(gentle music) >> Hi everybody, this is Dave Vellante of TheCUBE. This is day two of Fal.Con 2022, CrowdStrike's big customer event. Over 2000 people here, a hundred sessions, a lot of deep security talk. Amol Kulkarni is here. He's the chief product and engineering officer at CrowdStrike, and we're going to get into it. Amol, thanks for coming to theCUBE. >> Great to be here. >> I enjoyed your keynote today. It was very informative. First of all, how's the show going for you? >> It's going fantastic. I mean, first and foremost, like to be having everyone here in person, after three years, that's just out the world, right? So great to meet and a lot of great conversations across the board with customers, partners. It's been fantastic. >> Yeah, so I want to start with Cloud Native, it's kind of your dogma. This whole, the new acronym is CNAP Cloud Native Application Protection Platform. >> Amol: That's right. >> There's a mouthful. What is that? How does it relate to what you guys are doing? >> Yeah, so CNAP is what Gartner has coined as the term for covering entire cloud security. And they have identified various components in it. The first and foremost is the runtime protection, cloud workload protection, as we call it. Second is posture management. That's CSBM cloud security posture management. Third is CIEM, which we announced today. And then the fourth is shift left, kind of Dev SecOps part of cloud security. And all together Gartner coins that as a solution or a suite, if you will, to cover various aspects of cloud security. >> Okay, so shift left and then shield right. You still got to shield right. Is that where network security comes in? Which is not your main focus, but okay. So now it explains... Gartner is an acronym. Now I get it. But the CIEM announcement cloud infrastructure entitlement management. So you're managing identities. Is that right? Explain that in more detail. >> So, yeah, so I mean, as in the on-premise world, but even more exacerbated in the crowd world you have lots and lots of identities, both human identities and service accounts that are accessing cloud services. And lot of the time the rigor is not there in terms of what permissions those identities are provisioned with. So are they over provisioned? Do they have lots of rights that they should not have? Are they able... Are services able to connect to resources that they should not be able to connect to all of that falls under the entitlement management, the identity entitlement management part. And that's where CIEM comes in. So what we said is, we have a great identity security story for on-premise, right? And now we are applying that to understand identities, the entitlements they have, secrets that are lying around, maybe leaked, or just, available for adversaries to exploit in the cloud security world. So taking all of that into account and giving you... Giving customers a snapshot view of one single view to say; these are the identities, these are their permissions, this is where you can trim them down because these are the dependencies that are present across services. And you see something that's not right from a dependency perspective, you can say, okay, this connection doesn't make sense. There's something malicious going on here. So there's a lot that you can do by having that scope of identities. Be very narrowed down. It's a first step in the zero trust journey for the cloud infrastructure. >> So I have to ask you when you now extend this conversation to the edge, and operations technology. Traditionally the infrastructure has been air gapped by, you know, brute force air gap. Don't worry about it. And maybe hasn't had to worry so much about the hygiene. So now as you... as the business drives and forces essentially digital connect... Digital transformation and connectivity >> Connectivity. Yeah. >> I mean, wow, that's a playground for the hackers. >> You absolutely nailed it. So most of these infrastructure was not designed with security in mind, unfortunately, right? As you said, most of it was air-gapped, disconnected. And now everything is getting to be connected because the updates are being pushed rapidly changes are happening. So, and that really, in some sense has changed the environment in which these devices are operating. The operational technology, industrial control. We had the colonial pipeline breach last year. And, that really opened people's eyes like, Hey, nation state adversaries are going to come after critical infrastructure. And that can... That is going to cause impact directly to the end end users, to the citizens. So we have to protect this infrastructure. And that's why we announced discover for IOT as a new module that looks at and understands all the IOT and industrial control systems assets. >> So that didn't require an architectural change though. Right? That was a capability that you introduced with partners. Right? Am I right about that? You don't have to re-architect anything. It's just... Your architecture fits perfectly into those scenarios. >> Absolutely, absolutely. Yeah, yeah, yeah. You actually... While the pace of change is there, architectural change is almost very difficult, because these are very large systems. They are built up over time. It take an industrial control system. The tracing speed is very different from a laptop. So yeah, you can't impose any architectural change. It has to be seamless from what the customers have. >> You were talking, I want to go back to CNAP. You were talking about the protecting the run time. You can do that with an agent. You had said agent... In your keynote. Agentless solutions don't give you runtime security protection. Can you double click on that and just elaborate? >> Yeah, absolutely. So what agentless solutions today are doing they're essentially tapping into APIs from AWS or Azure CloudTrail, for example and looking at misconfigurations. So that is indeed a challenge. So that is one part of the story, but that only gives you a partial view. Let's say that an attacker attacks and uses a existing credential. A legitimate credential to access one of the cloud services. And from there they escalate the privileges and then now start branching off the, the CSP, and the agentless-only solutions will not catch that. Right? So what you need is you, you need this agentless part but you have to couple that with; seeing the activity that's actually happening the living of the land attacks that cannot be caught by the CSP end-piece. So you need a combination of agentless and agent runtime to give that overall protection. >> What's the indicator of attack for a hacker that's living off the land, meaning using your own tools against you. >> That's right. So the indicators of attack are saying accessing services, for example, that are not normally accessed or escalating privileges. So you come in as a normal user, but then suddenly you have admin privileges because you have escalated those privileges, or you are moving laterally very rapidly from one place to another, or spraying across a lot of services in order to do reconnaissance and understand what is out there. So it's almost like looking for what is an abnormal attack path, abnormal behavior compared to what is normal and the good part is cloud. There's a lot that is normal, right? It's fairly constrained. It's not like a end user who is downloading stuff from the internet. And like doing all sorts of things. Cloud services are fairly constrained, so you can profile and you can figure out where there is a drift from the normal. And that's really the indicator of attack. In some sense, from cloud services >> In a previous life I want to change subjects. In a previous life. I spent a lot of time with CIOs. Helping them look at their application portfolio, understanding what to rationalize, what to get rid of, what to invest in, you know, bringing in new projects, cause you know, it's just you never throw a stuff away in IT. >> There is no obsolescence >> Right. So, but they wanted to... Anytime you go through these rationalization exercises change management is everything. And one of the hardest things to do was to map and understand the business impact of all the dependencies across the portfolio. Cause when application A needs this dataset. If you retire it, you're going to... It has ripple effects. And you talked about that in a security context today when you were talking about the asset graph and the threat graphs giving you the ability to understand those dependencies. Can you add some color to that? >> Absolutely. Absolutely. So what we've done with the asset graph; It's a fundamental piece of technology that we've been building now for some time that complements the thread graph. And the asset graph looks at: Assets, identities, applications, and configuration. All of those aspects. And the interconnections between them. So if a user is accessing an application on a server, all those, and in what role, all of that relationship is tied together in the asset graph. So what that does now is, it gives you an ability to say this application connects to this application. And that's the dependency on that port, for example. So you can now build up a dependency map and then the thread graph, what it does, it looks at the continuous activity that's happening. So if you now take the events that are coming into the thread graph and the graphical representation of those, combine it with the asset graph, you get that full dependency map. And now you can start doing that impact analysis that you talked about. Which is... It's an unsolved problem, right? And that's why security as I said in my keynote is most people do not have their security tools enabled to the highest level or they don't have full coverage just because the pace of change is so rapid. They cannot keep up with it. So we want to enable change management, at a rapid pace where businesses and customers can say; we are confident about the change management, about the change we are going to implement. Because we know what the potential impact would be. We can validate, test it in a smaller subset and then roll it out quickly. And that's the journey we are on. Sort of the theme of my talk was to make IT and security friends again. >> Right, you talked about that gap and bringing those two together. You also had a great quote in there; 'The pace of change and securities is insane.' And so this assets graph capability, dependencies and the threat graph, help you manage that accelerating pace of change. Before I forget, I want to ask you about your interview with Girls Who Code. What was that like? Who'd you interview? I unfortunately couldn't see it. I apologize. >> Yeah, fantastic. So, Reshma Saujani she heads Girls Who Code and she first off had a very very powerful talk just from her own own experiences. And essentially, like, what do we need to do to get more women into computer science first, but then within that, into cybersecurity. and what all have they done with Girls Who Code. So very, I mean, we were very touched at the audience was like super into her talk. And then I had a chance to chat with her for a few minutes, ask her a few questions. Just my view was more like, okay. What can we do together? What can CrowdStrike do in our position, in to attract more women? We've done a lot in terms of tailoring our job descriptions to make sure it's more... Remove the biases. Tuning the interview processes to be more welcoming and Reshma gave an example saying; 'Hey, many of these interviews, they start with a baseball discussion.' And I mean, some women may maybe interested in it but may not all maybe. And so is that the right? Is it a gender kind-of affirming or gender neutral kind-of discussion or do you want to have other topics? So a lot of that is about training the interviewers because most of the interviewers are men, unfortunately. That's the mix we have. And it was a great discussion. I mean, just like very practical. She's very much focused on increasing the number of people and increasing the pipeline which is honestly the biggest problem. Because if we have a lot of candidates we would definitely hire them and essentially improve the diversity. And we've done a great job with our intern program, for example, which has helped significantly improve the diversity on our workforce. >> And, but the gap keeps getting bigger in terms of unfulfilled jobs. That leads me to developers as a constituency. Because you guys are building the security cloud. You're on a mission to do that. And to me, if you have a security cloud, it's got to be programmable. You're going to have developers there. You don't... From what I can tell you have a specific developer platform, but it's organic. It's sort of happening out there. What's the strategy around, I mean, the developer today is so critical in terms of implementing a lot of security strategy and putting it into action. They've got to secure the run time. They got to worry about the APIs. They got to secure the PaaS. They got to secure the containers. Right, and so what's your developer strategy. >> Yeah, so within cloud security, enabling developers to implement DevSecOps as a as a philosophy, as a strategy, is critical. And so we, we have a lot of offerings there on the shift-left side, for example, you talked about securing containers. So we have container image assessment where we plug in into the container repositories to check for vulnerabilities and bad configuration in the container images. We then complement that with the runtime side where our agent can protect the container from runtime violations, from breakouts, for example. So it's a combination. It's a full spectrum, right? From the developer building an application, all the way to the end. Second I'd say is, we are a very much an API first company. So all of the things that you can do from a user interface perspective, you can do from APIs what is enable that is a bunch of partners a rich partner ecosystem that is building using those APIs. So the developers within our partners are leveraging those APIs to build very cool applications. And the manifestation of that is CrowdStrike store where essentially we have as Josh mentioned, in his ski-notes, we have a agent cloud architecture that is very rich. And we said, okay, why can't we open that up for partners to enable them to leverage that architecture for their scenarios? So we have a lot of applications that are built on the CrowdStrike store, leveraging our platform, right. Areas that we are not in, for example. >> And here, describe it. Is there a PaaS layer that's purpose-built for CrowdStrike so that developers can build applications? >> That's a great question. So I'll say that we have a beginnings of a PaaS layer. We definitely talked about CrowdStrike store as being passed for cybersecurity but there's a lot more to do. And we are in the process of building up an application platform so that customers can build the applications for their SOC workflow or IT workflow and and Falcon Fusion is a key part of that. So Falcon Fusion is our automation platform built right into the security cloud. And what that enables customers to do is to define... Encode their business process the way they want and leverage the platform the way they want. >> It seems like a logical next step. Because you're going to enable a consistent experience across the board. And fulfill your promise, your brand promise, and the capabilities that you bring. And this ecosystem will explode once you announce that. >> And that's the notion we talk about of being the sales force of security. >> Right, right. Yeah. That's the next step. Amol, thank you so much. I got to run and wrap. We really appreciate you coming on theCUBE. >> Thank you very much. >> Congratulations on your keynote and all the success and great event. >> Appreciate it. Thank you very much for the time and great chatting with you. >> You're very welcome. All right, keep it right there. We'll be back very shortly to wrap up from Fal.Con 2022. This is Dave Vellante for theCUBE. (soft electronic music)

>> Welcome back to Supercloud22, #Supercloud22. This is Dave Vellante. In 2019 Oracle and Microsoft announced a collaboration to bring interoperability between OCI, Oracle Cloud Infrastructure and Azure Clouds. It was Oracle's initial foray into so-called multi-cloud and we're joined by Karan Batta, who's the Vice President for Product Management at OCI. And Kris Rice is the Vice President of Software Development at Oracle Database. And we're going to talk about how this technology's evolving and whether it fits our view of what we call supercloud. Welcome gentlemen, thank you. >> Thanks for having us. >> So you recently just last month announced the new service. It extends on the initial partnership with Microsoft Oracle interconnect with Azure, and you refer to this as a secure private link between the two clouds, it cross 11 regions around the world, under two milliseconds data transmission sounds pretty cool. It enables customers to run Microsoft applications against data stored in Oracle databases without any loss in efficiency or presumably performance. So we use this term supercloud to describe a service or sets of services built on hyper scale infrastructure that leverages the core primitives and APIs of an individual cloud platform, but abstracts that underlying complexity to create a continuous experience across more than one cloud. Is that what you've done? >> Absolutely. I think it starts at the top layer in terms of just making things very simple for the customer, right. I think at the end of the day we want to enable true workloads running across two different clouds where you're potentially running maybe the app layer in one and the database layer or the back in another. And the integration I think starts with, you know, making it ease of use. Right. So you can start with things like, okay can you log into your second or your third cloud with the first cloud provider's credentials? Can you make calls against another cloud using another cloud's APIs? Can you peer the networks together? Can you make it seamless? I think those are all the components that are sort of, they're kind of the ingredients to making a multi-cloud or supercloud experience successful. >> Oh, thank you for that, Karan. So I guess there's a question for Chris is I'm trying to understand what you're really solving for? What specific customer problems are you focused on? What's the service optimized for presumably it's database but maybe you could double click on that. >> Sure. So, I mean, of course it's database. So it's a super fast network so that we can split the workload across two different clouds leveraging the best from both, but above the networking, what we had to do do is we had to think about what a true multi-cloud or what you're calling supercloud experience would be it's more than just making the network bites flow. So what we did is we took a look as Karan hinted at right, is where is my identity? Where is my observability? How do I connect these things across how it feels native to that other cloud? >> So what kind of engineering do you have to do to make that work? It's not just plugging stuff together. Maybe you could explain a little bit more detail, the the resources that you had to bring to bear and the technology behind the architecture. >> Sure. I think, it starts with actually, what our goal was, right? Our goal was to actually provide customers with a fully managed experience. What that means is we had to basically create a brand new service. So, we have obviously an Azure like portal and an experience that allows customers to do this but under the covers, we actually have a fully managed service that manages the networking layer, the physical infrastructure, and it actually calls APIs on both sides of the fence. It actually manages your Azure resources, creates them but it also interacts with OCI at the same time. And under the covers this service actually takes Azure primitives as inputs. And then it sort of like essentially translates them to OCI action. So, we actually truly integrated this as a service that's essentially built as a PaaS layer on top of these two clouds. >> So, the customer doesn't really care or know maybe they know cuz they might be coming through, an Azure experience, but you can run work on either Azure and or OCI. And it's a common experience across those clouds. Is that correct? >> That's correct. So like you said, the customer does know that they know there is a relationship with both clouds but thanks to all the things we built there's this thing we invented we created called a multi-cloud control plane. This control plane does operate against both clouds at the same time to make it as seamless as possible so that maybe they don't notice, you know, the power of the interconnect is extremely fast networking, as fast as what we could see inside a single cloud. If you think about how big a data center might be from edge to edge in that cloud, going across the interconnect makes it so that that workload is not important that it's spanning two clouds anymore. >> So you say extremely fast networking. I remember I used to, I wrote a piece a long time ago. Larry Ellison loves InfiniBand. I presume we've moved on from them, but maybe not. What is that interconnect? >> Yeah, so it's funny you mentioned interconnect you know, my previous history comes from Edge PC where we actually inside OCI today, we've moved from Infinite Band as is part of Exadata's core to what we call Rocky V two. So that's just another RDMA network. We actually use it very successfully, not just for Exadata but we use it for our standard computers that we provide to high performance computing customers. >> And the multi-cloud control plane runs. Where does that live? Does it live on OCI? Does it live on Azure? Yes? >> So it does it lives on our side. Our side of the house as part of our Oracle OCI control plane. And it is the veneer that makes these two clouds possible so that we can wire them together. So it knows how to take those Azure primitives and the OCI primitives and wire them at the appropriate levels together. >> Now I want to talk about this PaaS layer. Part of supercloud, we said to actually make it work you're going to have to have a super PaaS. I know we're taking this this term a little far but it's still it's instructive in that, what we surmised was you're probably not going to just use off the shelf, plain old vanilla PaaS, you're actually going to have a purpose built PaaS to solve for the specific problem. So as an example, if you're solving for ultra low latency, which I think you're doing, you're probably no offense to my friends at Red Hat but you're probably not going to develop this on OpenShift, but tell us about that PaaS layer or what we call the super PaaS layer. >> Go ahead, Chris. >> Well, so you're right. We weren't going to build it out on OpenShift. So we have Oracle OCI, you know, the standard is Terraform. So the back end of everything we do is based around Terraform. Today, what we've done is we built that control plane and it will be API drivable, it'll be drivable from the UI and it will let people operate and create primitives across both sides. So you can, you mentioned developers, developers love automation, right, because it makes our lives easy. We will be able to automate a multi-cloud workload from ground up config is code these days. So we can config an entire multi-cloud experience from one place. >> So, double click Chris on that developer experience. What is that like? They're using the same tool set irrespective of, which cloud we're running on is, and it's specific to this service or is it more generic, across other Oracle services? >> There's two parts to that. So one is the, we've only onboarded a portion. So the database portfolio and other services will be coming into this multi-cloud. For the majority of Oracle cloud, the automation, the config layer is based on Terraform. So using Terraform, anyone can configure everything from a mid-tier to an Exadata, all the way soup to nuts from smallest thing possible to the largest. What we've not done yet is integrated truly with the Azure API, from command line drivable. That is coming in the future. It is on the roadmap, it is coming. Then they could get into one tool but right now they would have half their automation for the multi-cloud config on the Azure tool set and half on the OCI tool set. >> But we're not crazy saying from a roadmap standpoint that will provide some benefit to developers and is a reasonable direction for the industry generally but Oracle and Microsoft specifically. >> Absolutely. I'm a developer at heart. And so one of the things we want to make sure is that developers' lives are as easy as possible. >> And is there a metadata management layer or intelligence that you've built in to optimize for performance or low latency or cost across the respective clouds? >> Yeah, definitely. I think, latency's going to be an important factor. The service that we've initially built isn't going to serve, the sort of the tens of microseconds but most applications that are sort of in, running on top of the enterprise applications that are running on top of the database are in the several millisecond range. And we've actually done a lot of work on the networking pairing side to make sure that when we launch these resources across the two clouds we actually picked the right trial site. We picked the right region we pick the right availability zone or domain. So we actually do the due diligence under the cover so the customer doesn't have to do the trial and error and try to find the right latency range. And this is actually one of the big reasons why we only launch the service on the interconnect regions. Even though we have close to, I think close to 40 regions at this point in OCI, this service is only built for the regions that we have an interconnect relationship with Microsoft. >> Okay, so you started with Microsoft in 2019. You're going deeper now in that relationship, is there any reason that you couldn't, I mean technically what would you have to do to go to other clouds? You talked about understanding the primitives and leveraging the primitives of Azure. Presumably if you wanted to do this with AWS or Google or Alibaba, you would have to do similar engineering work, is that correct? Or does what you've developed just kind of poured over to any cloud? >> Yeah, that's absolutely correct Dave. I think Chris talked a lot about the multi-cloud control plane, right? That's essentially the control plane that goes and does stuff on other clouds. We would have to essentially go and build that level of integration into the other clouds. And I think, as we get more popularity and as more products come online through these services I think we'll listen to what customers want. Whether it's, maybe it's the other way around too, Dave maybe it's the fact that they want to use Oracle cloud but they want to use other complimentary services within Oracle cloud. So I think it can go both ways. I think, the market and the customer base will dictate that. >> Yeah. So if I understand that correctly, somebody from another cloud Google cloud could say, Hey we actually want to run this service on OCI cuz we want to expand our market. And if TK gets together with his old friends and figures that out but then we're just, hypothesizing here. But, like you said, it can go both ways. And then, and I have another question related to that. So, multi clouds. Okay, great. Supercloud. How about the Edge? Do you ever see a day where that becomes part of the equation? Certainly the near Edge would, you know, a Home Depot or Lowe's store or a bank, but what about the far Edge, the tiny Edge. Can you talk about the Edge and where that fits in your vision? >> Yeah, absolutely. I think Edge is a interestingly, it's getting fuzzier and fuzzier day by day. I think, the term. Obviously every cloud has their own sort of philosophy in what Edge is, right. We have our own. It starts from, if you do want to do far Edge, we have devices like red devices, which is our ruggedized servers that talk back to our control plane in OCI. You could deploy those things unlike, into war zones and things like that underground. But then we also have things like clouded customer where customers can actually deploy components of our infrastructure like compute or Exadata into a facility where they only need that certain capability. And then a few years ago we launched, what's now called Dedicated Region. And that actually is a different take on Edge in some sense where you get the entire capability of our public commercial region, but within your facility. So imagine if a customer was to essentially point a finger on a commercial map and say, Hey, look, that region is just mine. Essentially that's the capability that we're providing to our customers, where if you have a white space if you have a facility, if you're exiting out of your data center space, you could essentially place an OCI region within your confines behind your firewall. And then you could interconnect that to a cloud provider if you wanted to, and get the same multi-cloud capability that you get in a commercial region. So we have all the spectrums of possibilities here. >> Guys, super interesting discussion. It's very clear to us that the next 10 years of cloud ain't going to be like the last 10. There's a whole new layer. Developing, data is a big key to that. We see industries getting involved. We obviously didn't get into the Oracle Cerner acquisitions. It's a little too early for that but we've actually predicted that companies like Cerner and you're seeing it with Goldman Sachs and Capital One they're actually building services on the cloud. So this is a really exciting new area and really appreciate you guys coming on the Supercloud22 event and sharing your insights. Thanks for your time. >> Thanks for having us. >> Okay. Keep it right there. #Supercloud22. We'll be right back with more great content right after this short break. (lighthearted marimba music)

(upbeat music) >> Narrator: From around the globe, it's the cube with digital coverage of AWS re:invent 2020, sponsored by Intel, AWS, and our community partners. >> Hey, welcome back, everybody. Jeff Frick here with the cube. Welcome back to our ongoing coverage of AWS re:invent 2020. It's virtual this year, just like everything is virtual this year. But it's still the biggest event in cloud, and we're excited to be back. I'd like to welcome in our next guest, he is Erez Yarkoni, head of cloud and telco technologies for checkpoint software technologies. There it is great to see you. >> Nice to see you, Jeff. Thank you for hosting me this morning. >> Absolutely, so let's jump into it. You've been in the cloud space. For a while I saw a great interview with you, I think like four or five years ago, when I was doing some research, and you're talking about, all the great innovation that's coming from cloud. That was years and years ago. Now, suddenly, we had COVID arrived. And I'm sure you've seen all the social media means who's driving your digital transformation, the CEO, the CMO, or COVID. And we don't know what the answer is. So first off, I'd just love to get your perspective, you've been in this a long time now that we're here in 2020, both in terms of the development of the cloud and the adoption of the cloud, as well as this accelerant that came into our lives in March. >> Hey Jeff, You know I have been lucky that I got to participate in this kind of innovation cycle of IT and technology. Earlier, I was a CIO for an organization, large organization, and we were adopting cloud. At the same time, as an organization, we were selling technologies and networks to our customers, and they were asking to adopt cloud and so on. And these are probably some of the early interviews we looked at. So I got lucky that I had to look at my own organization and understand where cloud is beneficial. And obviously, now I work with cybersecurity and secure in the cloud. So it's all come together. I think that as as cloud technologies came in, it really came in to help many of us address the fundamental need to come to market with business capabilities and functionality faster. For those of us in technology, you know we were probably always the bottleneck of our business counterparts that said. Well, if you could only do this for me, I could grow the business, I could change your business, I can go to other places, I can incrementally bring more customers, revenues, and so on. The cloud platforms have done a tremendous job allowing developers and operators have technology to change the speed in which they service their businesses. But with speed comes security. And I think the cloud platforms disneynow. Specifically, here platforms like AWS build security into into the cloud as well. But there's other needs in it and the pandemic or COVID. All it did is it shifted some of these motions into another gear and then it created some new business needs that can only be service that digital mean, you are now having a collaboration session over a digital channel where otherwise would be probably sitting in the same studio. So definitely collaboration has changed. Commerce have changed, especially for some organizations that never planned to do commerce over digital channels, small businesses and so on. Just think about the food delivery industry and how many new customers have now sole, restaurants that have now signed up for food delivery services that must have exploded. These continuous changes brought continuous needs to address security as well. AWS is allowing people to build some amazing applications. I watched the commercials when I watch football on Sunday. Right? So peloton and zoom in education and many other things. And yeah, so when people build those amazing applications, the next thing they need to do is make sure that the zoom session is secure. And nobody's crashing in if you have a bunch of kids doing zoom for school. >> Erez you talked on so many topics on that. So let's break a few of them down. First off, I just, you know thank goodness for cloud, right? >> Yeah >> If this pandemic had hit 10 years ago, 15 years ago, we would not have been able those of us in the IT industry to shift so easily to cloud based or excuse me to working from home or working from anywhere because of the cloud based applications huge enabler. But it's funny now once on what you just talked about, did you talk about cost savings? And I still find there's a lot of people that are looking at cloud as a way to save costs. You been in it for a while, and you know the truth is all about agility and speed of business, speed of adoption, speed of innovation. You said it in every single one of your answers. But it still seems to be a lag for a lot of people now with with COVID, and, you know securing people work from home, one of the big issues go back to security is increasing attack surface. And we know the increasing sophistication of the bad guys. Now, I'm hearing from some people that they're actually using old techniques that they used to use back in the day because they know people are at home, and maybe things are as locked down. You talk about security needs to bake be baked in all long the way we're using all these, more and more cloud based apps. How do people think about the security perspective? How do you bake it into everything that you do? And how do you respond to the increased attack surfaces that have now suddenly opened up to look like for probably a little while not just going back to the old way, anytime soon? >> Yeah, so you know, you you touched on that, you said that you hear about people using old secure the old attack methods or vectors or so on, coming back, because people are now at home and no longer behind a very secure environment in their office or in the data center, people had to maybe move things that they never thought they would call center operations. That was by definition, you showed up to the call center for certain organizations and moved it out. And they may have not been ready to move those applications so on, so they had to address the security of it. I think that's exactly it, which is now some of the reaction we had to have for just staying in business. We used kind of very older, or, we increased what we know about security about remote access by increasing VPN capacity for the organization or, or those type of methodologies. Now people are looking at what happened to our topology to our architecture, where are people and machines coming in to execute their work over the network? Where are the applications residing? What have we moved to the cloud because we had to know flex for capacity and speed and maybe localize and move it into regions and so on. I don't think it was about cost saving, as you think it was about business agility, especially in this phase. I actually think that at the end of the day, the big benefit from cloud is business agility. Cost has to come with it, we cannot sacrifice costs and everything we do. And we look at overall how we use cloud technologies and other technologies and make sure that the cost fits into what our business demands from a cost structure but it is about business agility. Now, it's also about security agility. So people are building, you know methods and capabilities to match the business agility with security and security was, at least for me, for instance, as as a CIO, security was a bottleneck. So when business demanded the Agile development, you know iterations, sprints, deliver functionality in weeks, and, you know keep pouring it into the environment. One of the inhibitors was security, right, we weren't ready for it, we weren't ready to release it. So we had to find a way to adopt it. And then came in companies like AWS, saying, we built some of that security built into the platform. And companies like checkpoint saying we have cloud security that moves at cloud speed and allows you to integrate into your CICD, environmental or, or processes and allows you to match the speed of the business with the speed of security. >> Yeah, that's great. I mean, again, I agree with you, 100%, it's all about agility, and speed of business. And being able to move faster just always surprises me how people how many people are still kind of stuck on the cost saving piece. And then the other thing, of course, which you're super aware of, if you've ever been to one of kind of the technical keynotes at AWS re:invent the amount of investment that they can make an infrastructure including security, in just, just completely over overshadows anything in an individual company can invest just in terms of the resources and then somebody like you guys can leverage on top of not only using the the massive Amazon, kind of core investments in security at the infrastructure layer, but then all the stuff that you guys can do in terms of securing the enterprise and helping make sure that the right people have access to the right information at the right time, but not a lot more than that. I wonder if you can talk about a new kind of zero trust in some of the evolution within security in terms of the posturing, and how you kind of make assumptions, as we said, it's no longer like a wall anymore, it's no longer talking about having these physical borders, or even logical borders, but it's really about access and breaking down access even to the person in the application and the data etc. >> Yeah, I think you asked specifically about zero trust, and I think that we want to move, maybe want to keep that the the theme here around the application security, I'll get to zero trust at the end. You know, so one of the things that that definitely is thematic, or what we see happening is, in the evolution in the maturity curve of adopting the cloud, the initial adoption was, maybe some lift shift from organizations and the IaaS layer was a big player. But the PaaS layers of the cloud are where all the interesting things happen, where all the exciting services, all the innovation coming from organizations like AWS, all the enablers for a business agility, and capabilities are coming from there. And when you start developing your applications for that PaaS layer, we start leveraging the services, the type of security changes, so you're no longer looking at network security, or maybe northeast, east west, north south, east west type of security on your network, you're now looking at security API's and securing the backplane of the cloud, from those services that they give you, you know you get to encrypt your buckets, you got to make sure your security groups are correct, you want to make sure your serverless functions are not executing anything malicious in them or, or talking to IP addresses, they shouldn't be. Same with your container, you want to make sure that your container code is scanned properly, you didn't download anything in there that's malicious. And obviously, have runtime security, both to make sure you're compliant from a posture perspective, you make compliance may require you to be PCI compliant one of those. So the elevation in which you execute to security changed from the from the stack from a kind of a traditional stack, requires different capabilities and between what AWS has built into the platform and what checkpoint puts together in cloud guard. This is big, the big target, then we get into, okay, so how do you access all these great things that we just built? Right? So we built these, this great application? It's sitting on AWS, it's using some of the great services there. How do you how do you get to it? Who gets to it? How do you get to it? This is where some of these, sassy and zero trusts come in. Because what happened is, you used to come into a lot of enterprise applications from the data center, then we moved some web apps, and you came over the web into the application. So we have some web firewalls and security for that. Now you're getting into every application from the edge of the network, because we are all at home, or we are we used to be traveling but a lot more of us are now at home coming over the edge of the network, we're adding IoT devices coming on via generic and so on, there's a lot more volume coming at you. And you get to find different ways than just VPN authentication of the traffic into so we are coming into the age of having to identify who's coming at the application at the capability at any given time. And that's where you come into the framework of zero trust, I, every time you come in, I'm going to authenticate that is you. And there's different methodologies in there. For instance, one of the things that we just added to our portfolio is the ability to put an agent, let's say in your around your AWS application, and allow remote access with no VPN to your enterprise app aah to an acquisition company we call odo without having to put a VPN so the administrator defines what applications are connected to the connector. They define who's the users that are allowed and authenticate them based on the authentication framework, let's say Octo, something like that, and allows them to come in and that that those are the type of capabilities you need in these new frameworks. So, how do you get to these great applications we're building? >> Right, right. And you touched on something really interesting, right, which is, which is the complexity is only going up? As you mentioned edge you mentioned a little bit of IoT, right, so as 5G comes on board, as IoT gets increasing amounts of traction. All these applications are API based there's all types of information flying back and forth, so I wonder if you can share kind of your guys thoughts on, applied machine learning and artificial intelligence to help, you know kind of get through all the all the signal or excuse me all the noise, find the signal, and really, you know bring more automation to help the security experts in the security systems be more effective at their jobs. >> Yeah, so I think a lot of what we talked about, until now was protecting establishing a new perimeter, there's not really a perimeter, right because we talked about the perimeter has grown and it's fuzzy and it's at scale that really doesn't allow you to say I have it for an undersea up to authentic everybody. But like you said, with that speed, and scale, came a lot of data, you got a lot of logs running in there, you're like got a lot of events, you got a lot of things that you can look into. And by looking into them, you can start with machine learning and those type of AI methodologies start looking both to identify things before they happen, or inform organizations and inform about things that are already happened and they're in and potentially remediate them. At checkpoint, for instance, we have something called the threat, the threat cloud, we collect these events from every gateway, every appliance, every virtual appliance, every type of security agent that we have around the world, into the flex cloud that processes and I'm going to throw a number there, that's the closer about 80 billion a day transactions. >> 80 billion with B >> Yeah, and that allows us to, to process to apply machine learning and AI algorithms to find threat, and then inform all these great checkpoint security agents out there of new threats and prevent those threats from ever happening in the in the environment. Right? If you're operating on a on an AWS environment, there's a lot of blood flows happening in your environment, there's a lot of things to collect and look at, right. So in cloud guard, we offer something called logic log.ic, which allows you to harvest those logs, we enrich them and then we allow threat hunting inside those environment, right. So those types of capabilities are definitely kind of the future of advanced security, right. So beyond just establishing, it's like, you establish your security around what you do. And then you have your intelligence unit starting to identify what signals are out there allowing you to both prevent security breaches or any type of threats, but also remediate anything, any, you find the traces of things that happened and remediate them. >> Right, right. Well, there is that's, that's a great illustration of, kind of baking security into the multiple steps of the process and all the steps of the process. That's not just a bolt on anymore. It's got to be, part of everything you do and baked into everything you do. I still, I still wonder how certain companies that that are run by having people click on links that they're not familiar with still happen today. But I guess, I guess they still do. So as I give you the final word, again, you've been in this space for a long time, as we kind of turned to turn the page on 2020. What are some of your priorities we are you excited about for 2021? >> I think the most exciting things for us in cloud security in 2021 is we're releasing more capabilities into into the environment, we're in the maturity curve, of protecting, your network in the cloud, and then protecting your posture in the cloud. We're moving very strongly into predicting your runtime and applications in the cloud, your API's, and working with organizations through that maturity curve and getting them up to all the way up to threat hunting capabilities. And I think that'll be exciting because I hear from customers that they need to move quickly through that maturity curve of cloud security as they have accelerated and continue there to accelerate their move to the cloud. >> Well, that's great. Well, I think, no shortage of job security in the cloud security space. So I'm sure it will be a busy year. Well, it was thanks for sharing your insight. Really appreciate the time and it was great catching up. >> Thank you, Jeff, for your time today. And it was great talking to you. >> Absolutely. All right. Well, he's Erez I'm Jeff. You're watching the cubes, continuous coverage of AWS re:invent 2020 Thanks for watching. I'll see you next time. (upbeat music)

(upbeat music) >> Hey welcome back to VMWorld 2013. This is theCUBE, flagship program. We go out to the events to extract the signal from the noise. I'm John Furrier, the founder of SiliconANGLE. I'm joined with David Vilante, my co-host from Wikibon.org and we're kicking off today with an awesome interview. CEO of VMWare, Pat Gelsinger, CUBE Alumni. Been on the theCUBE with Dave and I multiple times. So many times. You are in like the leaderboards. So in terms of overall guest frequency, you've been up there, but also you're also the top dog at VMWare and great to see you again. How are you feeling? >> Thank you, thank you. Good morning, guys. >> Pleasure. >> Good to see you. >> So what's new? I mean obviously you're running the show here. You're running around. Last night you were at the NetApp event. You ran through CIO, R&D. You got to go out and touch all the bases out here. >> Yeah, yeah. >> What does that look like? What have you done and obviously, you did, the key note was awesome. What else is going on? >> You know, everything, you know, VMWorld is just, it's just overwhelming, right? I mean 23,000 people almost. I mean you know the amount of activities around that and it really has become the infrastructure event for the industry and you know, if you're anything related to infrastructure, right, what's going on, right in the enterprise side of IT, you got to be here, right? And there's parties everywhere. Every vendor has their events. Every you know, different particular technology area, a bunch of the things that we're doing, and of course to me, it's just delightful that I can go touch as many people and you know, they get excited to see the CEO. I have no idea why, but hey I get to show up. It's good. >> You've been in the industry for a long time. Obviously you've seen all the movies before and we've talked about the seas of change in the EMC world when you were there, but we had two guests on yesterday that were notable. Steve Herrod who's now a venture capitalist at Generalcatalyst and Jerry Chen who's a VC at Graylock, and we have a 10-year run here at VMWare which is esteemed by convention, but the first five years were a lot different than the last five years, and certainly, the last year you were at the helm. So what's changed in the past 24 months? A lot of stuff has certainly evolved, right? So the Nicira acquisition certainly changed up, changed everything, right? You saw software-defined data center now come into focus this year, but really, just about less than 24 months, a massive kind of change. What, how do you view all that? How do you talk to your employees and the customers about that change? >> Well you know, as we think about the software-defined data center vision, right, it is a broad comprehensive powerful vision for rearchitecting how the data center is operated, how customers take advantage of it. You know and the results and the agility and efficiency that comes from that. And obviously the Nicira acquisition is sort of the shot heard 'round the world as the really, "Okay, these guys are really serious "about making that happen." And it changes every aspect of the data center in that regard. You know and this year's VMWorld is really, I'll say, putting the beef on the bones, right? We talked about the vision, we talked about each of the four legs of it: compute, networking, storage and management of automation. So this year it's really putting the beef on the bones and the NSX announcement, putting substance behind it. The vSAN announcement, putting substance behind it. The continuing progress of management and automation. And I think everything that we've seen here in the customer conversations, the ecosystem of partner conversations are SDDC is real. Now get started. >> Can you, I think you've had some fundamental assumptions in that scenario, particularly around x86 in the service business. Essentially if I understand it, you've said that x86 will dominate that space. You're expecting status quo in the sense that it will continue to go in the cadence of you know, cores and Moore's Law curve even though we know that's changing. But that essentially will stay as is and it's the other parts, the networking and the storage piece that you're really, where you define conventions. Is that right? >> Yeah certainly we expect a continuing momentum by the x86 by Intel in that space, but as you go think about software-defined everything in the data center really is taking the power of that same core engine and applying it to these other areas because when we say software-defined networking, right, you need a very high packet flow capability and that's running a software on x86. We need to talk about data services running in software, right? You need high performance. It's snapshots, file systems, etc. running on software, no longer bound to you know physical array. So it really is taking that same power, that same formula right, and applying it to the rest of the elements of the data center and yeah, we're betting big right, that that engine will continue and that we'll be successful in being able to deliver that value in this software layer running on that core powerful Silicon engine. >> So Pat, so obviously when you came on board, the first thing you did was say, "Hey, the pricing. "I want to change some things." Hyper-Visor's always been kind of this debate. Everyone always debates about what to do with Hyper-Visor. But still, virtualization's still the enabling technology so you know, you kind of had this point where the ball's moving down the field and all of a sudden, in 2012, it changed significantly, and that was a lot in part with your vision with infrastructure. As infrastructure gets commoditized, what is going to change in the IT infrastructure and for service providers, and the value chains that's going to be disrupted? Obviously economics are changing. What specifically is virtualization going to do next with software defined that's going to be enabling that technology? >> Yeah, you know and I, you know, we're not out to commoditize. We're out to enable innovation. We're out to enable agility, right, and then the course of that, it changes what you expect and what the underlying hardware does. But you know, it's enabling that ecosystem of innovation is what we're about and customers to get value from that and as you go look at these new areas, "Hey, you know, we're changing how you do networking." Right, all of a sudden, we're going to create a virtual network overlay that has all of these services associated with it that are proficient just like VMs in seconds. We're creating a new layer of how storage is going to be enabled. You know, this policy-driven capability. Taking those capabilities that before were tightly bound to hardware, delivering it through the software layer, enabling this new magnificent level of automation and yesterday's demo with Carl. I mean Carl does a great CTO impersonation, doesn't he? And he's getting some celebrity action. He's like, "I got the bottle." >> Oh yeah. >> Steve Herrod gave him a thumbs up too. >> Yes, yeah Steve gave him a good job. But you know, so all of those pieces coming together, right, is you know, really, and you know, just the customer and the ecosystem response here at the show has been, "Oh, you know, right, "SDDC, it's not some crazy thing out there in the future. "This is something I can start realizing value for now." >> Well it's coming into focus. It's not 100% clear for a lot of the customers because they're still getting into the cloud and the hybrid cloud, I call it the halfway house to kind of a fully evolved IT environment, but you know. How do you define? >> No it is the endgame. Hyper cloud is not a halfway house. What are you talking about? What are you talking about? >> To to full all-utility computing. That is ultimately what we're saying. >> Halfway house? >> I don't mean it that way. (group laughs) >> Help me. >> Okay next question. >> (chuckles) When you're in a hole, stop digging, buddy. >> So how do you define the total adjusted mark at 50 billion that Carl talked about? >> Yeah you know, as we looked at that, we said across the three things, right that we said, software-defined data center, 28 billion dollars; hyper cloud, 14 billion; eight billion for the end-user computing; that's just 50 billion opportunity. But even there, I think that dramatically understates the market opportunity. IT overall is $1.7 trillion, right? The communications, the services, outsourcing, etc. And actually the piece that we're talking about is really the underpinnings for a much larger set of impact in the part of what applications are going to be developed, how services are delivered, how consumers and businesses are able to take advantage of IT. So yes, that's the $50 billion. We'll give you the math, we'll show you all the details of Gartner's and IDC's to support it. But to us, the vision and the impact that we're out for is far more dramatic than that would even imply. >> Well that's good news because we said to Carl, "It's good that your market cap is bigger than--" (Pat laughs) >> Oh yeah your TAM is bigger than your market cap. Well okay now we-- >> Yeah, that's nice, yeah. Yeah, we're out to fix the market cap. >> Yeah he said, "Now we got to get the 50 billion. So I'm glad to hear there's upside to the TAM. But I wanted to ask you about the ecosystem conversation. When you talk about getting things like you know, software defined network and software defined source, what's the discourse like in ecosystem? For guys like, let's take the storage side. EMC, NetApp last night, they say, "Hey you know, software defined storage. "We really like that, but we want to be in that business." so what, talk about that discussion. >> Yeah, clearly every piece of software defined, whether it's software defined storage, software defined data services, software defined security services or networking, every piece of that has ecosystem implications along the way. But if you go talk to a NetApp or a EMC, they'd say, "You're an appliance vendor." And they would quickly respond and say, "No, our value's in software, "and we happen to deliver it as an appliance." And we'd say, "Great, let's start delivering "the software value as a software appliance "through virtualization and through the software delivery "mechanisms that we're talking about for this new platform." Now each one of them has to adjust their product strategies, their, you know, business strategies to enable those software components, right, independent of their hardware elements for full execution and embodiment into the software-defined data center feature. But for the most part, every one of them is saying, "Yes, now how do we figure out how to get there, "and how do we decompose our value, embody it it in new ways "and how can we enable that in "this new software-defined data center vision?" >> And they've always done that with software companies. I mean certainly Microsoft and Oracle have always grabbed a piece of the storage stack and put it into their own, but it's been very narrow, within their own spaces, and of course, VMWare is running any application anywhere. So it's more of a general purpose platform. >> Absolutely. >> Is it a tricker fit for the ecosystem to figure out where that white space is? >> Absolutely. Every one of them has to figure out their strategy. If you're F5, you know, I was with John McAdam this morning. "Okay, how do I take my value?" And you would very quickly say, "Hey, our value's in software. "We deliver it as mostly as appliances, "but how do we shift, you know, your checkpoint?" Okay, you know, they're already, right, you know, our largest software value or Riverbed, you know, the various software vendors and security as well. Each one of them are having to rethink their strategies and the context of software define. Our customers are saying, "Wow, this is powerful. "The agility and the benefits that I get from it, "they're driving them to go there." >> So what's the key to giving them confidence? Is it transparency? You're sharing roadmaps during integration? >> Yes, yes, yes. >> Anything else? Am I missing anything there? >> You know, also how we work with them and go to market as well. You know, they're expecting from us that, okay, "you know, if this is one of our accounts, "come in and work with us on those accounts as well." So we do have to be transparent. We have to the APIs and enable them to do integration. We have to work with them in terms of enabling their innovation and the context of this platform that we're building. But as we work along the way, we're getting good responses to that. >> Pat, how do you look at the application market? Now with end-user computing, you guys are picking that up. You got Sanjay Poonen coming in and obviously mobile and cloud, we talked about this before on theCUBE, but core IT has always been enabling kind of the infrastructure and then you get what you get from what you have in IT. Now the shift is, application is coming from outside IT. Business units and outside from partners, whether they're resellers. How do you view that tsunami of apps coming in that need infrastructure on demand or horizontally scalable at will? >> Yeah so first point is, yes, right, we do see that, you know, as infrastructure becomes more agile and more self provisioned, right, more aligned to the requirements of applications, we do see that it becomes a tsunami of new applications. We're also working very hard to enable IT to be the friend of the line of business. No longer seen as a barrier, but really seen as a friend, partner enabler of what they're trying to do because many of the, you know, line of businesses have been finding way. You know, how do I get around the slow-moving IT? Well we want to make IT fast-moving and enabling to meet their security, governance, SLA requirements while they're also enabling these powerful new applications to emerge and that to us is what infrastructure is all about for the future is enabling, you know, businesses to move at the speed of business and not have infrastructure being a limiter and as we're doing things, you know, like the big data announcements that we did, enabling infrastructure that's more agility, you see us do more things in the AppDev area over time, and enabling the management tools to integrate more effectively to those environments. Self-service portals that are enabling that and obviously with guys like Sanjay in our mobile initiative, yeah that's a big step up. Don't you like Sanjay? He's a great addition to the team. >> Yeah Sanjay's awesome. He's been great and he has done a lot on the mobile side. Obviously that is something that the end users want. >> That's an interesting way that I put him into that business group first. (group chuckles) >> Well on the Flash side, so under the hood, right? So we look under the hood. You got big data on the dashboard. Everyone's driving this car to the new future of IT. Under the hood, you got Flash. That's changing storage a bit and certainly reconfiguring what a DaaS is and NaaS and SaaS and obviously you talked about vSAN in your key note. What is happening, in your vision, with compute? I mean obviously as you have more and more apps hitting IT, coming in outside core IT but having to be managed by core IT, does that change the computing paradigm? Does it make it more distributed, more software? I mean how do you look at that 'cause that's changing the configuration of say the compute architecture. >> Sure and I mean a couple of things, if you think about the show here that we've done, two of them in particular in this space, one is vSAN, right? A vSAN is creating converged infrastructure that includes storage. Why do you do that? Well now you have storage, you know, apps are about data, right? Apps need data to operate on so now we've created an integrated storage tier that essentially presents an integrated application environment in converged infrastructure. That changes the game. We talked about the Hadoop extension. It changes how you think about these big data applications. Also the Cloud Foundry announcement. Right on/off premise of PaaS layer to uniquely enable applications and as they've done that on the PaaS layer, boy, you don't have to think about the infrastructure requirements to deploy that on or off premise or increasingly as I forecast for the future, hybrid applications, born in the hybrid, not born in the cloud, but born in the hybrid cloud applications that truly put the stuff that belongs on premise on premise, puts the stuff that belongs on the cloud in the cloud, right and enables them to fundamentally work together in a secure operational manner. >> So the apps are dictating through the infrastructure basically on demand resources, and essentially combine all that. >> Absolutely. Right. The infrastructure says, "Here's the services "that I have already, right, in catalogs "that you can immediately take advantage of, "and if this, you fit inside "of these catalogs, you're done." It's self-provisions from that point on and we've automated the operations and everything to go against that. >> So that concept of "born in the hybrid" is a good one. So obviously that's your sweet spot. You're going from a position. >> Yeah and this stupid halfway house hybrid comment. I mean I've never heard something so idiotic before. >> One person, yeah. (group chuckles) >> I don't know, it was probably an Andreessen comment or something, I don't know. (group chuckles) >> He's done good for himself, Marc Andreessen. >> Google and Amazon are obviously going to have a harder time with that, you know, born in the hybrid. What about Microsoft? They got a good shot at born in the hybrid, don't they? >> Yeah, you know and I think I've said the four companies that I think have a real shot to be you know, very large significant players for public cloud infrastructure services. You know, clearly Amazon, you know Google, they have a large, substantive very creative company. Yeah Microsoft, they have a large position. Azure, what they've done with Hyper-V and ourselves, and I think that those, you know the two that sort of have the natural assets to participate in the hybrid space are us and Microsoft at that level, and obviously you know we think we have lots of advantages versus Microsoft. We think we're miles ahead of them and SDDC, right, we think the seamlessness and the compatibility that we're building with one software stack, not two. It's not Azure and Hyper-V. It is SDDC in the cloud and on premise that that gives us significant advantages and then we're going to build these value rate of services on top of it, you know, as we announced with Desktop as a Service, Cloud Foundry as a Service, DR as a service. We're going to quickly build that stack of capabilities. That just gives substantial value to enterprise customers. >> So I got to ask you, talk about hybrid since you brought it up again. So software defined data center software. So what happens to the data center, the actual physical data center? You mentioned about the museum. I mean what is it going to look like? I mean right now there's still power and cooling. You're going to have utility competing with cloud resources on demand. People are still going to run data centers. >> You're talking about the facility? >> Yeah, the actual facility. I'm still going to have servers. This will be an on premise. Do you see that, how do you see that phasing out to hybrid? What does that look like physically for someone to manage? Just to get power, facility management, all that stuff. >> Yeah and in many ways, I think here, the you know, the cloud guys, Googles and Amazons and Yahoos and Facebooks have actually led the way in doing some pretty creative work. These things become you know, highly standardized, highly modularized, highly scalable, you know, very few number of admins per server ratio. As we go forward, these become very automated factories, right, of cloud execution. Some of those will be on premise. Some of those will be off premise. But for the most part, they'll look the same, right, in how they operate and our vision for software defined data center is that software layer is taking away the complexity, right, of what operates underneath it. You know, they'll be standardized, they'll be modularized. You plug in power, you plug in cooling, you plug in network, right, and these things will operate. >> Basically efficient down to the bone. >> Yeah. >> Fully operated software. >> Yeah and you know, people will decide what they put in their private cloud, you know, based on business requirements. SLAs, you know, privacy requirements, data governance requirements, right? I mean in Europe, got to be on premise in these locations and then they'll say, "Put stuff in the public cloud "that allows me to burst effectively. "Maybe a DR because I don't do that real well. Or these applications that belongs in the cloud, right because it's distributive in nature, but keep the data on premise. You know, and really treat it as a menu of options to optimize the business requirements between capex to opex, regulatory requirements, scale requirements, expertise, mission critical and all of those things then are delivered by a sustainable position. Not some stupid hybrid halfway house. A sustainable position that optimizes against the business requirements that they have. >> Let me take one of those points, SLA. Everybody likes to attack Amazon and its SLAs, but in many regards. >> Yeah, I'm glad I got your attention. >> Yeah, that's good, we're going to come back to that John. (group chuckles) >> In my head right now. >> I don't think we're done with that talk track. (laughs) So it's easy to attack Amazon and SLAs, but in essence, the SLA is, to the degree of risk that you're willing to take and put on paper at scale. So how transparent will you be with your SLAs with the hybrid cloud and you know, will they exceed what Amazon and Google have been willing and HP for that matter have been willing to promise at scale? >> Oh yeah, absolutely. I mean we're going to be transparent. The SLAs will have real teeth associated with them, you know, real business consequences for lack of execution against them. You know, they will be highly transparent. You know, we're going to have true, we're going to measure these things and you know, provide uptime commitments, etc. against them. That's what an enterprise service is expected, right? At the end of the day, that's what enterprises demand, right? When you pick up the phone and need support, you get it, right. And in our, the VMWare support is legendary. I'm just delighted by the support services that we offer and the customer response to those is, "Hey you fixed my problem even when "it wasn't your problem and make it work." And that's what enterprise customers want because that's what they have to turn around and commit back to their businesses against all of the other things as well. You know, regulatory requirements, audit requirements, all of those types of things. That's what being an enterprise provider is all about. >> John wants to get that. Talk about public cloud. (Pat laughs) >> I want to talk about OpenStack because you guys are big behind OpenStack. You talk about it as a market expansion. Internally what are some of the development conversations and sales conversations with customers around OpenStack instead of status, what's it doing, how you guys are looking at that and getting involved? >> Yeah, you know, we've clearly said you know, that you have to think about OpenStack in the proper way. OpenStack is a framework for building clouds, and you know, for people who are wanting to build their own cloud as opposed to get the free package cloud, right, you know, this is our strategy to enable those APIs, to give our components to those customers to help them go build it, right and those customers, largely are service providers, internet providers who have unique scale, integration and other requirements and we're finding that it's a good market expansion opportunity for us to put our components in those areas, contribute to the open source projects where we truly have IP and can differentiate for it like at the Hyper-Visor level, like at the right networking layer and it's actually going pretty well. You know, in our Q2 earnings call, you might recall, you know, I talked about that our business with the public OpenStack customers was growing faster than the rest of our business. That's pretty significant, right, to say, "Wow, if it's growing faster, "that says the strategy is working." Right, and we are seeing a good response there and clearly we want to communicate. We're going to continue that strategy going forward. >> And the installed base of virtualization is obviously impressive and the question I want to ask you is how do you see the evolution of the IT worker? I mean they have the old model, DBA, system admins, and then now you have data science on the big data side so with software defined data center, the virtualization team seems to be the center point for that. What roles do you see changing with hybrid cloud and software defined data center and user computing? >> Well I think sort of the theme of our conference is defy convention. Right and why do we do that? Because we really see that the, you know, the virtual admin and the virtual infrastructure that they have really become the center of IT. Now we need the competence of networking, the security guys, the database guys, but that now has to happen in the context, right, of a virtualized environment. DBA doesn't get to control his unique infrastructure. The Hadoop guy doesn't get his own unique infrastructure. They're all just workloads that run on this virtualized infrastructure that is increasingly adept and adaptable, right, to these different workload areas and that's what we see going forward as we reach into these new areas and the virtual admin, he has to go make best buddies with the networking guy and say, "Let me talk to you about virtual networking "and how we're going to cross between the virtual overlay "domain and the physical domain and how these things "are going to stitch together for making your job better "right, and delivering a better solution "for our line of business and for our customers." >> One thing you did to defy convention is get on stage with Marc Andreessen. So I want to talk about that a little bit. You guys had I would call it, you know, slight disagreements and, into the future. >> Just a little. >> But I thought you were kind to him. And he said, you know, "No startup that I work with "is going to buy any servers." And I thought you were going to add, no never mind. I won't even go there. (group laughs) I won't even go there, I want to be friends. No so talk about that a little bit, that discussion that you had. Your view of the world and Marc's. How do you respond to that statement? Do they grow up into VMWare customers? Is that the obvious answer? >> I mean I have a lot of regard. You know, Marc and I have known each other for probably close to two decades now and you know, we partnered and sparred together for a long time and he's a smart, successful guy and I appreciate his opinions. You know, but he takes a very narrow view, right, of a venture seed fund, right, who is optimizing cashflow, and why would they spend capital on cashflow when they can go get it as a service? That's exactly the right thing for a very early stage startup company to do in most cases, right? Marc driving his customers to do that makes a lot of sense, but at the end of the day, right, if you want to reach into enterprise customers, you got to deliver enterprise services, right? You got to be able to scale these things. You got to be cost-effective at these things and then all the other aspects of governance, SLAs, etc. that we already talked about. So in that view, I think Marc's view is very perspective. >> Also Zynga and those guys, when they grew up on Amazon, they went right to bare metals as soon as they started scale. >> They had to bring it back in right 'cause they needed the SLAs, they needed the cost structures. They wanted to have the controls of some of those applications. >> And rental is more expensive at the end of the day. >> There you go. Somebody's got to pay the margins, right, you know, on top of that, to the providers so you know, I appreciate the perspective, but to me it is very narrow and periconchal to that point of view and I think the industry is much broader and things like policy and regulation are going to take decades, right? Not years, you know, multiple decades for these things to change and roll out to enable us a mostly public cloud world ever, right, and that's why I say I think the hybrid is not a waystation, right? It is the right balance point that gives customers flexibility to meet their business demands across the range of things and Marc and I obviously, we're quite in disagreement over that particular point. >> And John once again, Nick Carr missed the mark. We made a lot of money. >> I think Marc Andreessen wants to put a lot of money into that book. Everyone could be the next Facebook where you you know, you build your own and I think that's not a reality in enterprise. They kind of want to be like Facebook-like applications, but I wanted to ask you about automation. So we talked to a lot of customers here in theCUBE and we all asked them a question. Automation orchestration's at the top of the stack. They all want it, but they all say they have different processes and you really can't have a general purpose software approach. So Dave and I were commenting last night when we got back after the NetApp event was you know, you and Paul Murray were talking in 2010 around this hardened top when you introduced that stack and with infrastructure as a service, is there a hardened top where functionality is more important than which hardware you buy so you can enable some of those service catalogs, some of those agility features in automation because every customer will have a different process to be automated. >> Yeah. >> And how do you do that without human intervention? So where is that hardened top now? I mean is it platform as a service or is it still at the infrastructure as a service model? >> Yeah, I think clearly the line between infrastructure as a service and platform as a service will blur, right, and you know, it's not really clear where you can quite draw that line. Also as we make infrastructure more application aware, right, and have more application development services associated with it, that line will blur even more. So I think it's going to be hard to call, you know, "Here's that simple line associated with it." We'd also argue that in this world that customers, they have heterogeneous tools that they need to work with. Some will have bought in a big way into some of the legacy tools and as much as we're going to try help them move past some of those brittle environments, well that takes a long time as well. I'd also say that you know, it's the age of APIS, not UIs, and for us it's very much to expose our value through programmatic interfaces so customers truly can have the flexibility to integrate those and give them more choice even as we're trying to build a more deeply integrated and automated stack that meets a general set of needs for customers. >> So that begs the question, at the top of the stack where end user computing's going to sit and you're going to advance that piece, what's, what's the to do item for you? What needs to happen there? Is it, on a scale of one to 10, 10 being fully baked out, where is it, what are the white spaces that need to be tweaked either by partners or by VMWare? >> Yeah and I think we're pretty quickly finishing the stack with regard to the traditional PC environments and I think the amount of work to do for the mobile environment is still quite enormous as we go forward and in that, you know, we're excited about Horizon getting some good uptake, a number of partner announcements this week, but there's a lot to be done in that space because people want to be able to secure apps, provision apps, deprovision apps, have secure work spaces, social experiences, a rich range of integrations to the authentication devices associated with it to be able to have applications that are developed in that environment that access this hybrid infrastructure effectively over time, be able to self-compose those applications, put them into enterprise, right, stores and operations, be able to access this big data infrastructure. There's a whole lot of work to be done in that space and I think that'll keep us busy for quite a number of years. >> This is great. We're here with Pat Gelsinger inside theCUBE. We could keep rolling until we get to the hook, but a couple more final questions is the analogy of cloud has always been like the grid, electricity. You kind of hinted to this earlier. I mean is that a fair comparison? The electricity's kind of clean and stable. We have an actual national grid. It doesn't have bad data and hackers coming through it so is that a fair view of cloud to kind of look, talk about plugging electricity in the wall for IT. >> I think that is so trite, right? It came up in the panel we had with Andreessen, Bechtolsheim, Graeme, and myself because you know, it's so standardized. 120 volts AC right and hey you know, maybe it gets distributed as four, 440, three phase, but you know, it is so standardized. It hasn't moved. Sockets standards, right, you're done. Think how fast this cloud world is evolving. Right the line between IA as in PaaS as we just touched upon, the services that are being offered on top of it. >> Security, security. >> Yeah, yeah, all these different things. To me, it is such a trite, simple analogy that has become so used and abused in the process that I think it leads people to such wrong conclusions right, about what we're doing and the innovation that's going on here and the potential that we're going to offer. So I hope that every one of our competitors takes that and says, "That's the right model." Because I think it leads them to exactly the wrong conclusion. >> I couldn't agree more. The big switch is a big myth. I wanted to get tactical for a minute. I listened to your conference calls. I can't wait to read the transcript. I just go, I got to listen to the calls, but just observing those and the conversations around here, I just wanted to ask you. I always ask CEOs, "What keeps you up at night?" They always say execution so let's focus on execution in the next 12 to 18 months. I came up with the following. "To maintain dominance in vSphere, "get revenue beyond vSphere, "broaden end user license agreements, "increase end user computing adoption "and proof points around hybrid cloud." Are those the big ones? Did I miss anything? >> That's a good list. >> Yeah? >> That's a good list. >> So those are the things an observer should watch in let's say 12 to 18 months of indicators of success and of what you're doing and what you're driving. >> Yeah and you know, clearly inside of that, with SDDC, obviously we think this environment for networking, right, and what we've really, I'll say delivered that. That would be one in particular inside of that category that we would call out you know, with regard to our hybrid cloud strategy. It's clearly globalizing that platform. Right, we announced Savvis here, but we need to make this available on a global basis. You go to an enterprise customer and they're going to say, "I need services in Japan, I need services in Singapore. "I need to be able to operate in a global basis." So clearly having a platform, building out the services on top of it is another key aspect of building those hybrid user cases and more of the value on top of it and then in the EUC space, we touched a bit on the mobile thing already. >> So we'll have Martin on later, but his PowerPoint demonstration. >> What a rockstar, what a rockstar. >> He is a rockstar and we've had him on before. He's fantastic, but his PowerPoint demonstration is very simple, made it seem so simple. It's not going to be that easy to virtualize the network. Can you talk about the headwinds there and the challenges that you have and the things that you have to do to actually make progress there and really move the needle? >> Yeah it really sort of boils down in two aspects. One is we are suggesting that there will be a software layer for networking that is far more scalable, agile and robust than you can do in a physical networking layer. That's a pretty tall order, right? I need to be able to scale to tens, hundreds, millions of VMs, right? I need to be able to scale to terabytes of cross-sectional packet flow through this. I need to be able to deliver services on top of this, right, that truly allow firewalls, load balancers, right, IDSes, all of those things to be agile, scale. Yeah, it is ambitious. >> Ambitious. >> This is, right, the most radical, architectural statements in networking in the last 20 or 30 years and that's what gets Martin passionate. So there's a lot of technical scale and we really feel good about what we've done, right, but being able to prove that with robust scalability, right, for which like the Hyper-Visor, it is more reliable than hardware today, in being able to make that same statement about NSX that just like ESX, it is better than hardware, right, in terms of its reliability, its resilience. That's an important thing for us to accomplish technically in that space, but then the other pieces, showing customer value, right? Getting those early customers and what a powerful picture. GE, Citigroup and eBay, right? It's like wow, right? These are massive customers, right, and being able to prove the value and the use cases in the customer settings, right, and if we do those two things, you know, we think that truly we all have accomplished something very very special in the networking domain. >> Pat, talk about the innovation strategy. You've been now a year under your belt at VMWare and you were obviously with EMC and Intel and we mentioned on theCUBE many times, cadence of Moore's Law was kind of the culture of Intel. Why don't you tell us about the innovation strategy of VMWare going forward, your vision, but also talk about the culture and talk about the one thing that VMWare has from a culture that makes it unique and what is that unique feature of the VMWare culture? >> We spent time as a team talking about what is it that drives our innovation, that drives our passion, and clearly as we've talked about our values as a team, it is very much about this passion for technology and passion for customers and how those two coming together, right, with fundamental disruptive "wow" kind of technologies where people just say, like they did when they first used ESX and they say, "Wow, I just didn't ever envision "that you could possibly do that." And that's the experience that we want to deliver over and over again, right, so you know, hugely disruptive powerful software driven virtualization technologies for these domains, but doing it in a way that customers just fall in love with our technologies and you know as, I got a note from Sanjay and I just asked him, "You know, what do you think of VMWorld?" And he said, right, "It is like a cult geek fest." Right, because there's just this deep passion around what people do with our technology, right, and they're not even at that point, they're not customers, they're not partners. They are deeply aligned passionate zealots around what we are doing to make their lives so much more powerful, so much more enabled, right, and ultimately, a lot more fun. >> People say it's like being a car buff. You know, you got to know the engine, you want to know the speeds and feeds. It is a tech culture. >> Yeah, it is absolutely great. >> Pat, thanks for coming on theCUBE. We scan spend a lot of time with you. I know we went a little over. I appreciate your time. Always great to see you. >> Great to see you too. >> Looking good. >> Thank you for that. >> Tech Athlete Pat Gelsinger touching all the bases here. We saw him last night at AT&T Park. Great event here, VMWare World 2013. This is theCUBE. We'll be right back with our next guest after this short break. Pat Gelsinger, CEO on theCUBE.