proactive steps starting last year, 2021 in the fallout of the solar winds breach, you know, about 12 months ago from the time that we're talking, talking here, the U S government actually was a bit ahead of the game, both in flagging the severity of this, you know, area of concern and also directing organizations on how to respond to it. So the, in May, 2021, the white house issued an executive order on cybersecurity and it S directed federal agencies to undertake a whole bunch of new measures to ensure the security of different aspects of their technology and software supply chain specifically called out open source software as an area where they put, you know, hard requirements around federal agencies when they're acquiring technology. And one of the things that the federal government that the white house cybersecurity executive order directed was that organizations need to start with creating a list of the third-party open source. >>That's flowing into their applications, just that even have a table of contents or an index to start working with. And that's, that's called a, a software bill of materials or S bomb is how some people pronounce that acronym. So th the federal government basically requires federal agencies to now create Nessbaum for their applications to demand a software bill of materials from vendors that are doing business with the government and the strategy there has been to expressly use the purchasing power of the us government to level up industry as a whole, and create the necessary incentives for organizations to, to take this seriously. >>You know, I, I feel like the solar winds hack that you mentioned, of course it was widely affected the government. So we kind of woke them up, but I feel like it was almost like a stuck set Stuxnet moment. Donald were very sophisticated. I mean, for the first time patches that were supposed to be helping us protect, now we have to be careful with them. And you mentioned the, the bill of its software, bill of materials. We have to really inspect that. And so let's get to what you guys do. How do you help organizations deal with this problem and secure their open source software supply chain? >>Yeah, absolutely happy to tell you about, about tide lift and, and how we're looking to help. So, you know, the company, I co-founded the company with a couple of colleagues, all of whom are long-term open source folks. You know, I've been working in around commercializing open source for the last 20 years that companies like red hat and, and a number of others as have my co-founders the opportunity that we saw is that, you know, while there have been vendors for some of the traditional systems level, open source components and stacks like Linux, you know, of course there's red hat and other vendors for Linux, or for Kubernetes, or for some of the databases, you know, there's standalone companies for these logs, for shell style projects, there just hasn't been a vendor for them. And part of it is there's a challenge to cover a really vast territory, a typical enterprise that we inspect has, you know, upwards of 10,000 log for shell log for J like components flowing into their application. >>So how do they get a hand around their hands around that challenge of managing that and ensuring it needs, you know, reasonable commercial standards. That's what tide lifts sets out to do. And we do it through a combination of two elements, both of which are fairly unique in the market. The first of those is a purpose-built software solution that we've created that keeps track of the third-party open source, flowing into your applications, inserts itself into your DevSecOps tool chain, your developer tooling, your application development process. And you can kind of think of it as next to the point in your release process, where you run your unit test to ensure the business logic in the code that your team is writing is accurate and sort of passes tests. We do a inspection to look at the state of the third-party open source packages like Apache log for J that are flowing into your, into your application. >>So there's a software element to it. That's a multi-tenant SAS service. We're excited to be partnered with, with AWS. And one of the reasons why we're here in this venue, talking about how we are making that available jointly with AWS to, to drink customers deploying on AWS platforms. Now, the other piece of the, of our solution is really, really unique. And that's the set of relationships that Tyler has built directly with these independent open source maintainers, the folks behind these open source packages that organizations rely on. And, you know, this is where we sort of have this idea. Somebody is making that software in the first place, right? And so would those folks be interested? Could we create a set of aligned incentives to encourage them, to make sure that that software meets a bunch of enterprise standards and areas around security, like, you know, relating to the log for J vulnerability, but also other complicated parts of open source consumption like licensing and open source license, accuracy, and compatibility, and also maintenance. >>Like if somebody looking after the software going forward. So just trying to basically invite open source creators, to partner with us, to level up their packages through those relationships, we get really, really clean, clear first party data from the folks who create, maintain the software. And we can flow that through the tools that I described so that end organizations can know that they're building with open source components that have been vetted to meet these standards, by the way, there's a really cool side effect of this business model, which is that we pay these open source maintainers to do this work with us. And so now we're creating a new income stream around what previously had been primarily a volunteer activity done for impact in this universe of open source software. We're helping these open source maintainers kind of GoPro on an aspect of what they do around open source. And that means they can spend more time applying more process and tools and methodology to making that open source software even better. And that's good for our customers. And it's good for everyone who relies on open source software, which is really everyone in society these days. That's interesting. I >>Was going to ask you what's their incentive other than doing the right thing. Can you give us an example of, of maybe a example of an open source maintainer that you're working with? >>Yeah. I mean, w we're working with hundreds of open source maintainers and a few of the key open source foundations in different areas across JavaScript, Java PHP, Ruby python.net, and, you know, like examples of categories of projects that we're working with, just to be clear, are things like, you know, web frameworks or parser libraries or logging libraries, like a, you know, log for J and all the other languages, right? Or, you know, time and date manipulation libraries. I mean, they, these are sort of the, you know, kind of core building blocks of applications and individually, they, you know, they may seem like, you know, maybe a minor, a minor thing, but when you multiply them across how many applications these get used in and log for J is a really, really clarifying case for folks to understand this, you know, what can seemingly a small part of your overall application estate can have disproportionate impact on, on your operations? As we saw with many organizations that spent, you know, a weekend or a week, or a large part of the holidays, scrambling to patch and remediate this, a single vulnerability in one of those thousands of packages in that case log. >>Okay, got it. So you have this two, two headed, two vectors that I'm going to call it, your ecosystem, your relationship with these open source maintainers is kind of a, that just didn't happen overnight, and it develop those relationships. And now you get first party data. You monetize that with a software service that is purpose built as the monitor of the probe that actually tracks that third, third party activity. So >>Exactly right. Got it. >>Okay. So a lot of companies, Donald, I mean, this is, like I said before, it's a complicated situation. You know, a lot of people don't have the skillsets to deal with this. And so many companies just kind of stick their head in the sand and, you know, hope for the best, but that's not a great strategy. What are the implications for organizations if they don't really put the tools and processes into place to manage their open source, digital supply chain. >>Yeah. Ignoring the problem is not a viable strategy anymore, you know, and it's just become increasingly clear as these big headline incidents that happened like Heartbleed and solar winds. And now this logged for shell vulnerability. So you can, you can bet on that. Continuing into the future and organizations I think are, are realizing the ones that haven't gotten ahead of this problem are realizing this is a critical issue that they need to address, but they have help, right. You know, the federal government, another action beyond that cybersecurity executive order that was directed at federal agencies early last year, just in the last week or so, the FTC of the U S federal trade commission has made a much more direct warning to private companies and industry saying that, you know, issues like this log for J vulnerability risk exposing private, you know, consumer data. That is one of the express mandates of the FTC is to avoid that the FTC has said that this is, you know, bears on both the federal trade commission act, as well as the Gramm-Leach-Bliley act, which relates to consumer data privacy. >>And the FTC just came right out and said it, they said they cited the $700 million settlements that Equifax was subject to for their data breach that also related to open source component, by the way, that that had not been patched by, by Equifax. And they said the FTC intents to use its full legal authority to pursue companies that failed to take reasonable steps, to protect consumer data from exposure as a result of log for J or similar known vulnerabilities in the future. So the FTC is saying, you know, this is a critical issue for consumer privacy and consumer data. We are going to enforce against companies that do not take reasonable precautions. What are reasonable precautions? I think it's kind of a mosaic of solutions, but I'm glad to say tide lift is contributing a really different and novel solution to the mix that we hope will help organizations contend with this and avoid that kind of enforcement action from FTC or other regulators. >>Well, and the good news is that you can tap a tooling like tide lift in the cloud as a service and you know, much easier today than it was 10 or 15 years ago to, to resolve, or at least begin to demonstrate that you're taking action against this problem. >>Absolutely. There's new challenges. Now I'm moving into a world where we build on a foundation of independently created open source. We need new solutions and new ideas, and that's a, you know, that's part of what we're, we're, we're showing up with from the tide lift angle, but there's many other elements that are going to be necessary to provide the full solution around securing the open source supply chain going forward. >>Well, Donald Fisher of tide lift, thanks so much for coming to the cube and best of luck to your organization. Thanks for the good work that you guys do. >>Thanks, Dave. Really appreciate your partnership on this, getting the word out and yeah, thanks so much for today. >>Very welcome. And you are watching the AWS startup showcase open cloud innovations. Keep it right there for more action on the cube, your leader in enterprise tech coverage.

(upbeat music) >> Welcome to this CUBE Conversation. This is part of the second season of the AWS startup showcase, season two, episode one. I'm Dave Nicholson, and I am joined with a very special guest, CEO and co-founder of Tidelift, Mr. Donald Fischer. Donald, welcome to the CUBE. >> Thanks David. Really glad to be here. >> So, first and foremost, tell us about Tidelift. >> Happy to, yeah, so, at Tidelift we're on a mission. Our mission is to make open source software work better for everyone, and when we say that, we mean, make it work better for all the organizations and governments and everybody that depends on open source software to build the applications that we all rely on. But also part of our mission, is making open source work better for the creators of open source. The independent open source maintainers, who are behind so many of those building blocks, technology building blocks that our commerce industry and society is comprised of these days. They've got a hard task to hold up all of that stuff and make sure that it meets, you know, professional grade standards and that we can all rely on it. And so, we want to do our part to help both sides of that equation. >> Fantastic, well, I want to double click on a few of the things that you said, but I think I want to format this by starting out with a little role play between the two of us, if you don't mind. I know you're CEO, but for the sake of this, you're going to be the CIO and I'm going to be the CEO, and we're going to play off some recent events here. So, hey Donald, come on in, sit down. Listen, I want to talk to you about this whole log shell, log for something, or another thing that's going on. So, let me get this straight. Our multinational Fortune 500 company is dependent upon software, that's free, and somehow we've been running this and the people who maintain it, do it for free, we don't pay for it, but somehow this has opened us up to a threat from people who can log into a system we're using to keep track of stuff, and then, what's going on? By the way, you're fired, but I want to know if, I want to know if you can stay on for the next 90 days to train your replacement, but, explain to me what's going on with this whole open-source nonsense? >> Yeah. Don't panic boss. Only about 70 or 80% of the software in our enterprise that is third-party open source software. So, there's definitely, like 20 or 30% that's not, and we're on top of it. Now, yeah, I think it's a, you know, you're right to say, we are completely dependent on this software, that's being created by these, you know, amazing folks on the internet. Boss, you told me that we had to have a global corporation here with modern digital customer experience. We're not going to be able to do it using Microsoft front page from 1997, and there's no other path to take than to build with modern building blocks. And today in, you know, the modern era, that means building on open source packages and technologies across a whole slew of language, ecosystems, like JavaScript and Java PHP, Ruby, Python, .NET, Rust, Go, we use all of it here, boss, and, we don't get to have a business unless we do. >> Okay, so, I didn't understand a word that you just said, but it was enough to convince me to let you keep your job. So, end-scene, we're not getting paid scale wages to do this, Donald, so I think we can go back to our normal personas. So, how does Tidelift play into all of this? I'd really want to hear about this concept of what an open source maintainer is, because these are largely volunteers, aren't they, in terms of the maintenance that they're doing? >> Yeah, so, I mean, open source, there's a lot of different models for open source software development. There certainly are a number of foundational open source projects, certainly at the infrastructure level, like operating systems, databases and things like that, that tend to be, you know, predominantly driven by vendors, software vendors, you know, like you can think of Red Hat, VMware organizations like that. But when you get up to the application development world, teams, building, you know, websites, web applications, mobile applications, most of the building blocks at that tier in these a programming language ecosystems, most of the software there is actually being created, that enterprise organizations use, is being created by individual, independent, open source maintainers, where it's not their day job, it's a side hustle for them. And it's a really interesting question, like, how did we get here? You know, why are these folks doing it? It sort of rhymes with the question I asked myself years ago, like, who's typing all this stuff into Wikipedia, and why? Like, it's amazing resource, I'm so glad it's there, but why are they doing this, right? And it turns out that there's a bunch of motivations there's some cynical motivations for the open source maintainers that people attribute that are practical too, you know, people say your GitHub repository is your resume in as a modern developer, things like that helps you get a reputation, you can use that to get a job. But, when we've talked to the maintainers of the most widely used open source packages, and by that, I mean, thousands of packages that every major organization that builds software relies on, the main reason why they do it is actually impact. We find we've actually done direct surveys of this audience and the reason why they spend their nights and weekends and carve out time, where they could be, you know, getting paid to do something else or going skiing or going to the beach, is it really feels good to have this activity that they put out into the world, and, you know, they know that folks use this stuff and rely on it, and there's a pride in their work and the impact that they're making. But the challenge with this model is that when it's only an impact and pride, and sort of a, you know, a good feeling driven effort, it means that maybe all of the things that organizations might want their standards that organizations might want their software to meet doesn't get done, right? Like it's one thing, if you've got a job as a software engineer, building corporate software, or even as a, you know, a maintainer at a corporate open source company, and you have a checklist of, you know, standard enterprise software development, commercial grade software development tasks that you need to be completing, if you're doing it as a side hustle for good reasons, like impact and, you know, releasing your creative juice, you might not get to some of the more boring aspects of commercial software engineering, like security engineering and some of the documentation and release engineering and, you know, making sure there's structured metadata around all the elements of it. And then that's the gap that we're really trying to fill at Tidelift, by connecting these two audiences. >> Yeah. How? How? You want to fill the gap, you want to connect the audiences, but, how do you do that? >> Yeah, perfect, so, we do it by paying the maintainers, paying the open source maintainers, actual dollars, or the currency of their preference, and what we're paying them for is not just to sort of hack on their projects, or hack on their projects more, we're asking them to help us ensure that the software that the organizations that we work with depend on meets certain specific concrete enterprise standards, and those standards fall into three categories, security, licensing, and maintenance. So, on the security front, you know, a baseline standard, there is making sure that we have known versions of the open source packages that are free of known defects, right? So there's like a catalog of known security defects that the industry uses called the National Vulnerability Database, you may have seen the terminology CVE referred to in passing, that's the identifier for these things. So, we work with the open-source maintainers to make sure that we've figured out, mapped out, which versions of software packages are impacted by known security vulnerabilities. And then we also look forward and make sure that we have a plan in place for what happens in the future when there are security vulnerabilities. So, you know, traditional commercial software, there's a security response team, who's kind of standing by 24/7, ready to respond, and then there's a defined protocol of what's going to happen, in terms of what's called responsible disclosure, telling the right folks in the right sequence, that there is a vulnerability causing there to be a patch version of the software available, communicating that through, you know, traditional commercial software vendors for, you know, years have been doing that internally, that doesn't exist by default for volunteer, you know, part-time open source, independent open source maintainers. So we fill that gap and we pre-wire that with them to make sure that that first track security is can be buttoned up. >> So, you're paying them, are you and your co-founders wealthy philanthropists that are just doing this, or what's the business model here? Now you're pulling these people who were doing it for free, they're happy, but how does that translate into a business model for Tidelift. >> Perfect, so, the work that they're doing, you know, I talked a little bit about security, we also do similar things on those other attributes, like licensing, making sure that the licenses are completely accurate, and we kind of know who wrote the software, et cetera, and then maintenance, is it being proactively cared for going forward? Is somebody still on the case with these projects? Now, the result of all of that work, is we create a vetted catalog of known good open source releases that we've vetted with the experts, often the individuals and teams that wrote the code in the first place, usually, we vet that it meets these enterprise standards. That's a really useful tool for organizations that are building with that. So, the way that we convey that to organizations that are building software in a useful way is we have a SAS service software, that as a service platform, that's what Tidelift is, and basically, the teams that use this stuff, they plug us into their software development process, typically alongside other tools that they might have, like CI/CD tools that are running tests on their application logic, they'll plug in Tidelift into their release process to ensure that those, the 70 or 80% of the software that they ship, that comes from GitHub, comes from the Python package index, or NPM, or the Maven Central Repository for Java, we're vetting that that meets their enterprise standards and ensuring that the ingredients, the building blocks that go into their applications are known good and vetted to these concrete standards. And they are, you know, this is an unsolved problem for almost every serious organization. There's a couple of, you know, over-performing organizations, like Google has done some amazing internal work on this, Amazon has an incredible dedicated team that does this internally for Amazon developers, very few other organizations, even some of the largest multinational companies have a dedicated internal function doing this comprehensively and systematically. Tidelift is that function that these organizations can use. They can work with us and our network, our unique network of hundreds of these independent open source maintainers, to ensure that there is a feed of known good vetted packages to go into their applications. >> So, were maintainers going in and auditing, and editing, and vetting software that was essentially created by others? That's one question, and then the other question that kind of goes along with that is, are you vetting a gold copy of something and saying, this software meets certain criteria, you should feel okay using it, that's one thing. Validating that the actual distribution, you know, the actual code that's being executed in their enterprise is secure and hasn't been tampered with is another thing. So where do you sit in that distribution channel or that supply chain? >> Sure, so, on the distribution front, you can think of us, we're sort of a GPS system that your application developers can use to know which versions of software are going to meet your enterprise standards. We don't create a separate world where we have our own, you know, side copy of the entire development ecosystem. It's not what these organizations want. They don't want to use some weird enterprise world set of open source packages, they want to just, you know, type NPM install have the, you know, software flow into their organization, but they also want it to not have no insecurity vulnerabilities in it, and they don't want to get bitten two weeks or two years later with a license violation, because there was kind of fuzzy, or incomplete data around the open source license. So what we do is, we help them consume the open source software, you know, knowing that it's been vetted to these standards. And then we also work with the open source community to cause the software to be changed to meet those standards, right? So back to the first part of your question, We work with a lot of projects with the prime maintainers, often the authors, as I said, and we've actually been extending our model over the years to work with these open source maintainers to cover not just their own project, but, some of those neighboring projects, right? Like the core projects that their project depends on, other projects that are co-used with them, they have a lot of expertise, and also, you know, relationships with the surrounding open source community there. So, they're working with us as curators, if you will, our ambassadors that help us get on the community and cover as much of the landscape as possible. >> And, so, what's the relationship with AWS? This is, you know, we're talking here as part of the AWS startup showcase season two, episode one, which is, that's actually pretty cool. So we need to, you know, the challenge here is, season one was awesome, much like Ted Lasso, season two, we have big shoes to fill here, Donald. So, what's the-- >> We got to up our game. >> (laughs) What's the relationship with AWS? And, I mean, why would they call you out as someone interesting for us to talk to? >> Yeah, so, we've had a great relationship that we've been investing in, and working on together with AWS. So, every one of AWS's customers faces this challenge around the software workloads that they're deploying on AWS. You know, it's just, you can't argue against the fact that the vast majority of the application software in the modern world is comprised majority of this third-party open source software. And so, it's really important whether it's running on a device, you know, an Edge device, or whether it's running in a Cloud data center, that those applications meet these standards, especially on the security front. So, AWS recognizes this need and opportunity for their customers, and so we've been working really well jointly with them. We're glad to say that we're an ISV, and AWS ISV accelerate partner now, which gives us the ability to co-engage with AWS and work together to solve mutual customers challenges, and we've had a great time working with the AWS team to help scale up our efforts to get the word word out around this important area, and then more importantly, give organizations the tools to address it and make sure that they have a comprehensive strategy for managing their open source in place. >> Fantastic, Donald, we're up against time, but I do have a 10 second answer I'd like from you. Tidelift, is that a reference to a rising tide lifting all boats, or is it an admonishment not to build a house on the beach in Malibu? >> It's the former, you know, think about this network of independent open source maintainers, working together, a rising tide lifts all boats. >> Eight seconds, that was like four seconds. Perfect. Donald Fischer, from Tidelift, thank you so much. For me, Dave Nicholson here at the CUBE. This has been a CUBE Conversation, as part of AWS's startup showcase, season two, episode one. Come to the CUBE for the best in tech coverage. (soft music)

>>Mhm Welcome to the cubes coverage of HP discover 2021. I'm your host lisa martin. I've got a couple of guests with me here from emphasis. Alumni Yuma lacks empathy. Is back. Senior vice president and regional head of EMEA emphasis Yuma. It's great to see you welcome back to the program. >>Yeah. Hi Liza. It's great to be back for discover 2021. It's been a great opportunity to meet with health, a lot of our stakeholders and HP. >>Excellent. We're gonna dig into that. And so do Cutie is here as well. The Cto Cloud Advisory, VP hybrid cloud engineering platforms and automation at emphasis. Sergey Welcome to the program. >>Thank you lisa. It's a pleasure to be in the program is my first time but I really enjoy it. Well, >>Welcome. Welcome. So the next 15 minutes or so we're gonna unpack a survey that was just done as we know cloud has catalyzed a lot in the last year. One of those being cloud adoption. Talk to us about some of the things that you've seen as more and more enterprises are moving workloads to cloud. How is a hybrid cloud enabling businesses to grow, enabling them to actually have a competitive edge? >>Uh lisa if you uh if you look at the pre covid scenario and what there are many, many clients which actually made a significant move into cloud, but there were many few, a few of the companies who didn't really take a mature uh cloud adoption. But those companies which actually did the adoption, we see that have taken a big step with the help of the when the covid hit them because they were able to be very resilient. But at the same time they were able to the cloud adoption really help them to improve their business profits. Uh When we did this cloud radar survey across all the geography is we didn't get across the U. S. The latin, the issue pacific the EMEA markets. And when we looked at uh what our clients and enterprises were able to recover and get all of this whole cloud adoption. We've we've got a number of 414 billions of profits that the enterprises can make by using this cloud adoption. And that's what we saw in this survey that we did with our clients. >>Yeah, that's huge enterprises. The survey found can add up to you said 414 billion and that new profits annually through effective cloud adoption and sticking with you for a second. What does emphasis described as effective cloud adoption? >>When we look at cloud adoption, we have enterprises who started shifting workloads which are very comfortable for them. And then uh then they started to take the more mature understanding of moving workloads which were very critical to the business. So when we look at effective, it is a combination of both the ones that were very easy to go to the cloud, the ones that made business is able to bring in new applications and new go to markets uh to their segments to their clients. But then it is also about taking some of those legacy world clothes and making a choice the right choice to take it by transforming those applications and environments uh, into the cloud direction. And that's what we call us effective. It's just not the easy ones but also those complex and legacy rebuild ones that that effectively goes on to transform itself into a new way for the for their clients and for the experience of the users. >>It's a big changes coming, big opportunities. So as we see, we've talked about this for many times, more and more companies moving to multi cloud arrangements for a variety of reasons, what have been some of the things that emphasis has experienced and what are some of your viewpoints on a multi cloud? >>Thank you, lisa. So, um, if you look around >>right, you know, hybrid >>cloud has been the new normal. Right? And um, and if you look at it, private cloud is becoming an essential component for hosting applications. You know, uh you know, when you look at it, it's more about applications which have low latency requirements, it has regulatory requirements or it has a static demand of infrastructure. Now, what emphasis has done in this space is is that, you know, we have um we have developed a framework which we call it as a right cloud solution framework >>and this is >>focused on implementing a hybrid, multi cloud leveraging and in house developed tools and frameworks as well as platforms along with our strategic partner ecosystem, >>that is our biggest contribution >>onto the hybrid multi cloud world. Now, the foundation of our framework is emphasis public cloud platform. It's a unified multi cloud management platform. It can provision, it can orchestrate, it can also manage the cloud deployment across multiple of the environment. It can be a private, it can be public or it can be on the edge. >>Now, apart from all of these >>things, it also offers features and functionalities very similar to the hyper scholars and either it can be in terms of the user experience or it can be in a commercial model or a technology stack or it can be reports or it can be persona based user experience and integration with multiple systems. It brings all of these functionalities >>seamlessly >>across the >>multiple hybrid >>ecosystem protect. That's the biggest contribution from emphasis in this space. >>Got it. Okay. As we see the just clear growth of multi cloud in every industry. Talk to us about what the cloud radar survey uncovered with respective you've mentioned that big number, the correlation between cloud transformation and profitable growth for enterprises across any industry. >>So I did mention about it uh Liza in in the previous question as well. Then we looked at when we look at enterprises trying to take the cloud adoption. The big benefits for the enterprises do happen when they crossed that uh layer of moving a significant part of their existing legacy in a very transformed new world. And that brings in the new way of working for their customers, for their end users and internally as well for their various stakeholders. And that I think is creating a cost structure for them, which is very, very optimal from where they were. But at the same time, it is enabling their ecosystem of of users and customers to come and operate in a very seamless fashion. And that is the biggest advantage of uh boosting profits for them at the same time, cutting costs within the, within the internal stakeholders. So at one stage you're optimizing your cost at another stage, you're bringing in a easiness for your clients to operate on, which is actually creating that enlarged profit boost. >>We're sticking with you for a second. If we unpack that growth, that business profit growth opportunity that the survey uncovered, Are we talking about things like faster time to market, increasing scale? What are some of the things underneath that hood? >>So, if you if you look at uh traditionally cloud was considered uh the enabler for quick, faster time to market. But now cloud has become the central theme for resilience. If you look at the covid pandemic, uh, those, those enterprises which were already cloud enabled, we're able to resiliently and sustain their business and grow their businesses. So as economy started opening up, if I can talk about an automotive client who is today enriching businesses out of china because they have the first economy that has opened up after the pandemic. So you see a lot of enablement for those enterprises which have already taken the cloud journey. And if you look at Today enterprises are in somewhere around 17-18% of of cloud adopt mint and if they can take that to the 40%, that's when they will see that kind of boosted profits. And we can clearly see about $400 plus billion dollars of profits that enterprises can make. >>All right, so let's talk to you for a second. If we look at some of the survey results, the acceleration that is expected to be seen by in the next year of enterprises moving so many more workloads to cloud. You talked about hybrid cloud. Talk to me about how the experience of working with HP in creating joint solution suites is going to help the customers facilitate and drive that transformation. >>Thank you lisa. So if you look at H P E, H P E comes with a fine set of technology and commercial constructs, you know, that complements our right cloud framework >>and they offer >>the solutions. The whole sort of a lot of solutions offer private cloud as a service which is a major component of our right club framework. >>Either it is a >>continuous service with HP is as ephemeral data platform on HP hardware, or >>Vida as a >>service based on a compose Herbal and Converse infrastructure or H P. S cloud built on >>HPC cloud, build on Cray systems >>and all of them commercially supported with an H. P. S. Green leg offering makes it very attractive for our customers. Now, these integrations have helped us in providing a >>very similar >>metering and billing along with the chargeback solutions, very much in line with what is being provided by Hyper scholars. Apart from this, we >>also work very closely with >>H P E >>to create a >>very compelling sourcing strategy for driving hybrid, cloud driven digital transformation while taking cost out and protecting the existing investments through various financial models for our customers, helping them in terms of transforming their digital estate in the, in the new cloud world. >>And um, I want to get your perspective as well, the HP emphasis partnership talk to me about that being a win win for your clients in every industry. >>So actually uh Liza is a great question and this probably is my third uh cube interview and I've told this previously as well in my previous interviews as well. The relationship between emphasis and hedge P. Is very very strategy and it's it's very very top down driven. And today we've seen very high transformative opportunities that two organizations have come together and we won't call it win win but we call it a win win win which is essentially win for HP win for emphasis but even for the clients as well. So if you look at some of the engagements that we have jointly done, everything has been transformative. I can talk about uh energy client where we've done a huge which will V. D. I. Uh engagement with them where we have been able to take them very uh seamlessly when the covid pandemic hit them so that there are significant part of their right to users but be able to operate from their residences. Uh I can talk about a great story about how we had enabled Green Lake for a wind energy company. Uh and how that Green Lake capability help the customer to migrate the application seamlessly uh to a hybrid cloud. And there are so many examples of similar scale and size when we look at clients in the manufacturing space and the automobile sector where we've really done work very closely with PHP across all regions and all geography is uh to make this what I would call when when very partnership. >>I like that when when when who wouldn't want that one more question for you. Talk to me about the next, as we talked about some of those survey results and I think folks can find that survey, the cloud radar survey on the emphasis dot com website. I found it on the homepage there. But looking at how much Transformation is expected in the next 12 months or so, what are some of the things that we can expect from emphasis on H. P. E. to help drive and catalyze that growth that you expect to see in the next 12 months? >>Yeah. And I was talking to you before this interview and you said that yes, we gotta look at this. And I was feeling very happy that you have the opportunity to look at the side. And you said that look there's an opportunity to also make to continuously provide feedback. And we're very happy for clients to come in and look at it and do provide us the feedback. This is a constant learning for us. We have a big learning company Uh and when it comes to uh the next 12 months of agenda, I think the pipeline is very robust for both us and the hp. In terms of the way we want to take proactive transformational opportunities to the to our clients create a value differentiation on the hybrid cloud for them. And uh clearly uh this this survey clearly came back to reflect back to us that our strategy that we've done together as partners is the right strategy because there is a significant headroom for growth uh in the cloud space for both emphasis and H. B. >>Excellent. Well gentlemen, thank you for joining me today, talking to me about what emphasis and HP are doing together, unpacking some of the significant insights that the cloud radar survey has uncovered. We appreciate your time. >>Thank you lisa. Thank you. Thank you for giving us this >>opportunity. Absolutely. For election. Saw ju I'm lisa martin. You're watching the cubes coverage of HP discover 2021. Yeah. Mhm. Yeah.

(bright upbeat music) >> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders around the globe, these are Cloud Native Insights. >> Hi, I'm Stu Miniman, the host of Cloud Native Insights. We talk about cloud native, we're talking about how customers can take advantage of the innovation and agility that's out there in the clouds, one of the undercurrents, not so hidden if you've been watching the program so far. We've talked a bit about serverless, say something that's helping remove the friction, allowed developers to take advantage of technology and definitely move really fast. So I'm really happy to welcome to the program, for coming from Fauna. First of all, I have the CTO and Co-founder, who's Evan Weaver. And also joining him is the new CEO Eric Berg. They said, both from Fauna, talking serverless, talking data as an API and talking the modern database. So first of all, thank you both for joining us. >> Thanks for having us Stu. >> Hi, good to be here. >> All right, so Evan, we're going to start with you. I love talking to founders always. If you could take us back a little bit, Fauna as a project first before it was a company, you of course were an early employee at Twitter. So if you could just bring us back a little bit, what created the Fauna project and bring us through a brief history if you would. >> So I was employee 15 and Twitter, I joined in 2008. And I had a database background, I was sort of a performance analyst and worked on Ruby on Rails sites at CNET networks with the team that went on to found GitHub actually. Now I went to Twitter 'cause I wanted Twitter the product to stay alive. And for no greater ambition than that. And I ended up running the back end engineering team there and building out all the distributed storage for the core business objects, tweets, timelines, the social graph, image storage, the cache, that kind of thing. And this was early in the cloud era. API's were new and weird. You couldn't get Amazon EC2 off the shelf easily. We were racking hardware and code ancient center. And there were no databases or platforms for data of any kind. They really let us the Twitter engineering team focus on building the product. And we did a lot of open source work there. Some of which has influenced Fauna, originally, Twitter's open source was hosted on the Fauna GitHub account, which predated Twitter like you mentioned. And I was there for four years build out the team, basically scaled the site, especially scaled the Twitter.com API. And we just never found a platform which was suitable for what we were trying to accomplish. Like a lot of what Twitter did was itself a platform. We had developers all over the world using the Twitter API to interact with tweets. And we're frustrated that we basically had to become specialists in data systems because there wasn't a data API, we can just build the product on. And ultimately, then data API that we wished we had, is now Fauna. >> Well, it's a story we've loved hearing. And it's fascinating one, is that the marketplace wasn't doing what we needed. Often open source is a piece of that, how do we scale that out? How do we build that? Realized that the problem that you have is what others have. And hey, maybe there's a company. So could you give us that transition, Fauna as a product, as a company, where was it understood that, hey, there's a lot of other people that can take advantage from some of the same tools that you needed before. >> I mean, we saw it in the developers working with the Twitter platform. We weren't like, your traditional database experiences, either manage cloud or on-prem, you have to administrate the machine, and you're responsible for its security and its availability and its location and backups and all that kind of thing. People building against Twitter's API weren't doing that. They're just using the web interface that we provided to them. It was our responsibility as a platform provider. We saw lots of successful companies being built on the API, but obviously, it was limited specifically to interacting with tweets. And we also saw peers from Twitter who went on to found companies, other people we knew in the startup scene, struggling to just get something out the door, because they had to do all this undifferentiated heavy lifting, which didn't contribute to their product at all, if they did succeed and they struggled with scalability problems and security problems and that kind of thing. And I think it's been a drag on the market overall, we're essentially, in cloud services. We're more or less built for the enterprise for mature and mid market and enterprise companies that already had resources to put behind these things, then wasn't sort of the cloud equivalent of the web, where individuals, people with fewer resources, people starting new projects, people doing more speculative work, which is what we originally and Jack was doing at Twitter, it just get going and build dynamic web applications. So I think the move to cloud kind of left this gap, which ultimately was starting to be filled with serverless, in particular, that we sort of backtracked from the productivity of the '90s with the lamp era, you can do everything on a single machine, nobody bothered you, you didn't have to pay anyone, just RPM install and you're good to go. To this Kubernetes, containers, cloud, multi site, multi region world where it's just too hard to get a basic product out the door and now serverless is sort of brought that around full circle, we see people building those products again, because the tools have probably matured. >> Well, Evan, I really appreciate you helping set the table. I think you've clearly articulated some of the big challenges we're seeing in the industry right now. Eric, I want to bring you into the conversation. So you relatively recently brought in as CEO, came from Okta a company that is also doing quite well. So give us if you could really the business opportunity here, serverless is not exactly the most mature market, there's a lot of interest excitement, we've been tracking it for years and see some good growth. But what brought you in and what do you see is that big opportunity. >> Yeah, absolutely, so the first thing I'll comment on is what, when I was looking for my next opportunity, what was really important is to, I think you can build some of the most interesting businesses and companies when there are significant technological shifts happening. Okta, which you mentioned, took advantage of the fact of SaaS application, really being adopted by enterprise, which back in 2009, wasn't an exactly a known thing. And similarly, when I look at Fauna, the move that Evan talked about, which is really the maturation of serverless. And therefore, that as an underpinning for a new type of applications is really just starting to take hold. And so then there creates opportunities that for a variety of different people in that stack that to build interesting businesses and obviously, the databases is an incredibly important part of that. And the other thing I've mentioned is that, a lot of people don't know this but there's a very good chunk of Okta's business, which is what they call their customer identity business, which is basically, servicing of identity is a set of API's that people can integrate into their applications. And you see a lot of enterprises using this as a part of their digital transformation effort. And so I was very familiar with that model and how prevalent, how much investment, how much aid was out there for customers, as every company becoming a software company and needing to rethink their business and build applications. And so you put those two trends together and you just see that serverless is going to be able to meet the needs of a lot of those companies. And as Evan mentioned, databases in general and traditionally have come with a lot of complexity from an operational perspective. And so when you look at the technology and some of the problems that Fauna has solved, in terms of really removing all of that operational burden when it comes to starting with and scaling a database, not only locally but globally. It's sort of a new, no brainer, everybody would love to have a database that scales, that is reliable and secure that they don't have to manage. >> Yeah, Eric, one follow up question for you. I think back a few years ago, you talked to companies and it's like, okay, database is the center of my business. It's a big expense. I have a team that works on it. There have been dealt so much change in the database market than most customers I talked to, is I have lots of solutions out there. I'm using Mongo, I've got Snowflake, Amazon has flavors of things I'm looking at. Snowflake just filed for their IPO, so we see the growth in the space. So maybe if you could just obviously serverless is a differentiation. There's a couple of solutions out there, like from Amazon or whether Aurora serverless solution but how does Fauna look to differentiate. Could you give us a little bit of kind of compared to the market out there? >> Sure, yeah, so at the high level, just to clarify, at the super high level for databases, there tends to be two types operational databases and then data warehouse which Snowflake is an example of a data warehouse. And as you probably already know, the former CEO of Snowflake is actually a chairman of Fauna. So Bob Muglia. So we have a lot of good insight into that business. But Fauna is very much on the operational database side. So the other half of that market, if you will, so really focused on being the core operational store for your application. And I think Evan mentioned it a little bit, there's been a lot of the transformation that's happened if we rewind all the way back to the early '90s, when it was Oracle, and Microsoft SQL Server were kind of the big players there. And then as those architectures basically hit limits, when it came to applications moving to the web, you had this whole rise in a lot of different no SQL solutions, but those solutions sort of gave up on some of the promises of a relational database in order to achieve some of the ability to scale in the performance required at the web. But we required then a little bit more sophistication, intelligence, in order to be able to basically create logic in your application that could make up for the fact that those databases didn't actually deliver on the promises of traditional relational databases. And so, enter Fauna and it's really sort of a combination of those two things, which is providing the trust, the security and reliability of a traditional relational database, but offering it as serverless, as we talked about, at the scale that you need it for a web application. And so it's a very interesting combination of those capabilities that we think, as Evan was talking about, allows people who don't have large DevOps teams or very sophisticated developers who can code around some of the limitations of these other databases, to really be able to use a database for what they're looking for. What I write to it is what I'm going to read from it and that we maintain that commitment and make that super easy. >> Yeah, it's important to know that the part of the reason that operational database, the database for mission critical business data has remained a cost center is because the conventional wisdom was that something like Fauna was impossible to build. People said, you literally cannot in information science create a global API for data which is transactional and consistent and suitable for relying on, for mission critical, user login, banking payments, user generated content, social graphs, internal IT data, anything that's irreplaceable. People said, there can be no general service that can do this ubiquitously a global internet scale, you have to do it specifically. So it's sort of like, we had no power company. Instead, you could call up Amazon, they drive a truck with a generator to your house and hook you up. And you're like, right on, I didn't have to like, install the generator myself. But like, it's not a good experience. It's still a pain in the neck, it's still specific to the location you're at. It's not getting utility computing from the cloud the way, it's been a dream for many decades that we get all our services through brokers and API's and the web and it's finally real with serverless. I want to emphasize that the Fauna it technology is new and novel. And based on and inspired by our experience at Twitter and also academic research with some of our advisors like Dr. Daniel Abadi. It's one of the things that attracted us, Snowflake chairman to our company that we'd solve groundbreaking problems in information science in the cloud, just the way Snowflakes had. >> Yeah, well and Evan, yeah please go on Eric. >> Yeah, I'm just going to have one thing to that, which is, in addition, I think when you think about Fauna and you mentioned MongoDB, I think they're one of a great examples of database companies over the last decade, who's been able to build a standalone business. And if you look at it from a business model perspective, the thing that was really successful for them is they didn't go into try to necessarily like, rip and replace in big database migrations, they started evolving with a new class of developers and new applications that were being developed and then rode that obviously into sort of a land and expand model into enterprises over time. And so when you think about Fauna from your business value proposition is harnessing the technological innovation that Evan talked about. And then combining this with a product that bottoms up developer first business motion that kind of rides this technological shift into you creating a presence in the database market over time. >> Well, Evan, I just want to go back to that, it's impossible comment that you made, a lot of people they learn about a technology and they feel that that's the way the technology works. Serverless is obviously often misunderstood from the name itself, too. We had a conversation with Andy Jassy, the CEO of AWS a couple years ago, and he said, "If I could rebuild AWS from the ground up today, "it would be using all serverless," that doesn't mean only lambda, but they're rebuilding a lot of their pieces underneath it. So I've looked at the container world and we're only starting the last year or so, talking about people using databases with Kubernetes and containers, so what is it that allows you to be able to have as you said, there's the consistency. So we're talking about acid there, not worry about things like cold starts, which are thing lots of people are concerned about when it comes to serverless and help us understand a little bit that what you do and the underlying technologies that you leverage. >> Yeah, databases are always the last to evolve because they're the riskiest to change and the hardest to build. And basically, through the cloud era, we've done this lift and shift of existing on premises solutions, especially with databases into cloud machines, but it's still the metaphor of the physical computer, which is the overriding unit of granularity mental concept, everything like you mentioned, containers, like we had machines then we had Vms, now we have containers, it's still a computer. And the database goes in that one computer, in one spot and it sits there and you got to talk to it. Wherever that is in the world, no matter how far away it is from you. And people said, well, the relational database is great. You can use locks within a single machine to make sure that you're not conflicting your data when you update it, you going to have transactionality, you can have serialize ability. What do you do, if you want to make that experience highly available at global scale? We went through a series of evolutions as an industry. From initially that the on-prem RDBMS to things like Google's percolator scheme, which essentially scales that up to data center scale and puts different parts of the traditional database on different physical machines on low latency links, but otherwise doesn't change the consistency properties, then to things like Google Spanner, which rely on synchronized atomic clocks to guarantee consistency. Well, not everyone has synchronized atomic clocks just lying around. And they're also, their issues with noisy neighbors and tenancy and things because you have to make sure that you can always read the clock in a consistent amount of time, not just have the time accurate in the first place. And Fauna is based on and inspired and evolved from an algorithm called Calvin, which came out of a buddy's lab at Yale. And what Calvin does is invert the traditional database relationship and say, instead of doing a bunch of work on the disk and then figuring out which transactions won by seeing what time it is, we will create a global pre determined order of transactions which is arbitrary by journaling them and replicating them. And then we will use that to essentially derive the time from the transactions which have already been committed to disk. And then once we know the order, we can say which one's won and didn't win and which happened before, happen after and present the appearance of consistency to all possible observers. And when this paper came out, it came out about a decade ago now I think, it was very opaque. There's a lot of kind of hand waving exercises left to the reader. Some scary statements about how wasn't suitable for things that in particular SQL requires. We met, my co-founder and I met as Fauna chief architect, he worked on my team at Twitter, at one of the database groups. We were building Fauna we were doing our market discovery or prototyping and we knew we needed to be a global API. We knew we needed low latency, high performance at global scale. We looked at Spanner and Spanner couldn't do it. But we found that this paper proposed a way that could and we can see based on our experience at Twitter that you could overcome all these obstacles which had made the paper overall being neglected by industry and it took us quite a while to implement it at industrial quality and scale, to qualify it with analysts and others, prove to the world that it was real. And Eric mentioned Mongo, we did a lot of work with Cassandra as well at Twitter, we're early in the Cassandra community. Like I wrote, the first tutorial for Cassandra where data stacks was founded. These vendors were telling people that you could not have transactionality and scale at the same time, and it was literally impossible. Then we had this incrementalism like things with Spanner. And it wasn't till Fauna that anyone had proved to the world that that just wasn't true. There was more marketing around their failure to solve the information science problem, than something fundamental. >> Eric, I'm wondering if you're able to share just order of magnitude, how many customers you have out there from a partnership standpoint, we'd like to understand a little bit how you work or fit into the public cloud ecosystems out there. I noticed that Alphabets General Venture Fund was one of the contributors to the last raise. And obviously, there's some underlying Google technology there. So if you could just customers and ecosystem. >> Yeah, so as I mentioned, we've had a very aggressive product lead developer go to market. And so we have 10s of thousands of people now on the service, using Fauna at different levels. And now we're focused on, how do we continue to build that momentum, again, going back to the model of focus on a developer lead model, really what we're focused on there is taking everything that Evan just talked about, which is real and very differentiated in terms of the real core tech in the back end and then combining that with a developer experience that makes it extremely easy to use and really, we think that's the magic in terms of what Fauna is bringing, so we got 10s of thousands of users and we got more signing up every day, coming to the service, we have an aggressive free plan there and then they can migrate up to higher paying plans as they consume over time. And the ecosystem, we're aggressively playing in the broader serverless ecosystem. So what we're looking at is as Evan mentioned, sometimes the databases is the last thing to change, it's also not necessarily the first thing that a developer starts from when they think about building their application or their website. And so we're plugging into the larger serverless ecosystem where people are making their choices about potentially their compute platform or maybe a development platform like I know you've talked to the folks over at JAMstack, sorry at Netlify and Purcell, who are big in the JAMstack community and providing really great workflows for new web and application developers on these platforms. And then at the compute layer, obviously, our Amazon, Google, Microsoft all have a serverless compute solution. CloudFlare is doing some really interesting things out at the edge. And so there's a variety of people up and down that stack, if you will, when people are thinking about this new generation of applications that we're plugging into to make sure that the Fauna is that the default database of choice. >> Wonderful, last question, Evan if I could, I love what I got somebody with your background. Talk about just so many different technologies maturing, give us a little bit as to some of the challenges you see serverless ecosystem, what's being attacked, what do we still need to work on? >> I mean, serverless is in the same place that Lamp was in the in the early '90s. We have the old conservatives ecosystem with the JAMstack players that Eric mentioned. We have closed proprietary ecosystems like the AWS stack or the Google Firebase stack. As to your point, Google has also invested in us so they're placing their bets widely. But it's seeing the same kind of criticism. That Lamp, the Linux, Apache, MySQL, PHP, Perl, it's not mature, it's a toy, no one will ever use this for real business. We can't switch from like DV2 or mumps to MySQL, like no one is doing that. The movement and the momentum in serverless is real. And the challenge now is for all the vendors in collaboration with the community of developers to mature the tools as those the products and applications being built on the new more productive stack also mature, so we have to keep ahead of our audience and make sure we start delivering and this is partly why Eric is here. Those those mid market and ultimately enterprise requirements so that business is built on top of Fauna today, can grow like Twitter did from small to giant. >> Yeah, I'd add on to that, this is reminiscent for me, back in 2009 at Okta, we were one of the early ISVs that built on in relied 100% on AWS. At that time there was still, it was very commonplace for people racking and stacking their own boxes and using Colo and we used to have conversations about I wonder how long it's going to be before we exceed the cost of this AWS thing and we go and run our own data centers. And that would be laughable to even consider today, right, no one would ever even think about that. And I think serverless is in a similar situation where the consumption model is very attractive to get started, some people sitting there, is it going to be too expensive as I scale. And as Evan mentioned, when we think about if you fast forward to kind of what the innovation that we can anticipate both technologically and economically it's just going to be the default model that people are going to wonder why they used to spend all these time managing these machines, if they don't have to. >> Evan and Eric, thank you so much, is great to hear the progress that you've made and big supporters, the serverless ecosystem, so excited to watch the progress there. Thanks so much. >> Thanks Stu. >> Thanks for having us Stu. >> All right and I'm Stu Miniman. Stay tuned. Every week we are putting out the Cloud Native Insights. Appreciate. Thank you for watching. (bright upbeat music)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Hi, I'm Stu Miniman, the host of Cloud Native Insights. And when we kicked off this program, Cloud Native Insights, we wanted to talk about the innovation and agility that's happening, not just Cloud as a location. We're going to draw down a little bit into one of the very important pieces of a company and that's their websites and their applications, that live in that environment. And of course, that comes from a lot of changes over the years. Any of us that have been in tech for a couple of decades have worked from the early days, to of course today's multimedia globally distributed environment and everyone during the global pandemic, of course, has been (indistinct) straining their use of the internet. So really excited to welcome to the program the two co-founders of Netlify. I have Matt Biilmann, who is the CEO, and his co-founder Christian Bach, who is the president both of Netlify really the company behind Jamstack, which we're going to explain and talk about a bit. Matt and Chris, thank you so much for joining us. >> Thanks for having us. >> Thank you for having us >> All right so, let's start with just some of the basics. I expect that some of our audience is not familiar with Jamstack. You do a quick Google search and it's JavaScript, its APIs, its markup. And you say, okay, I understand what a bunch of that means. But, yeah, if you could give us kind of a compare contrast to what web development was before and how Jamstack's really helping to revolutionize what's happening in this space. >> Yes, so for many years, we built websites and web applications with an application based architecture, where every website or every application would be this monolithic application with typically like a load balancer, a set of web servers, application servers, and that database and every request through a page would go through this whole stack it would pass through the application layer, talk to the database, fetch template, merge data and template, build HTML on the fly and send it back to the user. And basically what we saw happening and what's been happening with the Jamstack is this decoupling of the actual front-end presentation layer of the websites and web applications and then the back-end layer. And the advantages there is that if you can really pre-build the front-end application layer, you can take the actual HTML, or an application shell and distribute it across a globally distributed network, you can get it into the hands of the user's browser very quickly. And then the back end, what we've seen happening there is that it's split up to all these different APIs and services you no longer have your one monolithic back end you have all these different services. Where some of your own but a lot of them are other people's services like Stripe or Twilio or Algolia or Contentful. So we've seen this shift to this architecture, where we're considered in a way that the stack has moved up a little from the old tooling where something like the LAMP stack would be common in really naming the programming language, the specific web server, the Linux server, the operating system, and so on right? And then up to a level where it's really about getting an application into the browser, using JavaScript as the runtime and talking to this whole new economy of APIs and services. >> Yeah, Chris I wonder if you could bring us inside your customers and the companies that you talk to. I think about for the longest time it was, maybe I just outsource my web development, but website is one of those key components that I share my value, I share what's going on, I want to be able to change it pretty often and there's so much more that I can do today than I could have done 10 years ago. We've watched that mark. So, help us understand, what skill sets do people need to have? what type of companies are using Jamstack? And, bring in if you can, Netlify. How is this a business and not just, an open source standards movement, that's helping to revolutionize what's happening? >> Absolutely, I mean, First of all, people using this and companies use this is extremely wide. Wide vertical, right? Its very horizontal. This is anyone with a digital property basically, right? I think what we've seen all the time is that, that we have a lot more channels than we used to have, right? So we started off just maybe having the one dot com, right? With limited functionality. And today, you have a multiple channels, right? You have the landing pages, you have the domains, you have lots of activities online. You have mobile apps and commerce is often a big part of it, and I would say especially the last few months, there's a lot of people that had the digital convergence points as one of many. And now it's the only ones, right? So I think it's become extremely important. I also think that when you look at your web infrastructure in general, it has been very complex, right? And you need a lot of different people, right? And you need to maintain staging environments, production lines, development environments. You need to, have a wide set of skills to maintain these things, right? And if a web developer wanted to do a lot of things, right? They have to go and tap DevOps and so on on the shoulder, right? And I think what the Jamstack is about saying, hey, you can get so much further as a web developer. Now, if you take the modern built tools, you can take the Git workflows, and you wrap around the browser that has become a full-fledged operating system and the API economy as Matt was just talking about. You have these workflows, or you potentially have these workflows, where you can get so much further, right? And that's very much Netlify submission. So Netlify saw this opportunity of decoupling the front end from the back end of the building from the hosting of creating an approach to making websites that would be many times faster, 'cause you have multiple points of origin and you don't feel fredurous. It's many times safer. There's not that huge surface area of attack. It's much more scalable, and so on. It was sort of a win-win-win. But the problem was, there was no viable workflow. If you take a traditional CDN, and you put it in, it doesn't matter really, if it's one or the other. As good as they (indistinct) services, they're all meant to sit in front of an origin, right? They're meant to buffer something. And if you have the gems, there's no origin in that way, right? The network in itself has to be an origin so it has to be architectured quite differently. And then there's a lot of things around CDCI and how you server lists and so on. That all had to be sort of re-merged . And Netlify is that glue, it is that platform that takes you from local development all the way out to edge nodes. But allows you to mix and match any tool. So it's not program independent. So you can say, well, we use a build tool, and that's PHP or Ruby or JavaScript, the react or Next or whatever it might be, right? And we use these APIs for this server, for this property. Over here we have a commerce site. Over here, we have a dotcom, that needs a huge enterprise CMS with tons of stakeholders. But the thing is that all of those now becomes something that plugs into your website. Rather than have to drive the website itself. And that's sort of frees up the silos. So when we see people using Netlify, we have companies using Netlify. Big Fitness Company, for example, that own fitness company that uses us for developer documentation, or their marketing sites, but also for their dotcom. But even if you go to the equipment that people have at home, and you log in, that's actually using some very nifty identity and remote based access control for Netlify and if you watch the video there, it's also going through a Netlify player, all right? We have fast food chains that has their dotcom and their marketing sites, but also the kiosks down in the store like the menus, the screens there. Rather than being an old Windows NT server running some .NET application in a dusty corner, why not have it like that? And so, both the category but also Netlify sort of brings in a solution and because it's decoupled from all those architectural choices, that means that you can now use the solution in a much, much wider setting. And we were sort of first to market doing this. They get serverless approach where you just push your serverless functions to get better Netlify. First Feature Deploy Previews Were invented by us and so on. So the Jamstack is an extremely wide fundamental architectural approach that matches basically anyone that wants to build web properties. Netlify is the segnostic wide platform that just makes it possible. >> Yeah, good Chris actually, I saw the Peloton use case up on the website and you're right, a very different experience rather than I bring my device, is it synced? Does it work with it? Really integrates those solutions. And you just brought up serverless, which is actually how I got connected to talk in Netlify. So, Matt, sorry, I think you wanted to jump in there but I was wondering if you could help us. I've looked at serverless and what the promise of serverless of course, is that I don't need to think about that underlying infrastructure. I just like developers build our applications. Well, feels like that's really the same mission that you have. And they're serverless is a piece of your story. So, maybe explain (indistinct) that out a little for us. >> Absolutely, I think it ties in, right? Basically, what we saw just from a architectural perspective was this approach of really decoupling front end and back end and so on and working in a new way that gave a lot of benefits to the inducers in performance and security and so on right? But on the other hand, early on, what we saw was that to adopt that approach, like developers had to deal with lot of different moving pieces like CICD, CDN. What to do about the API endpoints that didn't need to be dynamic, and so on. And as Netlify, what we saw was that we could give one intro and workflow for all of this and make it extremely easy for developers to work with this thing. And serverless plays a really important piece there, right? Because when Amazon pioneered AWS Lambda and took it to the world, right? I think the promise also for the front-end web developers of being able to simply write code and then not have to worry at all about where is it actually running? How are we scaling it? How are we operating it and so on, right? That's a really powerful promise, right? But at the same time, in the same way, what we saw earlier on was that for a front-end team to actually adopt serverless functions as part of the Jamstack, it introduced another level of complexity of now having to manage your serverless functions independent from your front end figuring out API Gateway endpoints for every one of them. And how about deployment pipeline for your functions layer versus deployment pipelines for the actual front end layer that's supposed to talk to those front ends. How about staging environments versus to production environments? How do you manage all that, right? So we saw that there was this inherent incredible potential, but also a lot of complexity, right? And as Netlify we saw that if we could give front end developers a web developers in general, an ene-to-end workflow, where they can work both with the front-end framework, write the code that will get deployed into the browser, but also just have a folder where they can write this serverless functions and then know that Netlify will take care of all of the wiring, right? When you open a pull request and get with new function we'll give you a URL on our globally distributed CDN where you can view both the whole front end, but also the function and sidestep sort of all of the complexities of linking together API Gateways, to functions of managing CICD pipelines and test environments and so on. And in the end, the serverless functions starts becoming a really important part of this Jamstack approach, right? Because you have this world where you have a front end that's often talking to many different APIs and services where again, some of your own and some other people's services. But really often you need some place to glue those together or to build your own custom API endpoint that talks to a couple of them and it has access to server site secrets and so on, right? And this idea of not having to suddenly operate and manage a whole set of servers and infrastructure just for that part of it, but simply just writing the code and then knowing, that you don't have to worry about the operation scalability or anything around that code. That's a really powerful paradigm. >> Yeah, that's one of the real challenges of the Cloud as you talk about the Paradox of Choice. There's so many ways to do things. Not necessarily... It's simple anybody... I was a blogger for many years and it was like, well, I'll just use the self-hosted WordPress, because I don't want to have to worry about that piece of it. Matt, I watched it you did a presentation talking about if I wanted to do WordPress hosted in a AWS that absolutely is not simple. I heard a podcast from one of your board members, Tom Preston Werner, talking about we need to be more opinionated. We need to be able to give more guidance to developers, maybe Chris if you could, how are we when the proliferation of choice, keeps increasing, making sure that people can... How do I make that decision tree? And how do we try to keep it simple? >> Absolutely, I mean, and I actually think that, that's a super relevant question, because you have a lot of choice as a web developer today. Front-end developers used to cut out Photoshop files and turn them into HTML, right? Now with the new advanced markup, and they have all these frameworks and flavors of JavaScript to choose between and there's these powerful build tools, And all those workflows and the browser can do everything you can imagine, right? And so yeah, there is a lot of choice out there, right? And I think, for Netlify what's extremely important is that we are opinionated in the right places. And so when it comes to, for example, a front-end tool and built tools and these things that web developers often face with having to choose between. Our role is to make it as simple as possible to use any of them. But also give you the opportunity of saying, well, this new paradigm allows you to actually mix and match, right? It allows you to use this tool for this property and this tool for this property and gives you a ton of flexibility. But still, come under one roof of a platform like Netlify. And I think that is very powerful. And so we also don't want to choose for you, we want to inform your choices and we want to make it as easy as possible to go and say, hey, these are my needs, what direction should I be going? And of course, we work with enterprise clients, so on migration services, and so on, right? And where we help them a lot with that. But if we locked down on a single flavor, or a single bill tool or a single front end framework, then we also limit the application of what we bring to market and we want to remain a little more open-ended there. But I think there's a lot complexity, a platform like Netlify is all about simplification. So all that wiring that Matt just mentioned, that at least goes, right? You don't spend hours configuring bondage caching and trying to find those edge cases, it just works. And that's a huge game changer for a lot of people, right? But there's definitely parts of the ecosystem that has a lot of choice. And we do our best to inform. And I think, under hand holding part, adjacent to that is the story of, well, do we then start using content management systems? Is this a whole new? Is it out with the old and in with the new? And I would say, you still have a lot of those needs, right? You still have non-technical people, for example, that needs to be able to update and create moves and content, and so on, right? And create content. And so you very often will need and an E-commerce solution or content management systems and so on. But what we're seeing there, is that we're speaking basically with every single major CMS out there. That are saying we're working on a headless system, or we already have a headless version, or we just gone full headless, that means that we work decoupled. So we don't no longer need to build the site. But we just provide like an independent source of content. And then it plugs into a platform like Netlify. So that can bring a lot of simplicity. And now you just have to maintain your content, but you don't have to worry about all the different environments and what is up to date and how does some of the infrastructure look like you press a button that commits to get a default preview, and it looks the same everywhere. >> I'm curious, what impact the current global pandemic has had on Netlify, and your customers. I saw you've got a COVID tracking project that you've done. But also now just there's different considerations when I think about what services I need to access from the web and what kind of connectivity the ultimate end user would have. So, what learnings have you had? What's involved there? >> In, obviously we, it depends a lot on, as Chris mentioned, right? The game circus is adopted horizontally across all kinds of areas and businesses and so on, right? So, we've of course seen businesses in sectors that are having a hard time and on the other hand, we've seen businesses and sectors that are exploding, right? We did immediately when the lockdown started happening and the pandemic started happening we set aside like a free plan for projects working in the space of tackling the information sharing around COVID and finding solutions and so on. And that was really interesting to see you mention the COVID tracking project, right? Which was a project like built a short time by small group of distributed incredibly talented front end developers and scientists and so on, right? And I think it was interesting to see that, how the Jamstack and our tooling and so on also really made it possible for them to build as a small distributed team the set of data information and tooling to a global audience, right? Seeing huge traffic peaks at time and just knowing that their architecture and our infrastructure could handle it for them. >> All right. Chris, I've got one, a little bit off to the side here. When I look at what Netlify is doing, you talk about having an open and independent web. And while we are fully supportive of that, we're a little concerned sometimes. If you look at what's happening across the globe, there's a lot of discussions. Will the internet actually fragment? Will certain countries wall off certain environments? Any concerns there? What do you look at? What are you hearing from your customers when you talk about that mission? >> It's one of the big challenges of all time, right? I think we all maybe took for given the Internet as the standard it became right? The way that you can publish without permission is pretty magnificent, right? And it would be indescribably painful for civilization if we lost that, right? And I think fragmentation is something that we all have to sort of worry around. From the way we see it, is that the web, the traditional monolithic approach, right? To which led to as a web that wasn't secure enough and wasn't scalable enough and wasn't performing enough and that's, for example, what opened the door for mobile applications, right? Where it just didn't make sense to pull in the UI every time you turn the page. So we ended up with a form that's it. We prebuilt the application, you download it, and then you speak to service for anything then atmosphere come up with it, right. And that makes perfect sense. That's basically the same architecture that we're bringing to the web a very large scale. Of course, the problem is that now there are gatekeepers there, right? There people, you have to ask for permission to publish and so on. And, and there are other attempts to say, "Hey, we need a performing web." And there's a very big players out there that say, "Let's come over and just..." Do we even need to call it the Internet? Can we just call it our company website? I'm not going to name any names here, right? But leading down, it's what we've called walled gardens, that are great for absolutely no one except for the company. And what we believe is that if you have a web that is secure and is scalable, and it's performant enough to justify at least the architecture maintaining and not having to run into any walled gardens and still say no, you don't need to use a handful of commercial platforms if you want to be heard rather than have your own web properties on your own custom domains, right? I think that's the part of the open independent viable web that we're fighting for. Basically, one that adopts and keeps adopting an architecture that is something that levels the playing field. And then they would also say, why Netlify? I mean, a few years before we started, like, try configuring your own CDN. And like that was reserved for the very, very large tech players. Now you can comment, you can literally click a button on Netlify, you get custom domain and ACS post process site that's globally distributed, automatically integrated into get. And that's on the premium plan. And so as a startup, you can level set together with everyone else and be available widely across the globe without performance issues, immediately. And so in that way, I'm also seeing that's a democrat sensation of performance, right? That means that, that's great. And for places where you see developing economies, where you often have brownouts, where you often can't depend on having viable services and is locally and so on, this idea of having he cover that and having something that's just automatically, you know what, don't even worry about it, because it's already ready to go in all these packets all around the world. That's a huge game changer. That's actually what we see a lot of adoption of the gems they can never find in those places as well. Guess that's just such a promise to the architecture. So, I hear what you're saying and I'm also very concerned about a fragmented web for political reasons as well across the globe. And from our angle, the way we fight for this is to make sure that it retains using an architecture that makes it accessible for me. >> Yeah, I heard many years ago, a friend of mine said, if you're a technologist it means that in general you are a technology optimist, which I definitely try to be. So, I love Chris how you've just brought in some of the potential opportunity Matt, I want to give you just... People out there they hear like oh, 5G is coming, it's going to completely change the world. Anything that you're seeing on your side as to real opportunities that we will see, just a step function in what your company is using. Jamstack, partnering with Netlify in your ecosystem. What are some of the early things that you see that are exciting you down the line for this? >> Part of it is simply like the whole ecosystem around the gem stalk growing up and the tooling, the APIs, the frameworks available around it, and the level of innovation that's triggered. And especially how it's triggering in... Especially how we're seeing like the potential for small, distributed teams to work together and build things with a global impact in a short time. And I remember a couple of years ago, we did a hackathon with together with freeCodeCamp. And of course, like since it was with freeCodeCamp, it was mostly like teams were mostly fairly new to programming and so on, right? It was pretty amazing to see what over a weekend with this architecture and with this tooling, with the vendors that were present there and helping out and so on, what the small teams could actually get done in a weekend, right? Like I remember the winning team had an app where the whole room would see an image on the main stage screen and then on their phone, try to place that image on the map and you would real time see how people ranked, how close they got and get a winner and so on, right? And that was all just from combining APIs and tooling, like history, like Netlify, like Honor Bee, like Google Maps, and so on, right? And I think, in some way we shouldn't forget just how much this kind of ecosystem of readily available APIs and services around this front end stake. It's allowing people to build things that years ago would have taken a very big team probably like a year to build, and suddenly you can have a relatively small group of relatively new programmers built something really impressive, right? So I think that's a trend we'll see continue accelerating And me and Chris are personally involved in advising and helping out a lot of these new startups in the space that are trying to bring new tooling to the world that makes more and more of these things possible and accessible. >> Well, Chris and Matt, I really appreciate you both joining such an exciting space. Talk about the cloud, agility and innovation, such a robust ecosystem. Thank you so much for joining. >> Thanks for having us. >> Thanks for having us. >> And I'm Stu Miniman. Thank you for joining and look forward to hearing more about your CUBE insight. (soft music)

>>From Las Vegas. It's the cube covering Qualis security conference 2019 you buy quality. >>Hey, welcome back. You're ready. Jeff Frick here with the cube. We're in Las Vegas at the Bellagio, at the quality security conference. It's the 19th year they've been doing this. It's our first year here and we're excited to be here and it's great to have a veteran who's been in this space for so long, to give a little bit more of a historical perspective as to what happened in the past and where we are now and what can we look forward to in the future. So coming right off his keynote is Felipe korto, the chairman and CEO of Qualys. Phillip, great to see you. Thank you. Same, same, same for me. Absolutely. So you touched on so many great, um, topics in your conversation about kind of the shifts of, of, of modern computing from the mainframe to the mini. We've heard it over and over and over, but the key message was really about architecture. If you don't have the right architecture, you can't have the right solution. So how has the evolution of architects of architectures impacted your ability to deliver security solutions for your clients? >>So now that's a very good question. And in fact, you know, what happened is that we started in 1999 with a vision that we could use exactly like a salesforce.com this nascent internet technologies and apply that to security. And uh, so, and mod when you have applied that to essentially changing the way CRM was essentially used and deployed in enterprises and with a fantastic success as we know. So for us, the, I can say today that 19 years later the vision was right. It took a significant longer because the security people are not really, uh, warm at the idea of silently, uh, having the data in their view, which was in place that they could not control. And the it people, they didn't really like at all the fact that suddenly they were not in control anymore of the infrastructure. So we had a lot of resistance. >>I, wherever we always, I always believe, absolutely believe that the, the cloud will be the cloud architecture to go back. A lot of people make the confusion. That was part of the confusion that for people it was a cloud, that kind of magical things someplace would you don't know where. And when I were trying to explain, and I've been saying that so many times that well you need to look at the cloud like compute that can architecture which distribute the competing power far more efficiently than the previous one, which was client server, which was distributing the convening power far better than of course the mainframes and the mini computers. And so if you look at their architectures, so the mainframe were essentially big data centers in uh, in Fort Knox, like settings, uh, private lines of communication to a dump terminal. And of course security was not really issue then because it's security was built in by the IBM's and company. >>Same thing with the mini computer, which then was instead of just providing the computing power to the large, very large company, you could afford it. Nelson and the minicomputer through the advanced in semiconductor technology could reduce a foot Frank. And then they'll bring that computing power to the labs and to the departments. And was then the new era of the digital equipment, the prime, the data general, et cetera. Uh, and then kind of server came in. So what client server did, again, if you look at the architecture, different architecture now silently servers, the land or the internal network and the PC, and that was now allowing to distribute the computing power to the people in the company. And so, but then you needed to, so everybody, nobody paid attention to security because then you were inside of the enterprise. So it started inside the walls of the castle if you prefer. >>So nobody paid attention to that. It was more complex because now you have multiple actors. Instead of having one IBM or one digital equipment, et cetera, suddenly you have the people in manufacturing and the servers, the software, the database, the PCs, and on announcer, suddenly there was the complexity, increasing efficiency, but nobody paid attention to security because it wasn't a needed until suddenly we realized that viruses could come in through the front door being installed innocently. You were absolutely, absolutely compromised. And of course that's the era of the antivirus which came in. And then because of the need to communicate more and more now, Senator, you could not stay only in your castle. You needed to go and communicate to your customers, to your suppliers, et cetera, et cetera. And now he was starting to open up your, your castle to the world and hello so now so that the, the bad guy could come in and start to steal your information. >>And that was the new era of the forward. Now you make sure that those who come in, but of course that was a little bit naive because there were so many other doors and windows, uh, that people could come in, you know, create tunnels and create these and all of that trying to ensure your customers because the data was becoming more and more rich and more, more important or more value. So whenever there is a value, of course the bad guys are coming in to try to sell it. And that was that new era of a willing to pay attention to security. The problem has been is because you have so many different actors, there was nothing really central there that was just selling more and more solutions and no, absolutely like 800 vendors bolting on security, right? And boating on anything is short-lived at the end of the day because you put more and more weight and then you also increase the complexity and all these different solutions you need. >>They need to talk together so you have a better context. Uh, but they want the design to talk together. So now you need to put other system where they could communicate that information. So you complicated and complicated and complicated the solution. And that's the problem of today. So now cloud computing comes in and again, if you look at the architecture of cloud computing, it's again data centers, which is not today I've become thanks to the technology having infinite, almost competing power and storage capabilities. And like the previous that I sent her, the are much more fractured because you just one scale and they become essentially a little bit easier to secure. And by the way, it's your fewer vendors now doing that. And then of course the access can be controlled better. Uh, and then of course the second component is not the land and the one, it's now the internet. >>And the internet of course is the web communications extremely cheap and it brings you an every place on the planet and soon in Morris, why not? So and so. Now the issue today is that still the internet needs to be secure. And today, how are we going to secure the internet? Which is very important thing today because you see today that you can spoof your email, you can spoof your website, uh, you can attack the DNS who, yes, there's a lot of things that the bad guys still do. And in fact, they've said that leverage the internet of course, to access everywhere so they take advantage of it. So now this is obviously, you know, I created the, the trustworthy movement many years ago to try to really address that. Unfortunately, the quality's was too small and it was not really our place today. There's all the Google, the Facebook, the big guys, which in fact their business depend on the internet. >>Now need to do that. And I upload or be diabetic, criticized very much so. Google was the first one to essentially have a big initiative, was trying to push SSL, which everybody understand is secret encryption if you prefer. And to everybody. So they did a fantastic job. They really push it. So now today's society is becoming like, okay, as I said, you want to have, as I said it all in your communication, but that's not enough. And now they are pushing and some people criticize them and I absolutely applaud them to say we need to change the internet protocols which were created at a time when security, you were transferring information from universities and so forth. This was the hay days, you know, of everything was fine. There was no bad guys, you know, the, he'd be days, if you like, of the internet. Everybody was free, everybody was up and fantastic. >>Okay. And now of course, today this protocol needs to be upgraded, which is a lot of work. But today I really believe that if you put Google, Amazon, Facebook altogether, and they can fix these internet protocols. So we could forget about the spoofing and who forgot about all these phishing and all these things. But this is their responsibility. So, and then you have now on the other side, you have now very intelligent devices from in a very simple sensors and you know, to sophisticated devices, the phone, that cetera and not more and more and more devices interconnected and for people to understand what is going. So this is the new environment and whether we always believe is that if you adopt an architecture, which is exactly which fits, which is similar, then we could instead of bolting security in, we can now say that the build security in a voting security on, we could build security in. >>And we have been very proud of the work that we've done with Microsoft, which we announced in fact relatively recently, very recently, that in fact our agent technologies now is bundled in Microsoft. So we have built security with Microsoft in. So from a security perspective today, if you go to the Microsoft as your secretly center, you click on the link and now you have the view of your entire Azure environment. Crazier for quality Sagent. You click on a second link and now you have the view of your significant loss posture, crazy of that same quality. Say Sagent and then you click on the third name with us. Nothing to do with quality. It's all Microsoft. You create your playbook and you remediate. So security in this environment has become click, click, click, nothing to install, nothing to update. And the only thing you bring are your policies saying, I don't want to have this kind of measured machine expose on the internet. >>I want, this is what I want. And you can continuously audit in essentially in real time, right? So as you can see, totally different than putting boxes and boxes and so many things and then having to for you. So very big game changer. So the analogy that I want you that I give to people, it's so people don't understand that paradigm shift is already happening in the way we secure our homes. You put sensors everywhere, you have cameras, you have detection for proximity detection. Essentially when somebody tried to enter your home, all that data is continuously pumped up into an incidence restaurant system. And then from your phone, again across the internet, you can change the temperature of your rooms. You can do what you can see the person who knocks on the door. You can see its face, you can open the door, close the door, the garage door, you can do all of that remotely, another medically. >>And then if there's a burglar then in your house to try to raking immediately the incidents or some system called the cops or the far Marsha difficult fire. And that's the new paradigm. So security has to follow that paradigm. And then you have interesting of the problem today that we see with all the current secretly uh, systems, uh, incidents, response system. They have a lot of false positive, false positive and false negative are the enemy really of security. Because if you are forced visited, you cannot automate the response because then you are going to try to respond to something that is not true. So you are, you could create a lot of damage. And the example I give you that today in the, if you leave your dog in your house and if you don't have the ability, the dog will bark, would move. And then the sensors would say intruder alert. >>So that's becomes a false positive. So how do you eliminate that? By having more context, you can eliminate automatically again, this false positives. Like now you take a fingerprint of your dog and of these voice and now the camera and this and the sensors and the voice can pick up and say, Oh, this is my dog. So then of course you eliminate that for solar, right? Right. Now even if another dog managed to enter your home through a window which was open or whatever for soul, you will know her window was up and but you know you cannot necessarily fix it and the dog opens. Then you will know it's a, it's a, it's not sure about, right? So that's what security is evolving such a huge sea of change, which is happening because of all that internet and today companies today, after leveraging new cloud technology, which are coming, there's so much new technology. >>What people understand is where's that technology coming from? How come silently we have, you know, Dockers netics all these solutions today, which are available at almost no cost because it's all open source. So what happened is that, which is unlike the enterprise software, which were more the Oracle et cetera, the manufacturer of that software today is in fact the cloud public cloud vendors, the Amazon, the Google, the Facebook, the Microsoft. We suddenly needed to have to develop new technology so they could scale at the size of the planet. And then very shrewdly realized that effective that technology for me, I'm essentially going to imprison that technology is not going to evolve. And then I need other technologies that are not developing. So they realized that they totally changed that open source movement, which in the early days of opensource was more controlled by people who had more purity. >>If you prefer no commercial interests, it was all for the good of the civilization and humankind. And they say their licensing model was very complex. So they simplified all of that. And then nothing until you had all this technology coming at you extremely fast. And we have leverage that technology, which was not existing in the early days when when socials.com started with the Linux lamp pour called what's called Linux Apache. My SQL and PHP, a little bit limiting, but now suddenly all this technology, that classic search was coming, we today in our backend, 3 trillion data points on elastic search clusters and we return inflammation in a hundred milliseconds. And then onto the calf cabin, which is again something at open source. We, we, we, and now today 5 million messages a day and on and on and on. So the world is changing and of course, if that's what it's called now, the digital transformation. >>So now enterprises to be essentially agile, to reach out to the customers better and more, they need to embrace the cloud as the way they do, retool their entire it infrastructure. And essentially it's a huge sea of change. And that's what we see even the market of security just to finish, uh, now evolving in a totally different ways than the way it has been, which in the past, the market of security was essentially the market for the enterprise. And I'm bringing you my, my board, my board town solutions that you have to go and install and make work, right? And then you had the, the antivirus essentially, uh, for all the consumers and so forth. So today when we see the marketplace, which is fragmenting in four different segments, which is one is the large enterprise which are going to essentially consolidate those stock, move into the digital transformation, leveraging absolutely dev ops, which isn't becoming the new buyer and of course a soak or they could improve, uh, their it for, to reach out to more customers and more effectively than the cloud providers as I mentioned earlier, which are building security in the, no few use them. >>You don't have to worry about infrastructure, about our mini servers. You need, I mean it is, it's all done for you. And same thing about security, right? The third market is going to be an emergence of a new generation of managed security service providers, which are going to take to all these companies. We don't have enough resources. Okay, don't worry, I'm going to help you, you know, do all that digital transformation. And that if you build a security and then there's a totally new market of all these devices, including the phone, et cetera, which connects and that you essentially want to all these like OT and IOT devices that are all now connected, which of course presents security risk. So you need to also secure them, but you also need to be able to also not only check their edits to make sure that, okay, because you cannot send people anymore. >>So you need to automate the same thing on security. If you find that that phone is compromised, you need to make, to be able to make immediate decisions about should I kill that phone, right? Destroyed everything in it. Should I know don't let that phone connect anymore to my networks. What should I do? Should I, by the way detected that they've downloaded the application, which are not allowed? Because what we see is more and more companies now are giving tablets, do the users. And in doing so now today's the company property. So they could say, okay, you use these tablets and uh, you're not allowed to do this app. So you could check all of that and then automatically remote. But that again requires a full visibility on what you are. And that's why just to finish, we make a big decision about a few, three months ago that we have, we build the ability for any company on the planet to automatically build their entire global HSE inventory, which nobody knows what they have in that old networking environment. >>You don't know what connects to have the view of the known and the unknown, totally free of charge, uh, across on premise and pawn cloud containers, uh, uh, uh, whether vacations, uh, OT and IOT devices to come. So now there's the cornerstone of security. So with that totally free. So, and then of course we have all these additional solutions and we're build a very scalable, uh, up in platform where we can take data in, pass out data as well. So we really need to be and want to be good citizen here because security at the end of the day, it's almost like we used to say like the doctors, you have to have that kind of apricot oath that you cannot do no arm. So if you keep, if you try to take the data that you have, keep it with you, that's absolutely not right because it's the data of your customers, right? >>So, and you have to make sure that it's there. So you have to be a good warning of the data, but you have to make sure that the customer can absolutely take that data to whatever he wants with it, whatever he needs to do. So that's the kind of totally new field as a fee. And finally today there is a new Ash culture change, which is, which is happening now in the companies, is that security has become fronted centers, is becoming now because of GDPR, which has a huge of financial could over you challenge an impact on a company. A data breach can have a huge financial impact. Security has become a board level. More and more social security is changing and now it's almost like companies, if they want to be successful in the future, they need to embrace a culture of security. And now what I used to say, and that was the, the conclusion of my talk is that now, today it DevOps, uh, security compliance, people need to unite. Not anymore. The silos. I do that. This is my, my turf, my servers. You do that, you do this. Everybody in the company can work. I have to work together towards that goal. And the vendors need to also start to inter operate as well and working with our customers. So it's a tall, new mindset, which is happening, but the safes are big. That's what I'm very confident that we're now into that. Finally, we thought, I thought it would have happened 10 years ago, quite frankly. And uh, but now today's already happening. >>She touched on a lot, a lot there. And I'll speak for another two hours if we could. We could go for Tara, but I want to, I want to unpack a couple of things. We've had James Hamilton on you to at AWS. Um, CTO, super smart guy and it was, it was at one of his talks where it really was kind of a splash, a wet water in the face when he talked about the amount of resources Amazon could deploy to just networking or the amount of PhD power he could put on, you know, any little tiny sub segment of their infrastructure platform where you just realize that you just can't, you can't compete, you cannot put those kinds of resources as an individual company in any bucket. So the inevitability of the cloud model is just, it's, it's the only way to leverage those resources. But because of that, how has, how has that helped you guys change your market? How nice is it for you to be able to leverage infrastructure partners? Like is your bill for go to market as well as feature sets? And also, you know, because the other piece they didn't talk about is the integration of all these things. Now they all work together. Most apps are collection of API APIs. That's also changed. So when you look at the cloud provider GCP as well, how does that help you deliver value to your customers? >>Yeah, but the, the, the, the club, they, they don't do everything. You know, today what is interesting is that the clubs would start to specialize themselves more and more. So for example, if you look at Amazon, the, the core value of Amazon since the beginning has been elastic computing. Uh, now today we should look at Microsoft. They leverage their position and they really have come up with a more enterprise friendly solution. And now Google is trying to find also their way today. And so then you have Addy Baba, et cetera. So these are the public cloud, but life is not uniform like is by nature. Divers life wants to leave lunch to find better ways. We see that that's what we have so many different species and it just ended up. So I've also the other phenomena of companies also building their own cloud as well. >>So the word is entering into a more hybrid cloud. And the technology is evolving very fast as well. And again, I was selling you all these open source software. There's a bigger phenomenon at play, which I used to say that people don't really understand that much wood, but it's so obvious is if you look at the printing price, that's another example that gives the printing price essentially allowed, as we all know, to distribute the gospel, which has some advantage of, you know, creating more morality, et cetera. But then what people don't know for the most part, it distributed the treaties of the Arabs on technology, the scientif treaties, because the archives, which were very thriving civilization at the time, I'd collected all the, all the, all the information from India, from many other places and from China and from etc. And essentially at the time all of Europe was pretty in the age they really came up and it now certainty that scientific knowledge was distributed and that was in fact the seeds of the industrial revolution, which then you're up cat coats and use that and creating all these different technologies. >>So that confidence of this dimension of electricity and all of that created the industrial revolution seeded by now, today what is happening is that the internet is the new printing press, which now is distributing the knowledge that not to a few millions of people to billions of people. So the rate today of advancing technology is accelerating and it's very difficult. I was mentioning today, we know today that work and working against some quantum computing which are going to totally change things. Of course we don't know exactly how and you have also it's clear that today we could use genetic, uh, the, the, the, if you look at DNA, which stores so much information, so little place that we could have significant more, you know, uh, memory capabilities that lower costs. So we have embarked into absolutely a new world where things are changing. I've got a little girl, which is 12 years old and fundamentally that new generation, especially of girls, not boys, because the boys are still on, you know, at that age. >>Uh, they are very studious. They absorb so much information via YouTube. They are things like a security stream. They are so knowledgeable. And when you look back at history 2000 years plus ago in Greece, you at 95 plus percent of the population slaves. So a few percent could start to think now, today it's totally changed. And the amount of information they can, they learn. And this absolutely amazing. And you know, she, she's, I would tell you the story which has nothing to do with computing, but as a button, the knowledge of, she came to me the few, few weeks ago and she said, Oh daddy, I would like to make my mother more productive. Okay. So I said, Oh, that's her name is Avia, which is the, which is the, the, the either Greece or Zeus weathered here. And so I say, Evie, I, so that's a good idea. >>So how are you going to do it? I mean, our answer, I was flawed, but that is very simple. Just like with, for me, I'm going to ask her to go to YouTube to learn what she needs to learn. Exactly. And she learns, she draws very well. She learns how to draw in YouTube and it's not a gifted, she's a nice, very nice little girl and very small, but all her friends are like that. Right? So we're entering in a word, which thing are changing very, very fast. So the key is adaptation, education and democracy and democratization. Getting more people access to more. Absolutely. It's very, very important. And then kind of this whole dev ops continuous improve that. Not big. That's a very good point that you make because that's exactly today the new buyer today in security and in it is becoming the DevOps shipper. >>Because what? What are these people? There are engineers which suddenly create good code and then they want to of course ship their code and then all these old silos or you need to do these, Oh no, we need to put the new server, we don't have the capacity, et cetera. How is that going to take three months or a month? And then finally they find a way through, again, you know, all the need for scale, which was coming from the Google, from the Facebook and so forth. And by the way, we can shortcut all of that and we can create and we can run out to auto-ship, our code. Guess what are they doing today? They are learning how to secure all of that, right? So again, it's that ability to really learn and move. And today, uh, one of the problem that you alluded to is that, which the Amazon was saying is that their pick there, they have taken a lot of the talent resources in the U S today because of course they pay them extra to me, what? >>Of course they'll attract that talent. And of course there's now people send security. There's not enough people that even in, but guess what? We realized that few years ago in 2007, we'll make a big decision who say, well, never going to be able to attract the right people in the Silicon Valley. And we've started to go to India and we have now 750 people. And Jack Welch used to say, we went to India for the cost and discover the talent. We went to India for the talent and we discover the cost. And there is a huge pool of tenants. So it's like a life wants to continue to leave and now to, there are all these tools to learn, are there, look at the can Academy, which today if you want to go in nuclear physics, you can do that through your phone. So that ability to learn is there. So I think we need just more and more people are coming. So I'm a very optimistic in a way because I think the more we improve our technologies that we look at the progress we're making genetics and so everywhere and that confidence of technology is really creating a new way. >>You know, there's a lot of conversations about a dystopian future and a utopian future with all these technologies and the machines. And you know what? Hollywood has shown us with AI, you're very utopian side, very optimistic on that equation. What gives you, what gives you, you know, kind of that positive feeling insecurity, which traditionally a lot of people would say is just whack a mole. And we're always trying to chase the bad guys. Generally >>speaking, if I'm a topian in in a way. But on the other end, you'd need to realize that unfortunately when you have to technological changes and so forth, it's also create factors. And when you look at this story in Manatee, the same technological advancement that some countries to take to try to take advantage of fathers is not that the word is everything fine and everything peaceful. In fact, Richard Clark was really their kid always saying that, Hey, you know that there is a sinister side to all the internet and so forth. But that's the human evolution. So I believe that we are getting longterm. It's going to. So in the meantime there's a lot of changes and humans don't adapt well to change. And so that's in a way, uh, the big challenge we have. But I think over time we can create a culture of change and that will really help. And I also believe that probably at some point in time we will re-engineer the human race. >>All right, cool. We'll leave it there. That's going to launch a whole nother couple hours. They leave. Congratulations on the event and a great job on your keynote. Thanks for taking a few minutes with us. Alrighty. It's relief. I'm Jeff. You're watching the cube where the Qualice security conference at the Bellagio in Las Vegas. Thanks for watching. We'll see you next time.

>> Announcer: Live from Orlando, Florida it's theCUBE! Covering Microsoft Ignite, brought to you by Cohesity. >> Hello, and happy taco Tuesday CUBE viewers! You are watching theCUBE's live coverage of Microsoft's Ignite here in Orlando, Florida. I'm your host Rebecca Knight, along with Stu Miniman. We're joined by Scott Hanselman, he is the partner program manager at Microsoft. Thank you so much for coming on theCUBE! >> Absolutely, my pleasure! >> Rebecca: And happy taco Tuesday to you! Will code for tacos. >> Will code for tacos. >> I'm digging it, I'm digging it >> I'm a very inexpensive coder. >> So you are the partner program manager, but you're really the people's programmer at Microsoft. Satya Nadella up on the main stage yesterday, talking about programming for everyone, empowering ordinary citizen developers, and you yourself were on the main stage this morning, "App Development for All", why is this such a priority for Microsoft at this point in time? >> Well there's the priority for Microsoft, and then I'll also speak selfishly as a priority for me, because when we talk about inclusion, what does that really mean? Well it is the opposite of exclusion. So when we mean inclusion, we need to mean everyone, we need to include everyone. So what can we do to make technology, to make programming possible, to make everyone enabled, whether that be something like drag and drop, and PowerApps, and the Power platform, all the way down to doing things like we did in the keynote this morning with C# on a tiny micro-controller, and the entire spectrum in between, whether it be citizen programmers in Excel using Power BI to go and do machine learning, or the silly things that we did in the keynote with rock, paper scissors that we might be able to talk about. All of that means including everyone and if the site isn't accessible, if Visual Studio as a tool isn't accessible, if you're training your AI in a non-ethical way, you are consciously excluding people. So back to what Satya thinks is why can't everyone do this? SatyaSacha thinks is why can't everyone do this? Why are we as programmers having any gate keeping, or you know, "You can't do that you're not a programmer, "you know, I'm a programmer, you can't have that." >> So what does the future look like, >> Rebecca: So what does the future look like, if everyone knows how to do it? I mean, do some imagining, visioning right now about if everyone does know how to do this, or at least can learn the building blocks for it, what does technology look like? >> Well hopefully it will be ethical, and it'll be democratized so that everyone can do it. I think that the things that are interesting, or innovative today will become commoditized tomorrow, like, something as simple as a webcam detecting your face, and putting a square around it and then you move around, and the square, we were like, "Oh my God, that was amazing!" And now it's just a library that you can download. What is amazing and interesting today, like AR and VR, where it's like, "Oh wow, I've never seen augmented reality work like that!" My eight-year-old will be able to do it in five years, and they'll be older than eight. >> So Scott, one of the big takeaways I had from the app dev keynote that you did this morning was in the past it was trying to get everybody on the same page, let's move them to our stack, let's move them to our cloud, let's move them on this programming language, and you really talked about how the example of Chipotle is different parts of the organization will write in a different language, and there needs to be, it's almost, you know, that service bus that you have between all of these environments, because we've spent, a lot of us, I know in my career I've spent decades trying to help break down those silos, and get everybody to work together, but we're never going to have everybody doing the same jobs, so we need to meet them where they are, they need to allow them to use the tools, the languages, the platforms that they want, but they need to all be able to work together, and this is not the Microsoft that I grew up with that is now an enabler of that environment. The word we keep coming back to is trust at the keynote. I know there's some awesome, cool new stuff about .net which is a piece of it, but it's all of the things together. >> Right, you know I was teaching a class at Mesa Community College down in San Diego a couple of days ago and they were trying, they were all people who wanted jobs, just community college people, I went to community college and it's like, I just want to know how to get a job, what is the thing that I can do? What language should I learn? And that's a tough question. They wonder, do I learn Java, do I learn C#? And someone had a really funny analogy, and I'll share it with you. They said, well you know English is the language, right? Why don't the other languages just give up? They said, you know, Finland, they're not going to win, right? Their language didn't win, so they should just give up, and they should all speak English, and I said, What an awful thing! They like their language! I'm not going to go to people who do Haskell, or Rust, or Scala, or F#, and say, you should give up! You're not going to win because C won, or Java won, or C# won. So instead, why don't we focus on standards where we can inter-operate, where we can accept that the reality is a hybrid cloud things like Azure Arc that allows us to connect multiple clouds, multi-vendor clouds together. That is all encompassing the concept of inclusion, including everyone means including every language, and as many standards as you can. So it might sound a little bit like a Tower of Babel, but we do have standards and the standards are HTTP, REST, JSON, JavaScript. It may not be the web we deserve, but it's the web that we have, so we'll use those building block technologies, and then let people do their own thing. >> So speaking of the keynote this morning, one of the cool things you were doing was talking about the rock, paper, scissors game, and how it's expanding. Tell our viewers a little bit more about the new elements to rock, paper, scissors. >> So folks named Sam Kass, a gentleman named Sam Kass many, many years ago on the internet, when the internet was much simpler web pages, created a game called Rock, Paper, Scissors, Lizard, Spock, and a lot of people will know that from a popular TV show on CBS, and they'll give credit to that show, in fact it was Sam Kass and Karen Bryla who created that, and we sent them a note and said, "Hey can I write a game about this?" And we basically built a Rock, Paper, Scissors, Lizard, Spock game in the cloud containerized at scale with multiple languages, and then we also put it on a tiny device, and what's fun about the game from a complexity perspective is that rock, paper, scissors is easy. There's only three rules, right? Paper covers rock, which makes no sense, but when you have five, it's hard! Spock shoots the Rock with his phaser, and then the lizard poisons Spock, and the paper disproves, and it gets really hard and complicated, but it's also super fun and nerdy. So we went and created a containerized app where we had all different bots, we had node, Python, Java, C#, and PHP, and then you can say, I'm going to pick Spock and .net, or node and paper, and have them fight, and then we added in some AI, and some machine learning, and some custom vision such that if you sign in with Twitter in this game, it will learn your patterns, and try to defeat you using your patterns and then, clicking on your choices and fun, snd then, clicking on your choices and fun, because we all want to go, "Rock, Paper, Scissors shoot!" So we made a custom vision model that would go, and detect your hand or whatever that is saying, this is Spock and then it would select it and play the game. So it was just great fun, and it was a lot more fun than a lot of the corporate demos that you see these days. >> All right Scott, you're doing a lot of different things at the show here. We said there's just a barrage of different announcements that were made. Love if you could share some of the things that might have flown under the radar. You know, Arc, everyone's talking about, but some cool things or things that you're geeking out on that you'd want to share with others? >> Two of the things that I'm most excited, one is an announcement that's specific to Ignite, and one's a community thing, the announcement is that .net Core 3.1 is coming. .net Core 3 has been a long time coming as we have began to mature, and create a cross platform open source .net runtime, but .net Core 3.1 LTS Long Term Support means that that's a version of .net core that you can put on a system for three years and be supported. Because a lot of people are saying, "All this open source is moving so fast! "I just upgraded to this, "and I don't want to upgrade to that". LTS releases are going to happen every November in the odd numbered years. So that means 2019, 2021, 2023, there's going to be a version of .net you can count on for three years, and then if you want to follow that train, the safe train, you can do that. In the even numbered years we're going to come out with a version of .net that will push the envelope, maybe introduce a new version of C#, it'll do something interesting and new, then we tighten the screws and then the following year that becomes a long term support version of .net. >> A question for you on that. One of the challenges I hear from customers is, when you talk about hybrid cloud, they're starting to get pulled apart a little bit, because in the public cloud, if I'm running Azure, I'm always on the latest version, but in my data center, often as you said, I want longer term support, I'm not ready to be able to take that CICD push all of the time, so it feels like I live, maybe call it bimodal if you want, but I'm being pulled with the am I always on the latest, getting the latest security, and it's all tested by them? Or am I on my own there? How do you help customers with that, when Microsoft's developing things, how do you live in both of those worlds or pull them together? >> Well, we're really just working on this idea of side-by-side, whether it be different versions of Visual Studio that are side-by-side, the stable one that your company is paying for, and then the preview version that you can go have side-by-side, or whether you could have .net Core 3, 3.1, or the next version, a preview version, and a safe version side-by-side. We want to enable people to experiment without fear of us messing up their machine, which is really, really important. >> One of the other things you were talking about is a cool community announcement. Can you tell us a little bit more about that? >> So this is a really cool product from a very, very small company out of Oregon, from a company called Wilderness Labs, and Wilderness Labs makes a micro-controller, not a micro-processor, not a raspberry pie, it doesn't run Linux, what it runs is .net, so we're actually playing Rock, Paper, Scissors, Lizard, Spock on this device. We've wired it all up, this is a screen from our friends at Adafruit, and I can write .net, so somehow if someone is working at, I don't know, the IT department at Little Debbie Snack Cakes, and they're making WinForms applications, they're suddenly now an IOT developer, 'cause they can go and write C# code, and control a device like this. And when you have a micro-controller, this will run for weeks on a battery, not hours. You go and 3D print a case, make this really tiny, it could become a sensor, it could become an IOT device, or one of thousands of devices that could check crops, check humidity, moisture wetness, whatever you want, and we're going to enable all kinds of things. This is just a commodity device here, this screen, it's not special. The actual device, this is the development version, size of my finger, it could be even smaller if we wanted to make it that way, and these are our friends at Wilderness Labs. and they had a successful Kickstarter, and I just wanted to give them a shout out, and I just wanted to give them a shoutout, I don't have any relationship with them, I just think they're great. >> Very cool, very cool. So you are a busy guy, and as Stu said, you're in a lot of different things within Microsoft, and yet you still have time to teach at community college. I'm interested in your perspective of why you do that? Why do you think it's so important to democratize learning about how to do this stuff? >> I am very fortunate and I think that we people, who have achieved some amount of success in our space, need to recognize that luck played a factor in that. That privilege played a factor in that. But, why can't we be the luck for somebody else, the luck can be as simple as a warm introduction. I believe very strongly in what I call the transitive value of friendship, so if we're friends, and you're friends, then the hypotenuse can be friends as well. A warm intro, a LinkedIn, a note that like, "Hey, I met this person, you should talk to them!" Non-transactional networking is really important. So I can go to a community college, and talk to a person that maybe wanted to quit, and give a speech and give them, I don't know, a week, three months, six months, more whatever, chutzpah, moxie, something that will keep them to finish their degree and then succeed, then I'm going to put good karma out into the world. >> Paying it forward. >> Exactly. >> So Scott, you mentioned that when people ask for advice, it's not about what language they do, is to, you know, is to,q you know, we talk in general about intellectual curiosity of course is good, being part of a community is a great way to participate, and Microsoft has a phenomenal one, any other tips you'd give for our listeners out there today? >> The fundamentals will never go out of style, and rather than thinking about learning how to code, why not think about learning how to think, and learning about systems thinking. One of my friends, Kishau Rogers, talked about systems thinking, I've hade her on my podcast a number of times, and we were giving a presentation at Black Girls Code, and I was talking to a fifteen-year-old young woman, and we were giving a presentation. It was clear that her mom wanted her to be there, and she's like, "Why are we here?" And I said, "All right, let's talk about programming "everybody, we're talking about programming. "My toaster is broken and the toast is not working. "What do you think is wrong?" Big, long, awkward pause and someone says, "Well is the power on?" I was like, "Well, I plugged a light in, "and nothing came on" and they were like, "Well is the fuse blown?" and then one little girl said "Well did the neighbors have power?", And I said, "You're debugging, we are debugging right?" This is the thing, you're a systems thinker, I don't know what's going on with the computer when my dad calls, I'm just figuring it out like, "Oh, I'm so happy, you work for Microsoft, "you're able to figure it out." >> Rebecca: He has his own IT guy now in you! >> Yeah, I don't know, I unplug the router, right? But that ability to think about things in the context of a larger system. I want toast, power is out in the neighborhood, drawing that line, that makes you a programmer, the language is secondary. >> Finally, the YouTube videos. Tell our viewers a little bit about those. you can go to D-O-T.net, so dot.net, the word dot, you can go to d-o-t.net, so dot.net, the word dot, slash videos and we went, and we made a 100 YouTube videos on everything from C# 101, .net, all the way up to database access, and putting things in the cloud. A very gentle, "Mr. Rodgers' Neighborhood" on-ramp. A lot of things, if you've ever seen that cartoon that says, "Want to draw an owl? "Well draw two circles, "and then draw the rest of the fricking owl." A lot of tutorials feel like that, and we don't want to do that, you know. We've got to have an on-ramp before we get on the freeway. So we've made those at dot.net/videos. >> Excellent, well that's a great plug! Thank you so much for coming on the show, Scott. >> Absolutely my pleasure! >> I'm Rebecca Knight, for Stu Miniman., stay tuned for more of theCUBE's live coverage of Microsoft Ignite. (upbeat music)

>> Narrator: Live from Orlando, Florida, it's theCUBE, covering Microsoft Ignite. Brought to you by, Cohesity. >> Good morning everyone and welcome back to theCUBE's live coverage of Microsoft Ignite. We are here in the Orange County Convention Center. I'm your host Rebecca Knight, along with Stu Miniman. Stu, this is Microsoft's Big Show. 26,000 people from around the globe, all descending on Orlando. This is the big infrastructure show. Thoughts, impressions, now that we're on day two of a three day show. >> Yeah, Rebecca. Last year I had this feeling that it was a little bit too much talking about the Windows 10 transition and the latest updates to Office 365. I could certainly want to make sure that we really dug in more to what's going on with Azure, what's happening in 6the developer space. Even though they do have a separate show for developers, it's Microsoft build. They actually have a huge partner show. And so, Microsoft has a lot of shows. So it's, what is this show that is decades old? And really it is the combination of Microsoft as a platform today. Satya Nadella yesterday talked about empowering the world. This morning, Scott Hanselman was in a smaller theater, talking about app devs. And he came out and he's like, "Hey, developers, isn't it a little bit early for you this morning?" Everybody's laughing. He said, "Even though we're kicking off at 9:00 a.m., Eastern." He said, "That's really early, especially for anybody coming from the West Coast." He was wearing his Will Code For Tacos shirt. And we're going to have Scott on later today, so we'll talk about that. But, where does Microsoft sit in this landscape? Is something we've had. I spent a lot of time looking at the cloud marketplace. Microsoft has put themselves as the clear number two behind AWS. But trying to figure out because SaaS is a big piece of what Microsoft does. And they have their software estate in their customer relationship. So how many of those that are what we used to call window shops. And you had Windows people are going to start, Will it be .NET? Will it be other operating systems? Will it come into Azure? Where do they play? And the answer is, Microsoft's going to play a lot of places. And what was really kind of put on with the point yesterday is, it's not just about the Microsoft solutions, it is about the ecosystem, they really haven't embraced their role, very supportive of open source. And trust is something that I know both you and I have been pointing in on because, in the big tech market, Microsoft wants to stand up and say, "We are the most trusted out there. And therefore, turn to us and we will help you through all of these journeys." >> So you're bringing up so many great points and I want to now go through each and every one of them. So, absolutely, we are hearing that this is the kinder, gentler Microsoft, we had Dave Totten on yesterday. And he was, as you just described, just talking about how much Microsoft is embracing and supporting customers who are using a little bit of Microsoft here, a little bit of other companies. I'm not going to name names, but they're seemingly demanding. I just want best to breed, and this is what I'm going to do. And Microsoft is supporting that, championing that. And, of course we're seeing this as a trend in the broader technology industry. However, it feels different, because it's Microsoft doing this. And they've been so proprietary in the past. >> Yeah, well, and Rebecca, it's our job on theCUBE actually, I'm going to name names. (laughs) And actually Microsoft is-- >> Okay. >> Embracing of this. So, the thing I'm most interested in at the show was Azure Arc. And I was trying to figure out, is this a management platform? And at the end of the day really, it is, there's Kubernetes in there, and it's specifically tied to applications. So they're going to start with databases specifically. My understanding, SQL is the first piece and saying, it sounds almost like the next incarnation of platform as a service to our past. And say, I can take this, I can put it on premises in Azure or on AWS. Any of those environments, manage all of them the same. Reminds me of what I hear from VMware with Hangzhou. Vmworld, Europe is going on right now in Barcelona. Big announcement is to the relationship with VMware on Azure. If I got it right, it's actually in beta now. So, Arc being announced and the next step of where Microsoft and VMware are going together, it is not a coincidence. They are not severing the ties with VMware. VMware, of course partners with all the cloud providers, most notably AWS. Dave Totten yesterday, talked about Red Hat. You want Kubernetes? If you want OpenShift, if you are a Red Hat customer and you've decided that, the way I'm going to leverage and use and have my applications run, are through OpenShift, Microsoft's is great. And the best, most secure place to run that environment is on Azure. So, that's great. So Microsoft, when you talk about choice, when you talk about flexibility, and you talk about agility cause, it is kinder and gentler, but Satya said they have that tech intensity. So all the latest and greatest, the new things that you want, you can get it from Microsoft, but they are also going to meet you where you are. That was Jeremiah Dooley, the Azure advocate, said that, "There's, lots of bridges we need to make, Microsoft has lots of teams. It's not just the DevOps, it's not just letting the old people do their own thing, from your virtualization through your containerization and everything in between microservices server list, and the like. Microsoft has teams, they have partners. Sure that you could buy everything in Microsoft, but they know that there are lots of partners and pieces. And between their partners, their ecosystem, their channel, and their go-to-market, they're going to pull this together to help you leverage what you need to move your business forward. >> So, next I want to talk about Scott Hanselman who was up on the main stage, we're going to have him on the show and he was as you said, adorned in coder dude, attire with a cool t-shirt and snappy kicks. But his talk was app development for everyone. And this is really Microsoft's big push, democratizing computing, hey, anyone can do this. And Satya Nadella, as we've talked about on the show. 61% of technologist's jobs are not in the technology industry. So this is something that Microsoft sees as a trend that's happening in the employment market. So they're saying, "Hey, we're going to help you out here." But Microsoft is not a hardware company. So how does this really change things for Microsoft in terms of the products and services-- >> Well right, >> It offers. >> So really what we're talking about here, we're talking about developers right? 61% of jobs openings for developers are outside the tech sector. And the high level message that Scott had is your tools, your language, your apps. And what we have is, just as we were talking about choice of clouds, it's choice of languages. Sure they'd love to say .NET is wonderful, but you want your Java, your PHP, all of these options. And chances are, not only are you going to use many of them, but even if you're working on a total solution, different groups inside your company might be using them and therefore you need tools that can spam them. The interesting example they use was Chipotle. And if there's a difference between when you're ordering and going through the delivery service, and some of the back-end pieces, and data needs to flow between them, and it can't be, "Oh wait, I've got silos of my data, I've got silos of all these other environments." So, developer tools are all about, having the company just work faster and work across environments. I was at AnsibleFest show earlier this year. And, Ansible is one of those tools that actually, different roles where you have to have the product owner, the developer, or the the operations person. They all have their way into that tool. And so, Microsoft's showing some very similar things as to, when I build something, it's not, "Oh, wait, we all chose this language." And so many of the tools was, " Okay, well, I had to standardize on something." But that didn't fit into what the organization needed. So I need to be able to get to what they all had. Just like eventually, when I'm picking my own taco, I can roll it, bowl it, soft or hard shell-- >> It was a cool analogy. >> And choose all my toppings in there. So it is Taco Tuesday here-- >> Yes. >> At Microsoft Ignite and the developers like their choices of tools, just like they like their tacos. >> And they like their extra guac. So going back to one of the other points you made at the very opening. And this is the competitive dynamic that we have here. We had David Davis and Scott Lowe on yesterday from a ActualTech Media. Scott was incredibly bullish about Microsoft. And saying it could really overtake AWS, not tomorrow, but within the next decade. Of course, the choice for JEDI certainly could accelerate that. What do you make of it? I mean, do you think that's still pie in the sky here? AWS is so far ahead. >> So look, first of all, when you look at the growth rates, first of all, just to take the actual number, we know what AWS's, revenue is. Last quarter, AWS did $9 billion. And they're still growing at about a 35% clip. When I look at Microsoft, they have their intelligent cloud bucket, which is Azure, Windows Server, SQL Server and GitHub. And that was 10.8 billion. And you say, "Oh, okay, that's really big." But last year, Azure did about $12 billion dollars. So, AWS is still two to three times larger when you look at infrastructure as a service. But SaaS hugely important piece of what's going on in the cloud opportunity. AWS really is more of the platform and infrastructure service, they absolutely have some of the PaaS pieces. Azure started out as PaaS and has this. So you're trying to count these buckets, and Azure is still growing at, last quarter was 64%. So if you look at the projection, is it possible for Azure to catch up in the next three years? Well, Azure's growth rate is also slowing down, so I don't think it matters that much. There is a number one and a number two, and they're both clear, valid choices for a customer. And, this morning at breakfast, I was talking to a customer and they are very heavily on Microsoft shop. But absolutely, they've got some AWS on the side. They're doing Azure, they've got a lot of Azure, being here at our Microsoft show. And when I go to AWS, even when I talked to the companies that are all in on AWS, " Oh, you got O 365?" "Of course we do." "Oh, if you're starting to do O 365, are there any other services that you might be using out of Azure?" "Yeah, that's possible." I know Google is in the mix. Ali Baba's in the mix. Oracle, well, we're not going to talk about Oracle Cloud, but we talked about Oracle, because they will allow their services to run on Azure specifically. We talked about that a lot yesterday, especially how that ties into JEDI. So, look, I think it is great when we have a healthy competitive marketplace. Today really, it is a two horse race. It is, AWS and Azure are the main choices for customers. Everyone else is really a niche player. Even a company like IBM, there's good solutions that they have, but they play in a multi cloud world. Google has some great data services, and absolutely a important player when you talk about multi cloud for all they've done with Kubernetes and Istio. I'm going to be at Kube Con in a couple of weeks and Google is front and center there. But if you talk about the general marketplace, Microsoft has a lot of customers, they had a lot of applications and therefore, can they continue to mature that market and grow their environment? Absolutely. AWS has so many customers, they have the marketplace is stronger. It's an area that I want to dig in a little bit more at this show is the Azure Marketplace, how much we talked about the ecosystem. But, can I just procure through the cloud and make it simpler? Big theme we've talked about is, cloud in the early days was supposed to be cheap and simple. And it is neither of those things. So, how do we make it easier, so that we can go from the 20% of applications in the public cloud, up to 50% or more? Because it is not about all everything goes to the public cloud, but making customers put the applications and their data in the right place at the right time with the right services. And then we haven't even talked about edge computing which Microsoft has a big push on, especially with their partners. We talked to HP, a little bit about that yesterday. But really the surface area that this show and Microsoft covers is immense and global. >> It is indeed, and we are going, this is our second day of three days of coverage and we're going to be getting into all of those things. We've got a lot of great guests. We have Cute Host, Keith Townsend, Dave Cahill, a former Wikibon guy, a lot of other fantastic people. So I'm excited to get it on with you today, Stu. >> Thank you, Rebecca. Great stuff. >> I'm Rebecca Knight, for Stu Miniman. Stay tuned for more of theCUBE's live coverage of Microsoft Ignite. (upbeat music`)

from our studios in the heart of Silicon Valley Palo Alto California this is a cute conversation welcome to the cube studios for another cube conversation where we go in-depth with thought leaders driving business outcomes with technology I'm your host Peter Burris every Enterprise that is trying to do digital transformation finds themselves facing two challenges one their digital assets themselves are a source of value and to other assets that are sources of value are becoming increasingly digitized and that creates a lot of challenges a lot of security concerns that bad agents out in the internet are exploiting and requires a programmatic fundamental response to try to ensure that the digital assets or digitized assets aren't mucked with by bad guys so to have that conversation we're here with Tony Jian Domenico Tony's a senior security strategist and a researcher and the CTI lead at Ford NIT Tony welcome back to the cube hey Pete it's great to be here man so as you get to see you yeah well we've been doing this for a couple of years now Tony and so let's get just kick it off what's new so what's new should we start talking about a little bit about the index here what we saw with the overall threat landscape sure well cool so you know y'all like you know like we always do we always like to start off with an overall threat landscape at least they give an overview of what that index looks like and it really consists of malware botnets application exploits and what we looked at over the quarter there was a lot of volatility throughout the quarter but at the end of the day it ended up only 1% higher than the quarter before now some of that volatility really is being driven by what we've talked about a lot of times Peter and a lot of these other episodes is that swarm like activity whenever an actual vulnerability is successfully exploited by an adversary everybody swarms in on that vulnerability and our fertig are labs you see that really like super spike up a great example of that would be in the last year in December think PHP which is an application that's a framework to rapidly develop web apps they had a vulnerability that if you successfully exploited it it would give you remote the remote access or I'm sorry remote code execution and they were exploiting that and we definitely seen a huge uptick now that wasn't the only one for the quarter but that and along with some of the other ones it's really what's kind of driving on volume so the index has been around for a few quarters now and it's a phenomenal way for folks out there to observe how overall trends are evolving but as you said one of the key things that's being discovered is that or you're discovering as you do this research is this notion of swarming it seems as though there ought to be a couple of reasons why that's the case Tony it's it's we've talked about this in the past there's folks who want to get a little bit more creative in creating bad stuff and there's other folks who just want to keep the cost low and just leverage what's out there which approach are the bad guys tend to using more and or is there an approach one of the other approach is more targeted to one or another kind of attack well it's funny you usually see the folks in the cyber crime ecosystem that are really focusing on you know identifying them not so much where they're doing more sort of targeted attacks it's more of a you know pray and spray you know type of thing and you see a lot of that you know anytime they can hire you can get a life of cybercrime right in the leverage some of these common you know you know services you have code reuse you know which is out there so you have that sort of like group there right and then you have more of the you know more of the you know hands-on sort of keyboard the more you know targeted attacks that are really focused on specific you know victims so you have those you know those two groups I say now with that though there kind of is a commonality there where there's this concept and it's nothing new we've been talking about this for years in the cybersecurity industry it's living off the land right where once a victim is on the actual machine itself they start leveraging some of the tools that are already available there and usually these tools their administration tools to be able to minister the actual network but these tools can also be used in the farías ways from example here would be you know PowerShell they you know a lot of admins use PowerShell for efficiencies on the network but that also can be used in the forest ways and the bad guys are using that and then this past quarter you know we did see a lot of PowerShell activity now you know Peter having said that though I think as a whole with the security community we're getting better at being able to identify these types of PowerShell attacks one we got better technology on the endpoint and I think to Microsoft is in a better job of being able to provide us more hardening capabilities for PowerShell like being able to restrict access to PowerShell as well as giving us better logging capability to be able to identify that malicious activity so we are getting better and the bad guys know this so I think what we can probably look for in the future is them leveraging either a different interface or different language because all they really need to do is interface with that dotnet framework which is part of a Windows system and they can start doing the same exact things they were doing with PowerShell and we're seeing that it in the open-source community now things like Silent Trinity open source tool that allows you to do those same things so for C an open source pretty much guarantee we're gonna see it out there in the wild here soon so we've got a group of bad actors that are using this living off the land approach to leverage technology that's out there and we've still got kind of the big guys having to worry about being targeted because you know that's how you make a lot of money if you're successful but it certainly does sound is that a general business practice for a lot of these guys is to leverage common infrastructure and that this common infrastructure is increasingly becoming you know better understood have I got that right no I you know Peter you're spot-on here what we did we did some exploratory research in this last quarter and what we found out is with the exploits within that quarter or or or the axe will come threats sixty percent of those threats are using the same infrastructure what I mean by infrastructure you know I I mean things like you know infrastructure to download malware maybe to redirect you to some other site and then downloads malware and that makes a lot of sense Peter you know why because in this cybercrime ecosystem if you didn't realize this it's a vicious competitive market everybody is trying to sell their wares and they want to make sure that their service is the best it's better than someone else's and they want to make sure that it's stable so they find these you know community you know infrastructures that are tried-and-true you know some of them are from you know bulletproof hosting so you know services you know things of that nature so you see a lot of the folks in a cybercrime ecosystem using them now on the flip side though you definitely see some of the thread actors that are more sort of you know more the advanced threat actors maybe what they want to do is hide a little bit so they'll hide in that larger community to be able to possibly be able to bypass that that attribution back to them because they don't want to be sort of labeled with oh hey this particular thread actor always uses this infrastructure so if they can blend in a lot harder to find them so they can use what is available but at the same time differentiate themselves in this bad actor ecosystem to take on even more challenging the potentially lucrative exploits now tell me if we know something about this common infrastructure as you said sixty percent of these attacks are using this common infrastructure that suggests we can bring a common set of analysis frameworks to bear as we consider who these actors are and what their practices are have I got that right yeah yeah absolutely if you can align your PlayBook defenses with the offensive actual playbook that the threat actors are using they're better off you're gonna be right because then you can be able to combat them a lot better and as a matter of fact I mean we've kind of introduced this sort of concept in conjunction with our our partnership with the cyber threat Alliance we're actually producing these thread actor play books you know and what we're doing is the idea behind this is if we can identify the malicious activity the threat actors are actually doing to complete their cyber mission expose some of them tactics those techniques those procedures we could possibly disrupt some of that malicious activity and you know this past this past quarter here we focused on a group you know Peter called the the silence group and they're really focused on identifying and stealing financial data they're looking at banks banking infrastructure and ATM machines and you'll get a kick out of this with the ATM machines they're doing something called jackpot II where they if they can find the axle software behind the ATM machine find that ATM process they can inject a malicious DLL into that process giving them total control over the ATM machine and now they can dispense money at will and they can have these money mules on the other side receive that actual money so you know we have a lot of different campaigns in play books that we've identified on our website and that once we understand that we align that with our security fabric and ensure that our customers are protected against that particular playbook Tony I'm not happy to hear that so this is this is my distressed face that I use during these types of interviews but it's if if we're able to look at how bad guy play books are operating then we ought to be able to say and what are those fundamentals that a shop should be using the security professionals should be using that are just you know so basic and so consistent and it seems that are you guys have identified three to do a better job of taking a fabric approach that starts to weave together all assets into a more common security framework to to do a better job of micro and macro segmentation so that you can identify where problems are and then finally increase your overall use of automation with AI and m/l how is this translating into your working with customers as they try to look at these playbooks and apply their own playbooks for how they set up their response regimes yeah so I mean I think overall I mean I think you can hit it on the head computer you kind of nailed down really those some it was kind of fundamental sort of concepts here now you can identify and you can document as many playbooks as you want but if you're not able to quickly respond when you identify those actual playbooks you know that's really half the battle I mean if you need to be able to identify you know one not only when the threat actors in your environment but then also you need to be able to quickly you know take action and like you were saying with that fabric if we can have that actual fabric being able to talk to the other controls within that fabric and take some action they're better off you're gonna be because you can align your defenses there and that's a great would you gotta make sure that all the controls within that fabric are all communicating together they're working together they're sharing information and they're responding together sure enough yeah are you starting to advise customers I'm curious you advising customers that even as they increase the capabilities of their fabric and how they handle their architectures from a micro macro segmentation and increase their use of automation or are there things that they can do from a practice standpoint just to ensure that their responses are appropriate fast and accurate yeah sure sure I mean I think a lot of the actual fabric once you actually build that fabric there's certain you know playbook responses that you can program into that fabric and I'll also even go I know we talked about you know fundamentals but I'll even dive a little bit lower here and you know you have that fabric but you also have to make sure you understand all the assets you have in your in you know your environment because that that information and that knowledge helps you with that macro and micro segmentation because when you can isolate you know different areas if there is a certain area that gets infected you can quickly turn the knobs to isolate that particular threat and that specific you know area or that's a specific segmented area and that is really gonna allow you to fight through the attack give you more time and ultimately reduce the impact of that particular breach so Tony we got the summer months coming up that means more vacations which is you jest less activity but then we got summer interns coming in which you know may involve additional clicking on things that shouldn't be clicked on any ideas what what should security pros be thinking about in the summer months what's the trend show well I think we're gonna continue to see that you know I I think the same type of threats that we've seen in the first quarter but I would say you know there may be a slight sort of drop-off right we got kind of kids that are gonna be out on vacation so you know schools may not see as much activity you got you know folks gonna be taking vacations and at the end of the day most of these exploits are client-side exploits which means you know a lot of times you need somebody to do something on the actual computer either you know clicking that link or clicking the attachment and if they're not there to do that they'll just sit there and you'll see less activity over time so we might see a little reduction in volume but I still think we'll see very similar types of you know threats in the coming months so good time good time are a good opportunity for security pros to double down on putting in place new architecture practices and response regime so that when stuff kicks up in the fall they're that much more prepared da Tony G on Domenico fort Ned great once again thanks very much for being on the cube hey you know Peter it's always a pleasure being here man hope to see you again soon you will and once again I'm Peter Burroughs until next time [Music]

>> From Gillette Stadium in Foxboro, Massachusetts, if the queue covering Vita Winter warmer, twenty nineteen brought to you by Silicon Angle media. Hi. >> I'm Jackie Sampson here with stew Minutemen wrapping up the show today. Ah, we're here. Gillette. >> So to this's the fifty year Vito, what's changed? >> Yeah, Jackie, so much has changed. So I've actually been coming to show for about >> eight years, and it was known as the >> New England V Mug back then. So when it switched for the tug, number one is a little bit more independent than a V M, where users group >> itself so broader on virtual >> station. But they actually made a conscious effort to expand beyond >> virtualization and talk about cloud computing. And four years ago, cloud computing while it had been gone, gone for about five years, most people coming to this show really didn't understand much beyond. I'd heard a cloud computing. I might have seen it on, like commercials from Microsoft, you know, to the cloud or some stuff like that. But they really didn't understand it. So I loved an event like this that brought in. They brought an >> Amazon. Microsoft had them give presentations, and they were breaking out from the ecosystem. This ecosystems >> gone through a maturation. Most of the vendors, I believe there's about >> five vendors here have a basic organization but have grown in decline. So we see in the users the ecosystem of the show. Make sure it's still over a thousand people here every year, and it's one that I was loved. >> That's awesome. So I was wondering. >> There are a lot of interesting guests that were on the Cube today. So what were the calm >> Dan's in virtualization >> space that you think company should >> start paying closer attention to twenty nineteen? >> Eso a common thing when I look back to twenty eighteen and continue here in twenty nineteen share >> really defines our industry today. So when we talk about going from virtual ization to cloud, we understand that that's gonna have to some disruption. We're at a user conference here, love talking to these users, and I talkto one user talked about the their hyper converge roll out, and they're going to be extending that for d R to the >> clouds I had a guest >> on today. Actually, the first one I've done it, Vito. He used to do virtualization, but in his day job today, all he does is a ws, and he does coding with PHP and he helps build out. Actually, Jackie, you gotta listen to this one because they're company does hair in massage, but for senior citizens on Lee. So it's really interesting based out of Cleveland. He's based locally. But you know, it's a nice niche and understanding the technology underneath that helps them at all of their location to do that. So you know, the common theme is, you know, it's a great time to be in technology. There's a lot of change going on, and there's great opportunities at events like this and training material for people tto learn and grow and keep themselves relevant and keep their business moving. >> That's pretty cool. So, >> speaking of relevance, who are some >> of the key players in >> space over some of the key players and talk? Teo? >> Yeah, so, >> you know, look, my first two guests were probably >> the two that have >> the biggest market share in the most relevant. So that >> is somewhere, you know, dominant in the virtual ization place and Amazon. Think clear Leader came for stuffed services going beyond actually supposed to have a guest on from microphone >> soft. Unfortunately, she was sick today. And look, it is not a winner. Take all. There is broad ecosystem and a lot of diversity out there in the ecosystem. So look, there's lots of virtual ization that isn't VM, where there's lots of cloud activity that's happening, both of them. What they've done really well in our balancing is their ecosystem. So a lot of change going on there. Neither of those companies is nearly as >> don't say the New England Patriots were going to their third Super Bowl in a row on DH talking. Did you know I'm a little excited about being here? A. Gillette? I wore my season ticket pin here. They just turned the lights on for us. Behind here, I >> can see my season ticket here. I was here. >> Wade. Rob Ninkovich on the program so way didn't talk to rob about too much. But, you know, even he was talking about the charitable works it does on new technologies. >> The underpinning he was actually telling me off camera, he's like, you know, Helen, I'm not doing football is like I should be in tech. You know, text. There's a lot going on. It's really interesting. And you know, that's the analogy we always have with the Cube is you know, one of the earliest clients said, where the pen attack. Let's give independent coverage, you know, help understand. Watch those waves and change justice in sports. If you want them long enough, things do change. You know, the NFL today. There's a very past happy league, and I think backto, when I was much younger, it was like, you know, defense running wins game today, you know, I mean, cloud computing is all the rage and rightly so, and there's still a lot of growth there. But, you know, virtual ization >> important. And there's >> so many different areas for people to be able to dig in. And that keeps >> us hopping from show to show on Keeps me excited. Teo. Find ofthe community people on technologists, users that >> will share their experiences. >> That's pretty cool. So did you have any favorite interview today? Or interviews? Plural. >> Yeah, you know, Jackie, >> it's always tough for me to, you know, choose a choose a favorite. >> So no right way has taught leadership pieces. You know where you talked about it? We talked about >> career with some computer people we talked to use, or so >> I hate to say it always liked to be like, Yeah, yeah, thiss one. But you know, overall, it was really good. I'm really happy to be able, Teo, participate. Even It's tough when I look back. In the years >> that I've been doing this, >> it's just the diversity of the new things that we get to learn your aunt and that keep >> me excited. You know, from year to year, >> it's awesome. So, Stew, thank you so much for wrapping up the show today. >> And, Jackie, I really appreciate you helping me. You know, wrap this up. You know, you're No, >> you know that. Love to say that. Thank you, everyone. I'm Jackie with student. Thanks >> for watching.

>> From Gillette Stadium in Foxboro, Massachusetts, if the queue covering Vita Winter warmer, twenty nineteen brought to you by Silicon Angle media. >> Hi. I'm stupid women. And this is the cubes coverage of V tug. Winter warmer twenty nineteen, where we see the emergency connections between virtual ization and cloud computing happened have on the program A user at the event Con Rebates. Who is a senior integration engineer with P s lifestyle. Thanks so much for joining us. >> Nice to be here. >> All right, So, PS lifestyle, let's start there. Tell us a little bit about that in your role as a senior integration engineer and what that means. >> Okay, So, PS lifestyle, we're national Hair Salon were in thirty seven states, and we have, Ah, super niche angle. All of our salons are in senior assisted living communities as we focus exclusively on seniors and, you know, well, twenty mics in your life more enjoyable. >> Okay, well, that's that's excellent. We always talk about, you know, jobs of the future and where there is growth. Ueno the boo birds generation is, you know, creating lots of people, you know, in health care. And, you know, part of health is making sure you're feeling happy about how you look. So I don't need to worry too much about my hair. These days, but we do, other than just head say, the older generation >> way do some of that, like massage services. Just just Yeah, well, being >> very, very cool is, you know, definitely not something we've talked about on our program. And after nine years and thousands of interviews, it's nice to have some interesting angles talk about. So you're a senior integration engineer? My understanding from some of the prep is you're really working on cloud related activity primarily. >> Yeah. So I came on board about a year ago. I switched out of our operations, roll into a development role and P s lifestyle are looking too, uh, bring the internal systems forward. I've been doing a lot of work, a lot of writing the stylist in the field when I end up writing out their services that they perform everyday, which doesn't really scale. So yeah, they're trying. Teo, bring the services into the present. Um, get get away from having to write everything down. So we're building out like a It's not quite a point of sale. System is somewhere between point of sail on, like, an Internet s so that everyone in the field automate what they're doing? Our accounting team doesn't have tio re input everything that comes in. Andi, just make things flow smoother. >> Okay? So frigates inside a little bit, You know what cloud services are using, and there's there's coating that you're doing is is part of that also. >> So right now we're developing in a PHP framework called Larry Gill. And we're playing to both elastic being stalking a w s and s, um, and we're building. So we have off front ends our old Larry Gill in Elastic Beanstalk. Not back in. We're building a P. I's in Lumen and the micro services are in T. C s. So we could have been scaling. >> Yeah, and, you know, Cloud seems an obvious solution for, you know, a a highly distributed in environment, like as retail too often is. And you know your locations are Is that How long could you bring us? A little bit, as you've been on for a year. But how long has that car journey been going on? >> Actually, a year. Okay. Came in just as just a CZ. The company started developing. Thiss has been on the on the horizon for about two years. And as the study of ramping up. They brought on additional people such myself. Just a stuff up so that we could actually walk through it. >> Okay. And I was there, you know, eight of us, Obviously the leader in the spaces. It was there some consideration as Teo, which cloud they'd be using. There's >> no things they were already using a ws to some capacity for Like what? Press hosting. It was just a natural continuation of that with me coming on board I've been looking at Well, what if we do want redundancy? Do we do we try Multi cloud, You know that's now on option. You know, maybe we start exploring technologies like Tara forms so that we can actually duplicate environments just in case. On the very rare instance that eight of us does go down. Yeah, well, so >> is that a concern? When you know, people say, you know, a ws going down, does an availability zone sometimes have issues shore, But can't you architect around this, or, you know, >> you know, I mean, we've had issues where a w s has been unavailable to us for, like, non technical reasons. In that case is like we were we were trapped. Unfortunately, we were not in production at the time, But it's, you know, that's a little look, a lesson you learn once, and then you think, Well, all right, I need a backup, just in case something does happen. And I know it's, like, very unlikely to happen, so that that then informs, you know, what is my back up? You know how much how much dough I invest in the back of >> great? Yeah, because, you know, multi cloud is one of those things that people talk about when you dig down, It's like, Okay, we understand. Why is that something you're doing? Because, you know, I want tohave price leverage of one against the other. Is it? Is there a service that I wanted one that, you know that might not be available other? Or is it it's kind of insurance. And in your case that saying, you know, in the case that you are, Are you saying I think from an architectural standpoint, I'm not looking to run in both clouds all the time. But if I have an outage, I should be able to kind of fail over almost on spin, something up relatively fast. And another environment. >> Eggs. Exactly. So it's like way we're talking about, you know, possibly looking in Asia. Maybe that's a little overkill. Maybe we could just do with, like, a droplet on on digital Ocean Does our entire environment we develop in Dhaka. That's pretty easy just to pick up and leave, pick up and move somewhere else on DH. You know, maybe far standby environment is nowhere near as powerful, at least still running. >> Yeah, and so, so great. You know, you've got that containers is kind of the base level for free. How are you developing? You know what one of the challenges out there is, you know, digital ocean, great for developers. Work for the containers, but, uh, you know, please correct me if I'm not getting this right, you know, You know, Cloud today isn't a utility, so I can't just say, Oh, I'm running on a day of us and let me just take everything and throw it in azure throat. Indio, You know, we're like, there's usually, you know, some work and prepped to make sure that I've got what I need. >> There is there is so it's like, so right now, it's like we're focused on us so we can work with the tooling. And then, as as we start getting more comfortable, we can start looking at extending that tolling toe, be a little flexible toe with multiple providers >> and cloudy. And if some people you know, concern is Tio, you know, how do how do I make sure that my costs just don't kind of spiral out of control is you know, how does kind of the internal control, you know, is there budgeting process in place? Do you have? Do you have a good understanding around what you have today? You know, is there much growth going on and what you have? And you know what? I'll be down. >> We've been actually very surprising. That resource is that we get on our tier of VWs. It's like we're not even scratching the surface. So we keep looking at, you know, we need toe. Everyone says, Oh, you need to worry about scaling. You need to worry about this and that way Haven't even touched what we have s so we were right. Now our focus is more on just making sure things run and then start scaling us as we run into that issue. >> All right, Candy. Last thing. What will What brings you to this event? So obviously it's it's been doing more than virtual ization and canoeing cloud for about five years now. You know what? What? What? What brings you to this show? >> The community is fantastic. So I have been working with in a previous life I worked with somewhere, which is how I got it in tow. Vey tug. And the community around Socialization is just incredible, Very supportive. So it's like I try and give back, so come back. And >> so so just going to follow up on that. I know virtualization community, you know, very welcoming. And the like do you find in the cloud world similar types of communities? >> Yeah, so it's I've actually just started up, eh? Of'em will use a group and then a WS user group on both of those communities have been fantastic so far. I walk in also with PHP, as I said, and that's an entirely different community. I'm not saying it's not friendly, but it's a different style. >> Yeah, absolutely. You find different cultures and these various ecosystems. And yeah, it's very different. You know, the early VV number one, you've had people. It's like, Oh, I'm used to being about have to do a little bit of, you know, building on top of it. A Ws is definitely builders, you know, and what they're doing. And you know on that. So can we really appreciate you joining? Sharing your experiences on what's happened the cloud and the community's involved in? Yeah. Thanks for running user groups. Those air always super helpful, and it's usually done out of the passion and doing it. It's It's not like that. That's your day job, you know? All right. Candy Bates. Thanks so much for joining. Uh, I'm still Minutemen, and thanks so much >> for watching the cue.

>> Live from Las Vegas, it's the Cube, covering AWS re:Invent 2018! Brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> Okay, welcome back, everyone. It's the Cube's live coverage here in Las Vegas, at AWS re:Invent 2018. I'm John Furrier, here with Lauren Cooney. Host of the Cube: Amazon web services. There are maybe 2,000 people here at their event, re:Invent annual conference, breaking it all down. Storage, computer networking, part of the main infrastructures involving changing very rapidly and spawning new use cases, new value propositions, it's creating a great ecosystem dynamic. We're here with Erik Kaulburg, who is the vice president of Infinidat, Cube alumni, great to see you again. >> Nice to see you as well. >> Been on the Cube multiple times. I think last time it was at VMWorld, or a studio? >> At, actually, our product launch for the cloud storage solution, as well. >> So, you guys got a great reputation. Take a minute, just, for the folks who might now know Infinidad, explain what you guys do, and your disruptive innovation. >> So, for Infinidad, we're all about tier-one environments, and it's the data piece of that environment, today, although that may not be forever. And, it's consumed through a couple of different modalities, so one of our big pieces of news earlier this year was that we were going beyond just the InfiniBox solution, which we shipped over four exabytes of to enterprises all around the world today, and broadening that to address the secondary storage market with InfiniGuard and Neutrix Cloud, which is a way to consume our capabilities completely as an iAd service in conjunction with other public clouds. >> Let's get that in a second, I want to get to the product in a second, but I want to first get your take on the market conditions, cloud storage, you're seeing pure storage had a big announcement of now they're doing a device, now doing software on premise, Amazon's going to have a device on premise, it's up for the cloud. Like, what the hell is going on? Storage is certainly growing like crazy. What does the market look like? Obviously, API, microservices, these are important things. Data still is the number one opportunity, but still a challenge. You guys are the center of it, what's the market look like to you? >> Absolutely, I couldn't agree more with the idea that data is at the middle of everything, and the lines are getting blurry between on-prem and public cloud environments as well. So, what I'm seeing in general is that companies which used to sell boxes, or primarily sell boxes today, are trying to figure out ways to play in the public cloud environments, and they're taking one of two paths. One is to develop a solution that's kind of leveraging the built-in infrastructure from the major public clouds, and the other is to build alongside it and enable those major public clouds, and potentially do so in a slightly less captive manner. So, that's what I'm kind of seeing across the industry, with regards to the public cloud. >> What's the role of storage here at re:Invent, because, like I said, Holy Trinity is of infrastructures, computer storage, and networking, and as that evolves, with each one having its new capabilities with Cloudify, is enabling new opportunities. What is the storage role now in the modern era of cloud as it is today? What's your view on that? >> Well, part of it is just providing excellent data services that are at the core of so many of these emerging environments. Like, we were listening to Monday Night Live yesterday, and one of the distinguished folks on there from the machine learning team was talking about the importance of getting more training data, so that you can run these more advanced machine learning workflows, and get things done quicker. We use less PHP type resources to get a problem solved, so I think that category of solutions, where you're using more storage capabilities as an enabler for more business value, or more value in the end application, is a trend that's going to absolutely continue for quite a while. >> What's the hottest area in Amazon cloud native world for storage that you see a lot of customers gravitating to? What's the number one? >> Well, I think, in general if you look at the adoption patterns of their block, file, and objects storage offerings, object is still dominating the vast majority of those kinds of use cases, and it comes from the perspective of applications that were written with cloud native services in mind. However, we think, I think, that there's a whole opportunity there, outside of the traditional, traditional cloud native object architectures, in the block and file arena, which has largely been untapped by the data and storage services, and that's an area where we and others in the industry are looking to augment. >> What is the competition? What's, like, NetApp doing? Let me ask, everyone's got to be on mobile clouds. Amazon, clearly the leader. They're making the market, so unless, say Kubernetes doesn't intermediate their services, for the most part, that's the market leader, but you got to play on a lot of clouds, because customers aren't going to have one cloud, they're going to certainly be hybrid on premises and cloud, but certainly be on multiple clouds. What's, like, NetApp and these guys doing? What's the competition doing? >> So, what I see NetApp doing is taking that kind of cloud captive approach, to be honest, what I see is they've got tied immigration, which is very impressive, with several major public cloud vendors. However, the challenge is, when you want cross those silos, you have a little bit more complexity that arises with that approach. >> Like what? >> So, you may have to spin up a separate set of data in Azure. Let's say, if you want to have an application cross the boundaries between AWS and Azure. >> Okay, let's get back to your storage solution. Neutrix Cloud, what is this about? Explain the product at a high level, we drill into it. >> So on a fundamental level, we believe in flexibility of Infinidad, and that's extended through all sorts of aspects of our product portfolio, but specifically, with regards to cloud storage, Neutrix delivers flexibility of having an outside set of infrastructure that's still tightly integrated with the major public clouds, including AWS, of course, and it delivers high resiliency, the five nines SLA, which we've talked about, which we believe is best in class, as well as enterprise-grade capabilities that previously you really had to look to an on-prem array to be able to achieve. Large-scale snapshot operations, asynchronous and synchronous replication natively built in, all these kinds of things, which make it easier to take tier one applications from an on-prem environment and bring those to the public cloud environments. >> And what's the core problem that you solved with this product? >> It's, you can't get tier one cloud storage today. What we would argue, anyway, and our customers are telling us that the features and capabilities, and even business guarantees provisions around the cloud storage offerings in the market today simply don't exist to the level that they need to be to support the last, let's say, 30% of applications that have not yet moved on to the public clouds. So, that's what we're addressing, making it easier for storage to accomplish that. >> You guys always have impressive customers, always see the big names, give some examples of some use cases. >> So, our customers have fallen into two categories, with regards to Neutrix Cloud adoption. The easy case, and the most natural for many of them, since they are buying our on-prem infrastructure at a large scale today, is, well, let's start replicating that infrastructure to the Neutrix cloud environment, maybe do it as a disaster-recovery target, things like that, and we think that there's value there. There's lots of companies which do DR as a service, to be honest, we don't see that as necessarily the core competency, but it's a stepping stone to the second use case, which is cloud adoption for these tier one applications, and bringing them the flexibility of potentially having multiple cloud platforms addressing the same data. >> We talked about the cloud guys, so we don't want to put you on the spot here, because this is the same patterns happening. Old world storage was stack up the storage, and provision the storage, stuff goes on there, block, file, that good stuff. Now, with the cloud, and Amazon, this is where I want to get the Amazon tie-in with you guys, because storage is not necessarily just a magic, quadrant-like thing. Oh, back-up and recovery, this and that, you're starting to see much more of a platform approach. And successful platforms enable things to be successful. It's not like I built it for this, purpose-built kind of storage. Do you guys see yourselves as a data platform, and if so, what does that mean, and what are those key value points that you're creating off that platform? >> I think you said it, actually, better than I did, that ultimately, we want customers to be able to consume our differentiated data services in whatever modality they prefer. So, if that's an on-prem infrastructure piece, if that's a back-up optimizing environment, if that's a public cloud service, we offer all those today, and customers can take their data from one to the other or even view it as a single, kind of, data architecture that crosses all of those traditional silos. >> So, were you looking at, you know, kind of one of the things that I'm listening to you guys chat, and one of the things that I'm thinking of is, how hard is it for a customer to actually adopt your technology and deliver it, you know, utilize it, across multiple environments? >> So, many of the traditional on-prem infrastructure players have great barriers associated with their public cloud services. We're not one of them. We took an intentionally different approach, and learned from companies like AWS on how you can get clients easily onto the solution, how they can pay for it easily, and how, ultimately, they can deploy it in a large scale public cloud environment very easily. That's a huge part of the investment that we put into developing the Neutrix Cloud service. >> Right. >> So we can have clients up and running in less than a day, from initial contact to large scale adoption, and it could be even faster than that as well. >> Now onto your relations with Amazon. What's it like, what's the details of it, what's the value, what's the connection point? >> I think we all agree that tier one applications are the last major bastion for public cloud adoption. These are things which you would have had on legacy big iron infrastructure, and so, to the extent Neutrix Cloud enables those tier one applications to move to the public cloud, to move to AWS, there's a lot of synergy there in the relationship, so we're absolutely an Amazon technology partner. We enjoy great working relationship with them, there are certainly areas where we overlap, but if we all agree on the end goal, we've been able to make some impressive business strategies. >> So, who are you competitors that you're most, kind of, focused on? Well, you shouldn't be focused on your competitors, you should be focused on what you're doing, but who are the competitors that kind of keep you up a little bit at night? >> I would say others that people would lump in this space, include NetApp Solutions in the public cloud environments, we see a couple of small start-ups, like Zadara, for example, from time to time, but to be honest, the biggest competitive kind of scenario that we see is just using the native public cloud services. And customers have to think about, well, I'm planning on replatforming my application, how am I going to design it from a storage perspective and often they don't even think that there are alternatives beyond the native offerings that could potentially add more value to their environments. So, that's when we come into the conversation, and from that point forward, generally, if we have a good enterprise type workload, the value proposition is instant and obvious. >> You know, when you guys came out, we've been following you guys since your founding, Gabe and I would always talk about Infinidat. You got good pedigree of a team. Classic storage. You have a good storage market. You guys take a different approach with this start-up. Founders did this time. How do you describe the key differentiator for you guys? What's the, you mentioned earlier, it's the tier one storage, but what's the secret sauce, what's the culture like? People want to peek inside Infinidad. What are they buying? What are they really getting, besides the product performance? What's the culture like, what's the company's view on the future world, serious insight. >> I think there's several elements to that, of course, but a lot of it comes from that founding DNA. So, Moshe Yanai, who basically defined the enterprise storage category overall back in EMC, had a succession of teams that he's built over the years, and he's really brought all of those key elements together. Three generations of storage expertise. >> Successful, by the way, three generations of exits, >> Absolutely, yeah. Building an organic business, selling a business, and now this is the business that he wants to leave to his grandchildren at some point. >> How's it going so far, how's business in general? >> Well, you know, we're private, so I can't say specifics, but I'd say we're definitely heading in the right direction. Growth has been phenomenal, the adoption of our portfolio solutions, in addition to just the core product, has really put us in a position of a very strong, long-term independence. >> Portfolios in terms of product capabilities or industries you're serving, or both? >> It's, actually, on both fronts. I was referring to the product portfolio but we've definitely broadened from our initial base in the financial services sector, which is a hard nut to crack in general, as a, you know, into a lot of different use cases, because it turns out that industries have a high demand for data across virtually every sector. So, we go where the data is. >> What's next? What's the next milestone for you guys? What're you lookin' to do next? >> Well, we did just have a major product release, so I'm glad that we've that, you know, out there, we're getting customers in the cloud space. I think the end of this year is going to be very, very strong for us from a business perspective and then next year, lots of great product announcements, and then ultimately, you know, we'll say some more on the business momentum there as well. >> All right, Erik, thanks for coming on the Cube show, thanks for the update. Infinidad, check them out, successful exit, multiple ties in the entrepreneurial team there, growing, doing great, storage has been going away, neither is networking, and neither is computing, it's only going to get better, stronger, as the cloud brings in more capabilities with machine learning and more use cases, new work loads, new capabilities. The Cube bringing it down with two sets here in Las Vegas. I'm John Furrier and Lauren Cooney, on set one. Stay with us for more coverage after this short break. (electronic music)

(bright symphony music) >> Hello, I'm John Furrier, the founder of SiliconANGLE Media and co-host of theCUBE. We're here in Paulo Alto at our studio here. I'm joining with Joseph Jacks, the founder and general partner of OSS Capital. Open Source Software Capital, is what OSS stands for. He's also the founder of KubeCon which now is part of the CNCF. It's a huge conference around Kubernetes. He's a cloud guy. He knows open source. Very well respected in the industry and also a great guest and friend of theCUBE, CUBE alumni. Joseph, great to see you. Also known as JJ. JJ, good to see you. >> Thank you for having me on again, John. >> Hey, great to have you come on. I know we've talked many times on theCUBE, but you've got some exciting news. You got a new firm, OSS Capital. Open Source Software, not operational support like a telco, but this is an investment opportunity where you're making investments. Congratulations. >> Thank you. >> So I know you can't talk about some of the specifics on the funds size, but you are actually going to go out, talk to entrepreneurs, make some equity investments. Around open source software. What's the thesis? How did you get here, why did you do it? What's motivating you, and what's the thesis? >> A lot of questions in there. Yeah, I mean this is a really profoundly huge year for open source software. On a bunch of different levels. I think the biggest kind of thing everyone anchors towards is GitHub being acquired by Microsoft. Just a couple of weeks ago, we had the two huge hadoop vendors join forces. That, I think, surprised a lot of people. MuleSoft, which is a big opensource middleware company, getting acquired by Salesforce just a year after going public. Just a huge outcome. I think one observation, just to sort of like summarize the year 2018, is actually, starting in January, almost on sort of like a monthly basis, we've observed a major sort of opensource software company outcome. And sort of kicking off the year, we had CoreOS getting acquired by Red Hat. Brandon and Alex, the founders over there, built a really interesting company in the Kubernetes ecosystem. And I think in February, Al Fresco, which is an open source content portal taking privatization outcome from a private equity firm, I believe in March we had Magento getting acquired by Adobe, which an open source based CMS. PHP CMS. So just a lot of activity for significant outcomes. Multibillion dollar outcomes of commercial open source companies. And open source software is something like 20 years old. 20 years in the making. And this year in particular, I've just seen just a huge amount of large scale outcomes that have been many years in the making from companies that have taken lots of venture funding. And in a lot of cases, sort of partially focused funding from different investors that have an affinity for open source software and sort of understand the uniqueness of the open source model when it's applied to business, when it's applied to company building. But more sort of opportunistic and sort of affinity oriented, as opposed to a pure focus. So that's kind of been part of the motivation. I'd say the more authentically compelling motivation for doing this is that it just needs to exist. This is sort of a model that is happening by necessity. We're seeing more and more software companies be open source software companies. So open source first. They're built in a distributed way. They're leveraging engineers and talent around the world. They're just part of this open source kind of philosophy. And they are fundamentally kind of commercial open source software companies. We felt that if you had a firm basically designed in a way to exclusively focus on those kind of companies, and where the firmware actually backed and supported by the founders of the largest commercial open source companies in the world before sort of the last decade. That could actually deliver a lot of value. So we've been sort of blogging a little bit about this. >> And you wrote a great post on it. I read about open source monetization. But I think one of the things I'm seeing as well that supports your thesis, and I like to get your reaction to it because I think this is something that's not really talked about, but open source is still young. I mean, you go back. I remember the days when we used to have to hide in the shadows to get licenses and pirate stuff and do all those crazy stuff. But now, it's only a couple decades away. The leaders that were investing were usually entrepreneurs that've been successful. The Rob Bearns, the Amar Wadhwa, the guy that did Spring. All these different open source. Linux, obviously, great success story. But there hasn't any been any institutional. Yeah, you got benchmark, other things, done some investments. A discipline around open source. Where open source is now table stakes in all software development. Cloud is scaling, scaling out globally. There's no real foc- There's never been a firm that's been focused on- Just open source from a commercial, while maintaining the purity and ethos of open source. I mean, is that. >> You agree? >> That's true. >> 100%, yeah. That's been the big part of creating the firm is aligning and solving for a pure focused structure. And I think what I'll say abstractly is this sort of venture capital, venture style approach to funding enterprise technology companies, software companies in general, has been to kind of find great entrepreneurs and in an abstract way that can build great technology companies. Can bring them to market, can sell them, and can scale them, and so on. And either create categories, or dominate existing categories, and disrupt incumbents, and so on. And I think while that has worked for quite a while, in the venture industry overall, in the 50, 60 years of the venture industry, lots of successful firms, I think what we're starting to see is a necessary shift toward accounting for the fundamental differences of opensource software as it relates to new technology getting created and going, and new software companies kind of coming into market. So we actually fundamentally believe that commercial open source software companies are fundamentally different. Functionally in almost every way, as compared to proprietary closed source software companies of the last 30 years. And the way we've sort of designed our firm and we'll about ten people pretty soon. We're just about a month in. We're growing the team quickly, but we're sort of a small, focused team. >> A ten's not focused small, I mean, I know venture firms that have two billion in management that don't have more than 20 people. >> Well, we have portfolio partners that are focused in different functional areas where commercial open source software companies have really fundamental differences. If you were to sort of stack rank, by function, where commercial open source software companies are really fundamentally different, sort of top to bottom. Legal would be, probably, the very top of the list. Right, in terms of license compliance management, structuring all the sort of protections and provisions around how intellectual property is actually shipped to and sold to customers. The legal licensing aspects. The commercial software licensing. This is quite a polarizing hot topic these days. The second big functional area where we have a portfolio partner focused on this is finance. Finance is another area where commercial open source software companies have to sort of behaviorally orient and apply that function very, very differently as compared to proprietary software companies. So we're crazy honored and excited to have world experts and very respected leaders in those different areas sort of helping to provide sort of different pillars of wisdom to our portfolio companies, our portfolio founders, in those different functional areas. And we provide a really focused kind of structure for them. >> Well I want to ask you the kind of question that kind of bridges the old way and new way, 'cause I definitely see you guys definitely being new and different, which is good. Or as Andy Jassy would say, you can be misunderstood for a while, but as you become successful, people will start understanding what you do. And that's a great example of Amazon. The pattern with success is traditionally the same. If we kind of encapsulate the difference between open source old and new, and that is you have something of value, and you're disrupting the market and collecting rents from it. Or revenue, or profit. So that's commercial, that's how businesses run. How are you guys going to disrupt with open source software the next generation value creation? We know how value's created, certainly in software that opensource has shown a path on how to create value in writing software if code is value and functionality's value. But to commercialize and create revenue, which is people paying something for something. That's a little bit different kind of value extraction from the value creation. So open source software can create value in functionality and value product. Now you bring it to the market, you get paid for it, you have to disrupt somebody, you have to create something. How are you looking at that? What's the vision of the creation, the extraction of value, who's disrupted, is it greenfield new opportunities? What's your vision? >> A lot of nuance and complexity in that question. What I would say is- >> Well, open source is creating products. >> Well, open source is the basis for creating products in a different kind of way. I'll go back to your question around let's just sort of maybe simplify it as the value creation and the value capture dynamics, right? We've sort of written a few posts about this, and it's subtle, but it's easy to understand if you look at it from a fundamental kind of perspective. We actually believe, and we'll be publishing research on this, and maybe even sort of more principled scientific, perhaps, even ways of looking at it. And then blog posts and research. We believe that open source software will always generate or create orders of magnitude more value than any constituent can capture. Right, and that's a fundamental way of looking at it. So if you see how cloud providers are capturing value that open source creates, whether it's Elasticsearch, or Postgres, or MySQL or Hadoop. And then commercial open source software companies that capture value that open source software creates, whether it's companies like Confluent around Kafka, or Cloudera around Hadoop, or Databricks around Apache Spark. Or whether it's the creators of those projects. The creators of Spark and Hadoop and Elasticsearch, sometimes many of them are the founders of those companies I mentioned, and sometimes they're not. We just believe regardless of how that sort of value is captured by the cloud providers, the commercial vendors, or the creators, the value created relative to the value captured will always be orders and orders of magnitude greater. And this is expressed in another way, which this may be easier to understand, it's a sort of reinforcing this kind of assertion that there's orders of magnitude value created far greater than what can be captured. If you were to do a survey, which we're currently in the process of doing, and I'm happy to sort of say that publicly for the first time here, of all the commercial open source software companies that have projects with large significant adoption, whether, say for example, it's Docker, with millions of users, or Apache Hadoop. How many Hadoop deployments there are. How many customers' companies are there running Hadoop deployments. Or it may be even MySQL. How many MySQL installations are there. And then you were to sort of survey those companies and see how many end users are there relative to how many customers are paying for the usage of the project. It would probably be something like if there were a million users of a given project, the company behind that project or the cloud provider, or say the end user, the developer behind the project, is unlikely to capture more than, say, 1% or a couple percent of those end users to companies, to paying companies, to paying customers. And many times, that's high. Many times, 1% to 2% is very high. Often, what we've seen actually anecdotally, and we're doing principled research around this, and we'll have data here across a large number of companies, many times it's a fraction of 1%. Which is just sort of maybe sometimes 10% of 1%, or even smaller. >> So the practitioners will be making more money than the actual vendors? >> Absolutely right. End users and practitioners always stand to benefit far greater because of the fundamental nature of open source. It's permissionless, it's disaggregated, the value creation dynamics are untethered, and it is fundamentally freely available to use, freely available to contribute to, with different constraints based on the license. However, all those things are sort of like disaggregating the creating of technology into sort of an unbounded network. And that's really, really incredible. >> Okay, so first of all, I agree with your premise 100%. We've seen it with CUBE, where videos are free. >> And that's a good thing. All those things are good. >> And Dave Vellante says this all the time on theCUBE. And we actually pointed this out and called this in the Hadoop ecosystem in 2012. In fact, we actually said that on theCUBE, and it turned out to be true, 'cause look at Hortonworks and Cloudera had to merge because, again, the market changed very quickly >> Value Creation. >> Because value >> Was created around them in the immediate cloud, etc. So the question is, that changes the valuation mechanisms. So if this true, which we believe it is. Just say it is. Then the traditional net present value cash flow metric of the value of the firm, not your firm, but, like, if I'm an open source firm, I'm only one portion of the extraction. I'm a supplier, and I'm an enabler, the valuation on cash flow might not be as great as the real impact. So the question I have for you, have you thought about the valuation? 'Cause now you're thinking about bigger construct community network effects. These are new dynamics. I don't think anyone's actually crunched a valuation model around this. So if someone knew that, say for example, an open source project created all this value, and they weren't necessarily harvesting it from a cash flow perspective, there might be other ways to monetize it. Have you though about that, and what's your reaction to that concept? 'Cause capitalism would kind of shake down the system. 'Cause why would someone be motivated to participate if they're not capturing any value? So if the value shifts, are they still going to be able to participate? You follow the logic I'm trying to- >> I definitely do. I think what I would say to that is we expect and we encourage and we will absolutely heavily invest in more business model innovation in the area of open source. So what I mean by that is, and it's important to sort of qualify a few things there. There's a huge amount of polarization and lack of consensus, lack of industry consensus on what it actually means to have or implement an open source based business model. In fact there's a lot of people who just sort of point blankedly assert that an opensource business model does not exist. We believe that many business models for monetizing and commercializing open source exist. We've blogged and written about a few of them. Their services and training and support. There's open core, which is very effective in sort of a spectrum of ways to implement open core. Around the core, you can have a thin crust or a thick crust. There's SAS. There are hardware based distribution models, things like Sourcefire, and Cumulus Networks. And there are also network based approaches. For example, project called Storj or Stor-J. Being developed and run now by Ben Golub, who's the former CEO of Docker. >> CUBE alumni. >> Ben's really great open source veteran. This is a network, kind of decentralized network based approach of sort of right sizing the production and consumption of the resource of a storage based open source project in a decentralized network. So those are sort of four or five ways to commercializing value, however, four or five ways of commercializing value, however what we believe is that there will be more business model innovation. There will be more developments around how you can better capture more, or in different ways, the value that open source creates. However, what I will say though, is it is unrealistic to expect two things. It is unrealistic and, in fact, unfair to expect that any of those constituents will contribute back to open source proportional to the value that they received from it, or the benefit, and I'm actually paraphrasing Doug Cutting there, who tweeted this a couple of years ago. Very profoundly deep, wise tweet, which I very strongly agree with. And it is also unrealistic to expect a second thing, which is that any of those constituents can capture a material portion of the value that open source creates, which I would assert is many trillions of dollars, perhaps tens of trillions of dollars. It's really hard to quantify that. And it's not just dollars in economic sense, it's dollars in productivity time saved, new markets, new areas, and so on. >> Yeah, I think this is interesting, and I think that we'll be an open book at that. But I will say that what I've observed in looking through all these CUBE interviews, I think that business model innovation absolutely is something that is an IP. >> We need it. Well, it's now intellectual property, the business model isn't, hey I went to business school, learned this at Babson or Harvard, I learned this business model. We're going to do SAS premium. Okay, I get that. There's going to be very interesting new innovations coming, and I think that's the new IP. 'Cause open source, if it's community based, there's going to be formulas. So that's going to be really inter- Okay, so now let's get back to actual funding itself. You guys are doing early stage. Can you take us through the approach? >> We're very focused on early stage, investing, and backing teams that are, just sort of welcoming the idea of a commercial entity around their open source project. Or building a business fundamentally dependent on an open source project or maybe even more than one. The reason for that is this is really where there's a lot of structural inefficiency in supporting and backing those types of founders. >> I think one of the things with ... is with that acquisition. They were pure on the open source side, doing a great job, didn't want to push the business model too hard because the open source, let's face it, you got people like, eh, I don't want to get caught on the business side, and get revenue, perverse incentives might come up, or fear of incentives that might be different or not aligned. Was a great a value. >> I think so. >> So Red Hat got a steal on that one. But as you go forward, there's going to be certainly a lot more stuff. We're seeing a lot of it now in CNCF, for instance. I want to get your thoughts on this because, being the co founder of KubeCon, and donating it to the CNCF, Kubernetes is the hottest thing on the planet, as we talked about many years ago. What's your take on that, now? I see exciting things happening. What is the impact of Kubernetes, in your opinion, to the world, and where do you see that evolving rapidly, and where is the focus here as the people should be paying attention to? >> I think that Kubernetes replaces EC2. Kubernetes is a disaggregated API for distributed computing anywhere. And it happens to be portable and able to run on any kind of computer infrastructure, which sort of makes it like a liquid disaggregated EC2-like API. Which a lot of people have been sort of chasing and trying to implement for many years with things like OpenStack or Eucalyptus. But interestingly, Kubernetes is sort of the right abstraction for distributed computing, because it meets people where they are architecturally. It's sort of aligned with this current movement around distributed systems first designs. Microservices, packaging things in small compartmentalized units. >> Good for integrating of existing stuff. >> Absolutely, and it's very composable, un-opinionated architecturally. So you can sort of take an application and structure it in any given way, and as long as it has this sort of isolation boundary of a container, you can run it on Kubernetes without needing to sort of retrofit the architecture, which is really awesome. I think Kubernetes is a foundational part of the next kind of computing paradigm in the same way that Linux was foundational to the computing paradigm that gave rise to the internet. We had commodity hardware meeting open source based sort of cost reduction and efficiency, which really Linux enabled, and the movement toward scale out data center infrastructure that supported the Internet's sort of maturity and infrastructure. I think we're starting to see the same type of repeat effect thanks to Kubernetes basically being really well received by engineers, by the cloud providers. It's now the universal sort of standard for running container based applications on the different cloud providers. >> And think having the non-technical opinion posture, as you said, architectural posture, allows it to be compatible with a new kind of heterogeneous. >> Heterogeneity is critical. >> Heterogeneity is key, 'cause it's not just within the environment, it's also within each vendor, or customer has more heterogeneity. So, okay, now that's key. So multi cloud, I want to get your thoughts on multi cloud, because now this goes into some of things that might build on top of if Kubernetes continues to go down the road that you say it does. Then the next question is, stateful applications, service meshes. >> A lot of buzz words. A lot of buzz words in there. Stateful application's real because at a certain point in time, you have a maturity curve with critical infrastructure that starts to become appealing for stateful mission critical storage systems, which is typically where you have all the crown jewels of a given company's infrastructure, whether it's a transactional system, or reading and writing core customer, or financial service information, or whatever it is. So Kubernetes' starting to hit this maturity curve where people are migrating really serious mission critical storage workloads onto that platform. And obviously we're going to start to see even more critical work loads. We're starting to see Edge workloads because Kubernetes is a pretty low footprint system, so you can run it on Edge devices, you can even run it on microcontrollers. We're sort of past the experimental, you know, fun and games was Raspberry Pi, sort of towers, and people actually legitimately doing real world Edge kind of deployments with Kubernetes. We're absolutely starting to see multi-geo, multi-replication, multi-cloud sort of style architectures becoming real, as well. Because Kubernetes is this API that the industry's agreeing upon sufficiently. We actually have agreement around this sort of surface area for distributed system style computing that if cloud providers can actually standardize on in a way that lets application specific vendors or new types of application deployment models innovate further, then we can really unlock this sort of tight coupling of proprietary services inside cloud providers and disaggregate it. Which is really exciting, and I forget the Netscape, Jim Barksdale. Bundling, un-bundling. We're starting to see the un-bundling of proprietary cloud computing service API's. Things like Kinesis, and ALB and ELB and proprietary storage services, and these other sticky services get un-bundled because of two big things. Open source, obviously, we have open source alternative data paths. And then we have Kubernetes which allows us to sort of disaggregate things out pretty easily. >> I want to hear your thoughts, one final concept, before we break, 'cause I was having a private conversation with three people besides myself. A big time CIO of a company that if I said the name everyone would go, oh my god, that guy is huge, he's seen it all going back many, many ways. Currently done a lot of innovation. A hardcore network chip guy who knows networking, old school infrastructure. And then a cloud native application founder who knows a lot about software development and is state-of-the-art cloud native. So cloud native, all experienced, old-school, kind of about my age, a cloud native app developer, a big time CIO, and a chip networking kind of infrastructure guy. And we're talking, and one thing that came out, I want to get you thoughts on this, he says, so what's going on with DevOps, how do you see this service mesh, is a stay for (mumbles) on top of the stack, no stacks, horizontally scalable. And the comment that came out was storage and networking have had this relationship with everything since day one. Network moves a packet from point A to point B, and nothing happens in between, maybe some inspection. And storage goes from here now to the then, because you store it. He goes, that premise moves up the stacks, so then the cloud native guy goes, well that's what's happening up at the top, there's a lot of moving things around, workloads and or services, provisioning services, and then from now to then state. In real time. And what dawned on the next conversation the CIO goes, well this is exactly our challenge. We have under the hood infrastructure being programmable, >> We're having some trouble with the connection. Please try again. >> My phone's calling me. >> Programmable connections. >> So you got the programmable on the top of the stack too, so the CIO said, that's exactly the problem we're trying to solve. We're trying to solve some of these network storage concepts now at an application level. Your thoughts to that. >> Well, I think if I could tease apart everything you just said, which is profound synthesis of a lot of different things, I think we've started to see application logic leak out of application code itself into dedicated layers that are really good at doing one specific thing. So traditionally we had some crud style kind of behavioral semantics implemented around business logic. And then, inside of that, you also had libraries for doing connectivity and lookups and service discovery and locking and key management and encryption and coordination with other types of applications. And all that stuff was sort of shoved into the single big application binary. And now, we're starting to see all those language runtime specific parts of application code sort of crack or leak out into these dedicated, highly scalable, Unix philosophy oriented sort of like layers. So things like Envoy are really just built for the sort of nervous system layer of application communication fabric up and down the layer two through layer seven sort of protocol transport stack, which is really profound. We're seeing things like Vault from Hashicorp handle secure key storage persistence of application dedication, authorization, metadata and information to sort of access different systems and end points. And that's a dedicated sort of stateful layer that you can sort of fragment out and delegate sort of application specific functionality to, which is really great for scalability reasons. And on, and on, and on. So we've started to see that, and I think one way of looking at that is it's a cycle. It's the sort of bundling and un-bundling aspect. >> One of the granny level services are getting a really low level- >> Yeah, it's a sort of like bundling and un-bundling and so we've got all this un-bundling happening out of application code to these dedicated layers. The bundling back may happen. I've actually seen a few Bay Area companies go like, we're going back to the monolith 'cause it actually gives us lots of efficiencies in things that we though were trade offs before. We're actually comfortable with a big monorepo, and one or two core languages, and we're going to build everything into these big binaries, and everyone's going to sort of live in the same source code repository and break things out through folders or whatever. There's a lot of really interesting things. I don't want to say we're sort of clear on where this bundling, un-bundling is happening, but I do think that there's a lot of un-bundling happening right now. And there's a lot of opportunity there. >> And the open source, obviously, driving it. So final question for you, how many deals have you done? Can you talk a little bit about the firm? And exciting things and plans that you have going forward. >> Yeah, we're going to be making a lot of announcements over the next few months, and we're, I guess, extremely thrilled. I don't want to say overwhelmed, 'cause we're able to handle all of the volume and inquiries and inbound interest. We're really honored and thrilled by the reception over the last couple weeks from announcing the firm on the first of October, sort of before the Hortonworks Cloudera merger. The JFrog funding announcement that week. The Elastic IPO. Just a lot of really awesome things happened that week. This is obviously before Microsoft open sourced all their patents. We'll be announcing more investments that we've made. We announced our first one on the first of October as well with the announcement of the firm. We've made a good number of investments. We're not able to talk to much about our first initiative, but you'll hear more about that in the near future. >> Well, we're excited. I think it's the timing's perfect. I know you've been working on this kind of vision for a while, and I think it's really great timing. Congratulations, JJ >> Thank you so much. Thanks for having me on. >> Joesph Jacks, also known as JJ, founder and general partner of OSS Capital, Open Source Software Capital, co founder of KubeCon, which is now part of the CNCF. A real great player in the community and the ecosystem, great to have him on theCUBE, thanks for coming in. I'm John Furrier, thanks for watching. >> Thanks, John. (bright symphony music)

>> Announcer: From San Francisco, it's theCUBE. Covering Red Hat Summit 2018 brought to you by Red Hat. >> Hello everyone and welcome back to see CUBE's exclusive coverage of Red Hat Summit 2018 live in San Francisco, California at Moscone West. I'm John Furrier, your cohost of theCUBE with John Troyer co-founder of Tech Reckoning advisory and community development firm. Our next two guests Mike Piech Vice President and General Manager of middleware at Red Hat and Mark Little, Vice President of Software Engineering for middleware at Red Hat. This is the stack wars right here. Guys thanks for coming back, good to see you guys again. >> Great to see you too. >> So we love Middleware because Dave Vellante and I and Stu always talk about like the real value is going to be created in abstraction layers. You're seeing examples of that all over the place but Kubernetes containers, multi-cloud conversations. Workload management and all these things are happening at these really cool abstraction layers. That's obviously you say global I say middleware but you know it's where the action is. So I got to ask you, super cool that you guys have been leading in there but the new stuff's happening. So let's just go review last year or was it this year? What's different this year, new things happening within the company? We see core OS' in there, you guys got OpenShift is humming along beautifully. What's new in the middleware group? >> There's a few things. I'll take one and then maybe Mike can think of another while I'm speaking but when we were here this time last year we were talking about functions as a service or server-less and we had a project of our own called Funktion with a K, between then and now the developer affinity around functions as a service has just grown. Lots of people are now using it and starting to use it in production. We did a review of what we were doing back then and looked around at other efforts that were in the market space and we decided actually we wanted to get involved with a large community of developers and try and move that in a direction that was pretty beneficial for everybody but clearly for ourselves. And we've decided, and we announced this publicly last year but we're now involved with a project called Apache OpenWhisk instead of Funktion. And OpenWhisk is a project that IBM originally kicked off. We got involved, it was tied very closely to cloud foundering so one of the first things that we've been doing is making it more Kubernetes native and allowing it to run on OpenShift. In fact we're making some announcements this week around our functions are service based on Apache OpenWhisk. But that's probably one of the bigger things that's changed in the last 12 months. >> I would just add to that that across the rest of the middleware portfolio which is as you know, a wide range of different technologies, different products, in our integration area we continue to push ahead with containerizing, putting the integration technologies in the containers, making it easier to basically connect the different components of applications and different applications to each other together through different integration paradigms whether it's messaging or more of a bus style. So with our Jboss Fuse and our AMQ we've made great progress in continuing to refine how those are invoked and consumed in the Openshift environment. Forthcoming very shortly, literally in the next week or two is our integration platform as a service based on the Fuse and AMQ technologies. In addition we've continued to charge ahead with our API management solution based on the technology we acquired from Threescale a couple of years ago. So that is coming along nicely, being very well adopted by our customers. Then further up the stack on the process automation front, so some of the business process management types of technologies we've continued to push ahead with containerizing and that was being higher up the stack and a little bit bigger a scale of technology was a little bit more complex in really setting it up for the containerized world but we've got our Process Automation 7.0 release coming out in the next few weeks. That includes some exciting new technology around case management, so really bringing all of those traditional middleware capabilities forward into the Cloud Native, containerized environment has been I would say the most significant focus of our efforts over the last year. >> Go ahead. >> Can you contextualize some of that a little bit for us? The OpenShift obviously a big topic of conversation here. You know the new thing that everyone's looking at and Kubernetes, but these service layers, these layers it takes to build an app still necessary, Jboss a piece of this stack is 17, 18 years old, right? So can you contextualize it a little bit for people thinking about okay we've got OpenStack on the bottom, we've got OpenShift, where does the middleware and the business process, how has that had to be modernized? And how are people, the Java developers, still fitting into the equation? >> Mark: So a lot of that contextualization can actually, if we go back about four or five years, we announced an initiative called Xpass which was to essentially take the rich middleware suite of products and capabilities we had, and decompose them into independently consumable services kind of like what you see when you look at AWS. They've got the simple queuing service, simple messaging service. We have those capabilities but in the past they were bundled together in an app server, so we worked to pull them apart and allow people to use them independently so if you wanted transactions, or you wanted security, you didn't have to consume the whole app server you actually had these as independent services, so that was Xpass. We've continued on that road for the past few years and a lot of those services are now available as part and parcel of OpenShift. To get to the developer side of things, then we put language veneers on top of those because we're a Java company, well at least middleware is, but there's a lot more than Java out there. There's a lot of people who like to use Pearl or PHP or JavaScript or Go, so we can provide language specific clients for them to interact. At the end of the day, your JavaScript developer who's using bulletproof, high performing messaging doesn't need to know that most of it is implemented in Java. It's just a complete opaque box to them in a way. >> John F: So this is a trend of microservices, this granularity concept of this decomposition, things that you guys are doing is to line up with what people want, work with services directly. >> Absolutely right, to give developers the entire spectrum of granularity. So they can basically architect at a granularity that's appropriate for the given part of their job they're working on it's not a one size fits all proposition. It's not like throw all the monoliths out and decompose every last workload into it's finest grain possible pieces. There's a time and a place for ultra-fine granularity and there's also a time and a place to group things together and with the way that we're providing our runtimes and the reference architectures and the general design paradigm that we're sort of curating and recommending for our customers, it really is all about, not just the right tool for the job but the right granularity for the job. >> It's really choice too, I mean people can choose and then based on their architecture they can manage it the way they want from a design standpoint. Alright I got to get your guys' opinion on something. Certainly we had a great week in Copenhagen last week, in Denmark, around CUBECon, Kubernetes conference, Cloud NativeCon, whatever it's called, they're called two things. There was a rallying cry around Kubernetes and really the community felt like that Linix moment or that TCPIP moment where people talk about standards but like when will we just do something? We got to get behind it and then differentiate and provide all kinds of coolness around it. Core defacto stand with Kubernetes is opening up all kinds of new creative license for developers, it's also bringing up an accelerated growth. Istio's right around the corner, Cubeflow have the cool stuff on how software's being built. >> Right. >> So very cool rallying cry. What is the rallying cry in middleware, in your world? Is there a similar impact going on and what is that? >> Yeah >> Because you guys are certainly affected by this, this is how software will be built. It's going to be orchestrated, composed, granularity options, all kinds of microservices, what's the rallying cry in the middleware? >> So I think the rallying cry, two years ago, at Summit we announced something called MicroProfile with IBM, with Tomitribe, another apps vendor, Piara and a few quite large Java user groups to try and do something innovative and microservices specific with Enterprise Java. It was incredibly successful but the big elephant in the room who wasn't involved in that was Oracle, who at the time was still controlling Java E and a lot of what we do is dependent on Java E, a lot of what other vendors who don't necessarily talk about it do is also dependent on Java E to one degree or another. Even Pivotal with Springboot requires a lot of core services like messaging and transactions that are defined in Java E. So two years further forward where we are today, we've been working with IBM and Oracle and others and we've actually moved, or in process of moving all of Java E away from the old process, away from a single vendor's control into the Eclipse Foundation and although that's going to take us a little while longer to do we've been on that path for about four or five months. The amount of buzz and interest in the community and from companies big and small who would never have got involved in Java E in the past is immense. We're seeing new people get involved with Eclipse Foundation, and new companies get involved with Eclipse Foundation on a daily basis so that they can get in there and start to innovate in Enterprise Java in a much more agile and interesting way than they could have done in the past. I think that's kind of our rallying call because like I said we're getting lots of vendors, Pivotal's involved, Fujitsu. >> John F: And the impact of this is going to be what? >> A lot more innovation, a lot quicker innovation and it's not going to be at the slow speed of standards it's going to be at the fast, upstream, open source innovative speed that we see in likes of Kubernetes. >> And Eclipse has got a good reputation as well. >> Yeah, the other significant thing here, in addition to the faster innovation is it's a way forward for all of that existing Java expertise, it's a way for some of the patterns and some of the knowledge that they have already to be applied in this new world of Cloud Native. So you're not throwing out all that and having to essentially retrain double digit millions of developers around the world. >> John F: It's instant developer actually and plus Java's a great language, it's the bulldozer of languages, it can move a lot, it does a lot of heavy lifting >> Yep. >> And there's a lot of developers out there. Okay, final question I know you guys got to go, thanks for spending the time on theCUBE, really appreciate certainly very relevant, middleware is key to the all the action. Lot of glue going on in that layers. What's going on at the show here for you guys? What's hot, what should people pay attention to? What should they look for? >> Mark: I'll give my take, what's hot is any talk to do with middleware >> (laughs) Biased. >> But kind of seriously we do have a lot of good stuff going on with messaging and Kafka. Kafka's really hot at the moment. We've just released our own project which is eventually going to become a product called Strimsy, integrated with OpenShift so it's coognative from the get-go, it's available now. We're integrating that with OpenWhisk, which we talked about earlier, and also with our own reactive async platform called Vertex, so there's a number of sessions on that and if I get a chance I'm hoping to say into one >> John F: So real quick though I mean streaming is important because you talk about granularity, people are going to start streaming services with service measures right around the corner, the notion of streaming asynchronously is going to be a huge deal >> Absolutely, absolutely. >> Mark: And tapping into that stream at any point in time and then pulling the plug and then doing the work based on that. >> Also real quick, Kubernetes, obviously the momentum is phenomenal in Cloud Native but becoming a first class citizen in the enterprise, still some work to do. Thoughts on that real quick? Would you say Kubernetes's Native, is it coming faster? Will it ever be, certainly I think it will be but. >> I think this is the year of Kubernetes and of enterprise Kubernetes. >> Mike: I mean you just look at the phenomenal growth of OpenShift and that in a way speaks directly to this point >> Mike, what's hot, what's hot? What are you doing at the show, what should we look at? I'd add to, I certainly would echo the points Mark made and in addition to that I would take a look at any session here on API management. Again within middleware the three-scale technology we acquired is still going gangbusters, the customers are loving that, finding it extremely helpful as they start to navigate the complexity of doing essentially distributive computing using containers and microservices, getting more disciplined about API management is of huge relevance in that world, so that would be the next thing I'd add. >> Congratulations guys, finally the operating system called the Cloud is taking over the world. It's basically distributed computer all connected together, it sounds like >> All that stuff we learned in the eighties right (laughs) >> It's a systems world, the middleware is changing the game, modern software construction of Apple cases all being done in a new way, looking at orchestration, server lists, service meshes all happening in real time, guys congratulations on the all the work and Red Hats. Be keeping it in the open, Java E coming around the corner as well, it's theCUBE bringing it out in the open here in San Francisco, I'm John Furrier with John Troyer we'll be back with more live coverage after this short break