>> Narrator: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE Conversation. >> Hello everyone, welcome to theCUBE Conversation here in Palo Alto, in our studios of theCUBE, I'm John Furrier, your host. We're here during the crisis of COVID-19 doing remote interviews. I come into the studio, we've got a quarantine crew are here, getting the interviews, getting the stories out there and of course, the story we're going to continue to talk about is the impact of COVID-19, and how we're all getting back to work, either working at home or working remotely and virtually certainly, but as things start to change, we're going to start to see events, mostly digital events, and we're here to talk about an event that's coming up called the Failover Conference from Gremlin which is now gone digital because it's April 21st. But I think what's important about this conversation that I want to get into is, not only talk about the event that's coming up, but talk about the scale problems that are being highlighted by this change in work environment, working at home. We've been talking about the at-scale problems that we're seeing whether it's a flood of surge of traffic and the chaos that's ensuing across the world and with this pandemic. So I'm excited, I've two two great guests, Alberto Fernando, senior vice president of marketing in Gremlin and Tammy Butow, principal site reliability engineer, or SRE. Guys thanks for coming on. Appreciate it, thank you. >> Thanks. >> Thanks for having me. >> Alberto, I want to get to you first. We've know each other before. You've been in this industry. We've been all talking about the cloud native, cloud scale for some time. It's kind of inside the ropes, it's inside baseball. Tammy, you're a site reliability engineer. Everyone knows Google, knows how cloud works. This is large scale stuff. Now with the COVID-19, we're starting to see the average person, my brother, my sister, our family members and people around the world go, "Oh my God, this is really a high impact." This change of behavior, this surge of web, whether it's traffic on the internet or work at home tools that are inadequate, you start to see (laughs) the statistical things that were planned for, not working well, and this actually maps the things that we've been talking about in our industry. Alberto, you've been on this. How are you guys doing? >> Yeah. >> And what's your take on this situation we're in right now? >> Yeah, we're doing pretty well as a company. We were born as a distributed organization to begin with, so for us working in a distributed environment from all over the world is common practice day-to-day. Personally, I'm originally from Italy, my parents, my family, is Milan and Bergamo of all places, so I have to follow the news with extra care and it becomes so much clear nowadays that the technology is not just a powerful tool to enable our businesses but it also is so critical for our day-to-day life, and thanks to video calls, I can easily talk to my family back there every day. So that's really important. So yes, we've been talking for a long time as you mentioned about complex systems at scale and reliability often in the context of mission critical applications, but more and more of these systems need to be reliable also when it comes to back office systems that enable people to continue to work on a daily basis. >> Yeah, well our hearts go out to your family and your friends in Italy, and I hope everyone stays safe there (speaks faintly) a tough situation continues to be a challenge. Tammy, I want to get your thoughts. How's life going for you? You're a site reliable engineer. What you deal with on the tech side is now (laughs) happening in the real world. It's mind blowing to me that we're seeing these things happen, it's a paradigm that needs attention. How do you look at it as a SRE, dealing with mostly on the tech side now seeing it play out in real life? >> It's been such an interesting situation, obviously really terrible for everybody to have to go through and deal with, so one of the things that I specialize in as a site reliability engineer is incident management and so for example, I previously worked at Dropbox where I was the incident manager on call for 500 million customers, it's like 24/7 shift. These large scale incidents, you really need to be able to act fast. There are two very important metrics that we track and care about as a site reliability engineer. The first one is mean time to detection. How fast can you detect that something is happening? Obviously, if we detect an issue faster then you've got a better chance of making the impact lower so you can contain the blast radius. I like to explain it to people like, if you have a fire in your sauce bin in your kitchen, and you put it out, that's way better than waiting until your entire house is on fire. And the other metric is mean time to resolution. So how long does it take you to recover from the situation? So yeah, this is a large scale, global incident right now that we're in. >> Yeah, I know you guys do a lot, talk about chaos, theory and that applies. A lot of math involved, we all know that, but I think we need to look at the real world. This is now going to be table stakes and there's now a line in the sand here, pre-pandemic, post-pandemic, and I think you guys have an interesting company, Gremlin, in the sense that this is a complex system and that if you think about the world we're going to be living in, whether it's digital events that you guys have one coming up or how to work at home or tools that humans are going to be using, it's going to be working with systems, right? So you have this new paradigm going to be upon us pretty quickly and it's not just buying software mechanisms or software, it's a complex system, it's distributed computing, it's an operating system. I mean this is kind of the world. Can you guys talk about the Gremlin situation of how you guys are attacking these new problems and these new opportunities that are emerging? >> Sure, I can talk about that. So yeah, one of the things I've always specialized in over the last ten years is chaos engineering. And so the idea of chaos engineering is that your injecting failure on purpose to uncover weaknesses. So that's really important in distributed systems, with distributed cloud computing, all these different services that you're kind of putting together. But the idea is if you can inject failure, you can actually figure out what happens when I inject that small failure? And then you can actually go ahead and fix it. One of the things I like to say to people is focus on what you're top five critical systems are. Let's fix those first. Don't go for low hanging fruit. Fix the biggest problems first, get rid of the biggest amount of pain that you have as a company, and then you can go ahead and actually... If you think about Pareto principle, the 80/20 rule, if you fix 20% of your biggest problems, you'll actually solve 80% of your issues. That always works. It's something that I've done while working at the National Australia Bank doing chaos engineering. Also at Gremlin, at Dropbox and I help a lot of our customers do that too. >> Alberto, talk about the mindset involved. It's the most counter intuitive. Whoa! Whoa! Risk! The biggest system. >> Yeah >> I don't want to touch those. They're working fine right now. And then these problems just gestate, they kind of hang around to the bin in the kitchen fire, this is okay, I don't want to touch it. The house is still working. So this is kind of a new mindset. Could you talk about what your take is on that? Is the industry there? I mean, it was a kind of a corner case, you had Netflix, you had the Chaos Monkey those days and then now it's a DevOps practice, for a lot of folks, you guys are involved in that. What's the appetite and what's the progress of chaos engineering in mainstream case? >> Yeah, it's interesting that you mentioned DevOps, and recently Gartner came up with a new, revisited DevOps framework that has chaos engineering in the middle of the lifecycle management of your application. And the reality is that systems have become so complex in infrastructure, so many layers of abstractions. You have hundreds of services if you're doing microservices, but even if you're not doing microservices, you have so many applications connected to each other, build really complex workflows and automation flows. It's impossible for traditional QA to really understand where the vulnerability are in terms of resiliency, in terms of quality. Too often the production environment is also too different from the staging environment, and so you need a fundamentally different approach to go and find where your weaknesses are and find them before they happen, before you end up finding yourself in a situation like the one we're into today and you are not prepared. And so, so much of what we talk about is giving a tool and the methodology for people to go and find these vulnerabilities. Not so much about creating chaos, but it's about managing chaos that is built into our current system and exposing those vulnerabilities before they create problem. And so that's a very scientific methodology and tooling that we bring to market and we help customers well. >> Tammy, I want to get your thoughts on something. We used to riff a lot with our 10th unit CUBE, we've had a lot of conversation we've riffed over the years, but you know when the surge of Amazon web services came out it was pretty obvious that cloud's amazing and look at the startups that were born, you mentioned Dropbox, you worked there. These companies, all these born on the cloud, these hyper scale, companies built from scratch, great way to scale up. And we used to joke about Google, people would say, "I would like a cloud like Google," but no one has Googles use cases. And Google really pioneered the SRE concept, and you got to give 'em a lot of props for that. But now we're kind of getting to a world where it's becoming Google-like. There's more scale now than ever before. It's not a corner case, it's becoming more popular and more of a preferred architecture, this large scale. What's your assessment of the main stream enterprises, how far are they in your mind, are they there with chaos? Are they close? Are they doing it? How does someone develop an SRE practice to get the Google-like scale? 'Cause Google has an amazing network, they got large scale cloud, they have SRE's, they've been doing it for years. How does a company that's transforming their IT (laughs) have SRE's? >> That's a great question. I get asked this a lot as well. One of our goals at Gremlin is to help make the internet more reliable for everybody. Everyone using the internet, all of the engineers who are trying to build reliable services, and so I'm often asked by companies all over the world, how do we create an SRE practice and how do we practice chaos engineering? But you can get started actually rolling out your SRE program. Based on my experiences, I've done it. So when I worked at Dropbox, I worked with a lot of people who had been at Google, they've been at YouTube, they were there when SRE was rolled out across those companies, and then they brought those learnings to Dropbox, and I learned from them. But also the interesting thing is if you look at enterprise companies, so large banks. Say for example, I worked at the National Australia Bank for six years, we actually did a lot of work that I would consider chaos engineering and SRE practices. So for example, we would do large scale disaster recovery, and that's where you'd fail over an entire data center to a secret data center in an unknown location, and the reason is 'cause you're checking to make sure that everything operates okay if there's a nuclear blast. That's actually what you have to do and you have to do that practice every quarter. But if you think about it, it's not very good to only do it once a quarter. You really want to be practicing chaos engineering and injecting failure on purpose. I think actually, I prefer to do it three times a week, so I do it a lot. But I'm also someone who likes to work out a lot and be fit all the time so I know that if you do something regularly, you get great results. So that's what I always tell everyone. >> Yeah, get the reps in, as we say, get stronger, get the muscle memory. >> Yep, exactly. >> Guys, talk about the event that's coming up. You've got an event that was scheduled, physical event and then you were right in the planning mode and then the crisis hits. You're going digital, going virtual, it's really digital, but it's digital. It's on the internet. So how are you guys thinking about this? I know its out there. It's April 21st. Can you share some specifics around the event? Who should be attending and how do they get involved online? >> Yeah, the event really came together about a month ago when we started to see all the cancellations happening across the industry because of COVID-19 and we were extremely engaged in the community and we have a lot of talks and we were seeing a lot of conferences just dropping and so speakers losing their opportunity to really share their knowledge with respect with how you do reliability and topics that we focus on. And so we quickly pivoted as a company and created a new online event to give everyone in the community the opportunity to just failover to a new event as the conference name says and have those speakers who'll have lost their speaking slots have a new opportunity to go share their knowledge. And so that came together really quickly, we shared the idea with a dozen of our partners and everyone liked it and all the sudden this thing took off like crazy and just a month where we are approaching 4,000 registrations, we have over 30 partners signed up and supporting the initiative. A lot of past partners as well covering the event. So it was impressive to see the amount of interest that we were able to generate in such a short amount of time. And really, this is a conference for anybody who is interested in resiliency. If you want to know from the best on how to build business continuity across systems, people and processes, this is a great opportunity at no cost really. It's a free conference. >> And the target persona and the audience you want to have attend is what? SREs or folks doing architectural work? What's the target >> Yeah >> person to attend? >> Architects, SREs, developers, business leaders who care about the quality and the reliability of their applications, who need to help create a framework and a mindset for their organizations that speaks to what Tammy was saying a minute ago. Having that constant practice on a daily basis about go and finding how to improve things. >> You know, Tammy we've been going to physical events with theCUBE and extracting the signal from the noise and distributed it digitally for 10 years and I got to ask you because now that those events have gone away, you talk about chaos and injecting failure. Doing these digital events is not as easy as just live streaming, it's hard to replicate the value of a physical event, years of experience and standards, roles and responsibilities to digital. A different consumption environment, it's asynchronous, you're trying to create a synchronous environment. It's its own complex system, so I think a lot of people who are experimenting and learning (laughs) from these events because it's pretty chaotic. So, I'd love to get your thoughts on how you look at these digital events as a chaos engineer. How should people be looking at these events? How are you guys looking at... I mean, obviously you want to get the program going, get people out there, get the content, but to iterate on this, how do you view this? >> It is really different. So I actually like to compare it to fire drills in SRE. So often what you do there is you actually create a fake incident or a fake issue, so you just, you were saying, "Let's have a fire drill." Similar to when you're in a building and you have a fire drill that goes off and you have wardens and everything and you all have to go outside. So we can do that in this new world that we're all in all of the sudden. A lot people have never run an online event and now all of a sudden they have to. So what I would say is like, do a fire drill. Run a fake one before you do the actual one to make sure that everything does work okay. My other tip is make sure that you have backup plans. Backup plans on backup plans on backup plans. As an SRE, I always have at least three to five backup plans. I'm not just saying plan A and plan B, but there's also a C, D, and E and I think that's very important and even when you're considering technology, one of the things we say with chaos engineering is, if you're using one service, inject failure and make sure that you can fail over to a different alternative servers in case something goes wrong. >> Yeah, hence the Failover Conference, which is the name of the conference. (chuckles) >> Exactly! >> Yeah, well we certainly are going to be sending a digital reporter there, virtually. If you need any backup plans, obviously we have the remote interviews here. If you need any help, let us know, really appreciate it. Great to see you guys. And thanks for sharing. Any final thoughts on the conference? What happens when we get through the other side of this? I'll give you guys a final word. We'll start with Alberto, with you first. >> Yeah, I think when we are on the other side of this, we'll understand even more the importance of effective resilience, architecting and testing. As a provider of tools and methodologies for that, we think we will be able to help customers when we do a significant leap forward on that side. And the conference is just super exciting. I think it's going to be a great event. I encourage everyone to participate. We have tremendous lineup of speakers that have incredible reputation in their field so I'm really happy and excited about the work that the team has been able to do with our partners put together at this type of event. >> Okay, Tammy. >> Yeah, for me, I'm actually going to be doing the opening keynote for the conference and the topic that I'm speaking about is that reliability matters more now than ever. And I'll be sharing some, bizarre, weird incidents that I have worked on myself that I have experienced, really critical strange issues that have come up. But yeah, I'm really looking forward to sharing that with everybody else, so please come along, it's free. You can join from your own home and we can all be there together to support each other. >> You got a great community support and there's a lot of partners, Press Media and ecosystem and customers, so congratulations Gremlin, having a conference on April 21st called the Failover Conference. TheCUBE and SiliconANGLE have a digital reporter there that will be covering the news. Thanks for coming on and sharing. I appreciate the time. I'm John Furrier in the Palo Alto studio with remote interview with Gremlin around their Failover Conference, April 21st. It's really demonstrating, in my opinion, the at scale problems that we've been working on the industry, now more applicable than ever before as we get post-pandemic with COVID-19. Thanks for watching. Be back. (calm music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hello everyone welcome to the cube conversation here in Palo Alto our studios of the cube I'm showing for your host we're here during the crisis of Cove in nineteen doing remote interviews I come into the studio we've got a quarantine crew or here getting the interviews getting the stories out there and of course the story we continue to talk about is the impact of Kovan 19 and how we're all getting back to work either working at home or working remotely and virtually certainly but as things start to change we can start to see events mostly digital events and we're here to talk about an event that's coming up called the failover conference from gremlin which is now gone digital because it's April 21st but I think what's important about this conversation that I want to get into is not only talk about the event that's coming up but talk about these scale problems that are being highlighted by this change in work environment working at home we've been talking about the at scale problems that we're seeing whether it's a flood of surge of traffic and the chaos that's ensuing across the world with this pandemic so I'm excited have two great guests Alberto Ferran auto senior vice president marketing gremlin and Tammy Bhutto principal site reliability engineer or SRE guys thanks for coming on appreciate it thank you Thank You Alberto I want to get to you first you know we've known each other before you've been in this industry we all we've been all been talking about the cloud native cloud scale for some time it's kind of inside the ropes it's inside baseball Tami your site reliability engineer everyone knows Google knows how well cloud works this is large-scale stuff now with The Cove in 19 we're starting to see the average person my brother my sister our family members and people around the world go oh my god this is really a high impact this change of behavior the surge of you know whether whether it's traffic on the internet or work at home tools that are inadequate you start to see these statistical things that were planned for not working well and this actually Maps the things that we've been talking about it in our industry Alberto you've been on this how you guys doing and what's your what's your take on this situation we're in right now yeah yeah we're we're doing pretty well as a company we were born as a distributed organization to begin with so for us working in a distributed environment from all over the world is is common practice day-to-day personally you know I'm originally from Italy my parents my family is Milan and Bergen audible places so I have to follow the news with extra care and so much in me it becomes so much clearer nowadays that technology is not just a powerful tool to enable our businesses but it also is so critical for our day-to-day life and thanks to you know video calls I can easily talk to my family back there every day Wow so that's that's really important so yes we've been talking for a long time as you mentioned about complex systems at scale and reliability often in the context of mission-critical applications but more and more these systems need to be reliable also when it comes to back office systems that enable people to continue to work on a daily basis yeah well our hearts go out to your family and your friends in Italy and hope everyone's stay safe there no that was a tough situation continues to be a challenge Tammy I want to get your thoughts how is life going for you you're a sight reliable engineer what you deal with on the tech side is now happening in the real world it's it's almost it's mind-blowing and to me that we're seeing these these things happen it's it's a paradigm that needs attention and whew look at it as a sre dealing a most from a tech side now seeing it play out in real life it's such an interesting situation really terrible so one of the things that I specialize in as a site reliability engineer is incident management and so for example I previously worked at Dropbox where I was you know the incident manager on call for 500 million customers you know it's like 24/7 and these large-scale incidents you really need to be able to act fast there are two very important metrics that we track and care about as a site reliability engineer the first one is mean time to detection how fast can you detect what something is happening obviously if you detect an issue faster and you've got a better chance of making the impact lower so you can contain the blast radius I like to explain it to people like if you have a fire in your sauce bin in your kitchen and you put it out that's way better than waiting until your entire house is on fire and the other metric is mean time to resolution so how long does it take you to recover from the situation so yeah this is a large-scale global incident right now that we're in yeah I know you guys do a lot of talk about chaos theory and that applies a lot of math involved we all know that but I think when you go look at the real world this is gonna be table stakes and you know there's now a line in the sand here you know pre-pandemic post pandemic and i think you guys have an interesting company gremlin in the sense that this is this is a complex system and if you think about the world we're going to be living in whether it's digital events that you guys are have one coming up or how to work at home or tools that humans are going to be using it's going to be working with systems right so you have this new paradigm gonna be upon us pretty quickly and it's not just buying software mechanisms or software it's a complex system it's distributed computing and operating so I mean this is kind of the world can you guys talk about the gremlin situation of how you guys are attacking these new problems and these new opportunities that are emerging one of the things that I've always specialized in over the last 10 years is chaos engineering and so the idea of chaos engineering is that you're injecting failure on purpose to uncover weaknesses so that's really important in distributed systems with distributed you know cloud computing all these different services that you're kind of putting together but the idea is if you can inject failure you can actually figure out what happens when I inject that small failure and then you can actually go ahead and fix it one of the things I like to say to people is you know focus on what your top 5 critical systems are let's fix those first don't go for low-hanging fruit fix the biggest problems first get rid of the biggest amount of pain that you have as a company and then you can go ahead and like actually if you think about Pareto principle the 80/20 rule if you fix 20% of your biggest problems you actually solve 80% of your issues that always works something that I've done while working at National Australia Bank doing chaos engineering also what gremlin at Dropbox and I help a lot of our customers do that to albariño talk about the mindset involved it's almost counterintuitive whoa-oh-oh risk the biggest system and I don't want to touch those there working fine right now and then these problems just gestate they kind of hang around to the bin in the kitchen fire you know mist okay I don't want to touch it the house is still working so this is kind of a new mindset could you talk about what your take is on that is the industry there I mean oh it was a kind of a corner case you know you had Netflix you had the chaos monkey those days and then now it's the DevOps practice for a lot of folks you guys are involved in that what's the what's the appetite what's the progress of chaos engineering and mainstream yeah it's interesting that you mentioned DevOps and you know recently Gartner came up with a new revisited devil scream work that has chaos engineering in the middle of the lifecycle of your application and the reality is that systems have become so complex in infrastructure so many layers of abstractions you have hundreds of services if you're doing micro services but even if you're not doing micro services you have so many applications connected to each other build really complex workflows and automation flows it's impossible for traditional QA to really understand well the vulnerability are in terms of resiliency in terms of quality too often the production environment is also too different from the staging environment and so you need a fundamentally different approach to go and find where your weaknesses are and find them before they happen before you end up finding yourself in a situation like the one we're in today and you're not prepared and so much of what we talk about is giving it >> and the methodology for people to go and find these vulnerabilities not so much about creating cause chaos but it's about managing sales that is built into our current system and exposing those vulnerabilities before they create problem and so that's a very scientific methodology and and and tooling that we would bring to market and we help customers with Tammy I want to get your thoughts on so you know we used to riff a lot of to our 10th you know cube we've had a lot of conversation we've ripped over the over the years but you know when the surge of Amazon Web Services came out as pretty obvious the clouds amazing and look at the startups that were born you mentioned Dropbox you work there these comings and all these born in the cloud these hyper scale comes built from scratch great way to scale up and we used to joke about Google people say I would like a cloud like Google but no one has Google's use cases and Google really pioneered the sre concept and you gotta give them a lot of props for that but now we're kind of getting to a world where it's becoming Google like there's more scale now than ever before it's not a corner case it's becoming more popular and more of a preferred architecture this large scale what's your assessment of the of the mainstream enterprises how far are they did in your mind our way are they there with Castle they clothed how they doing it how does someone take how does someone develop an SRE practice to get the Google like scale because Google has an amazing network they got large-scale cloud they have sres they've been doing it for years how does a company that's transforming their IT have expertise it's a great question I get asked this a lot as well one of our goals at Bremen is to help make Internet more reliable for everybody everyone using the Internet all of the engineers who are trying to build reliable services and so I'm often asked by you know companies all over the world how do we create an SRE practice and how do we practice chaos engineering and so actually how you can get started actually rolling out your sre program based on my experiences I've done it so when I worked at Dropbox I worked with a lot of people who had been at Google they've been at YouTube they were there when was rolled out across those companies and then they brought those learnings to Dropbox and I learned from them but also the interesting thing is if you look at enterprise companies so large banks say for example I worked at a National Australia Bank for six years we actually did a lot of work that I would consider chaos engineering and sre practices so for example we would do large-scale disaster recovery and that's where you fail over an entire data center to a secret data center in an unknown location and the reason is because you're checking to make sure that everything operates okay if there's a nuclear blast that's actually what you have to do and you have to do that practice every quarter so but but if you think about it it's not very good to only do it once a quarter you really want to be practicing chaos engineering and injecting failure on this I think actually my I prefer to do it three times a week do I do it a lot but I'm also someone who likes to work out a lot and be fit all the time so I know that do something regularly you get great results so that's what I always tell us yeah I get the reps in as we say you know get get stronger at the muscle memory guys talk about the event that's coming up you got an event that was schedules physical event and then you were right in the planning mode and then the crisis hits you going digital going virtual it's really digital but it's digital that's on the internet so how are you guys thinking about this I know I it's out there it's April 21st can you share some specifics around the event well who should be attending and how they get involved online yeah yeah they vent really came about about together about a month ago when we started to see all the cancellations happening across the industry because of code 19 and we are extremely engaged with in the community and we have a lot of talks and we are seeing a lot of conferences just dropping and so speakers losing their opportunity to share their knowledge with respect to how you do reliability and topics that we focus on and so we quickly people it as a company and created a new online event to give everyone in the community the opportunity to you know they'll over to a new event as the president as a as the conference name says and and have those speakers will have lost their speaking slots have a new opportunity to go share their knowledge and so that came together really quickly we share the idea with a dozen of our partners and everyone liked it and all the sudden this thing took off like crazy in just a month where we are approaching you know four thousand registrations we have over 30 partners signed up and supporting the initiative a lot of a lot of past partners as well covering the event so it was impressive to see the amount of interest that that we were able to generate in such a short amount of time and really this is a conference for anybody who is interested in resilience and if you want to know from the best on how to build business continuity of persistence people and processes this is a great opportunity at no cost we need some free conference and the target persona and the audience you want to have a ten is what Sree Zoar folks doing architectural work and what's that that's the target yes and to attend our cadets s Ari's developers business leaders who care about the quality and reliability of their applications who need to help create a framework and a mindset for their organization that speaks to what Tammy was saying a minute ago having that constant crap is on a daily basis about who and finding how to improve things you know Tammy we've been doing going to physical events with the cube and extracting the signal of the noise and distributing it digitally for ten years and I got to ask you because now that those are those events have gone away you talk about chaos and injecting failure these doing these digital events is not as easy it's just live streaming it's it's hard to replicate the value of a physical event years of experience and standards roles and responsibilities to digital different consumption environments a synchronous you're trying to create a synchronous environment it's its own complex system so I think a lot of people are experimenting and learning from these events because it's pretty chaotic so I'd love to get your thoughts on how you look at these digital events as a chaos engineer how should people be looking at these events how are you I was looking at it you know I also want to get the program going get people out there get the content but you have to iterate on this how do you view this it is really different so I actually like to compare it to fire drills in SRA so often what you do there is you actually create a fake incident or a fake issue so you just you know you're saying let's have a fire drill similar to like you know when you're in a building and you have a fire drill that goes off you have wardens and everything and you all have to go outside so we can do that in this new world that we're all in all of a sudden you know a lot of people have never run an online event and now all of a sudden they have to so what I would say is like do a fire drill um run up you know a baked one before you do the actual on one to make sure that everything does work okay my other tip is make sure that you have backup plans backup plans on backup plans on backup plans like as in SRA I always have at least three to five backup plans like I'm not just saying plan a and Plan B but there's also a C D and E and I think that's very important and you know even when you're considering technology one of the things we say with chaos engineering is you know if you're using one service inject failure and make sure that you can fail over to a different alternative service in case something goes wrong yeah hence the failover conference which is the name of the conference yeah yeah well we certainly are gonna be sending a digital reporter there virtually if you need any backup plans obviously we have the remote interviews here if you need any help let us know really appreciate it I'll great to see you guys and thanks for sharing any final thoughts on the conference how what what happens when we get through the other side of this I'll give you guys a final word we'll start with Alberto with you first yeah I think one when we are on the other side of this will will understand even more the importance of effective resilience architecting and and and testing I think you know as a provider of tools and methodologies for that we we think we will be able to help customers do we do a significant leap forward on that side and the conference is just super exciting I think it's going to be a great I encourage everyone to participate we have tremendous lineup of speakers that have incredible reputation in their fields so I'm really happy and and excited about the work that the team has being able to do with our partners put together this type of event okay Tammy yes ma'am I'm actually going to be doing the opening keynote for the conference and the topic that I'm speaking about is that reliability matters more now than ever and I'll be sharing some you know bizarre weird incidents that I've worked on myself that I've experienced you know really critical strange issues that have come up but yeah I just I'm really looking forward to sharing that with everybody else so please come along it's free you can join from your own home and we can all be there together to support each other you got a great community support and there's a lot of partners press media and an ecosystem and customers so congratulations gremlin having a conference on April 21st called the failover conference the qubits look at angle we'll have a digital reporter there we covering the news thanks for coming on and sharing and appreciate the time I'm Jeff we're here in the Palo Alto series with remote interview with gremlin around there failover conference April 21st it's really demonstrating in my opinion the at scale problems that we've been working on the industry now more applicable than ever before as we get post pandemic with kovin 19 thanks for watching be back [Music]

(upbeat music) >> Woman: From our studios in the heart of Silicon Valley, Palo Alto, California. This is a Cube Conversation. >> Hello and welcome to the Cube studios in Palo Alto, California for another Cube Conversation where we go in depth with thought leaders driving innovation across the tech industry. I'm your host, Peter Burris. One of the biggest challenges that every enterprise face as they try to keep up with competitors today, is how to introduce the speed of adding new digital services, new digital capabilities, new types of customer experience, new types of operational challenges, et cetera, but do so in a way that retains the safety that's associated with traditional ways of doing IT. That leads to a set of tensions that exist between how DevOps, which is really driving that new speed equation, and security, which has been historically the locus of thinking about how to ensure that assets, digital assets don't get misappropriated by the business and by bad actors. So the big challenge is how can we bring people, the technology, and the processes together so we can achieve both the speed as well as the safety that are required to really drive business forward. So to have that conversation, we're joined by a great CEO today, Dan Hubbard who's the CEO of Lacework. Dan, welcome to the Cube. >> Thank you, great to be here. >> So let's start by getting a little bit of about Lacework. Tell us a little bit about Lacework. >> Sure, yeah, so Lacework we're really excited. Recently we raised another round of funding which is going to really allow us to focus totally on this problem which is how do we balance speed and safety in how we secure these modern architectures and infrastructure in cloud security? >> All right, so let's talk about, I mentioned up front that this notion of speed and safety, it's more than just a technology problem. It goes deep into how businesses run their enterprise today. What is the experiences that you see your customers having as they conceive of how to move forward to this new world? >> Yeah, so for cloud migrants what's happening is the development groups and applications are moving to the cloud at a very rapid rate, and every company that they're buying is cloud born, and they're moving at a really quick rate, and they're leaving security behind. So from the people aspect, the security people need to get involved with the developers to figure out how they can work in this, you know coexist in an environment that allows them to deliver obviously both security and speed, or speed and safety. >> So the problem is essentially that we need to move fast as a consequence of competition, and technology change, and achieving, you know being more opportunistic which is a fundamental tenet of agile and business today, but we need to do so in a way that provides the set of assurances that are required by compliance, by law, by new privacy regulations. How are you seeing customers solve this problem generally? How are they even thinking about solving it. >> Yeah, so I think the first thing is how they're not succeeding which is, you know, typically they go to their incumbent vendors, security vendors, and attempt to apply something that is not purpose fit for this new infrastructure, being in cloud and cloud native. So things like taking a firewall and calling it a cloud firewall isn't working. Things like taking traditional technologies like antivirus or next generation antivirus is not working. And what we're seeing working is when you really step back and they really start to understand how people are building and developing their code, pushing it out. What is that build time to runtime environment look like, and what are the services their using, and they need to apply some relatively fundamental security practices to it. How do I get visibility over time in real time? How do I attain compliance that is important to my company, PCI, SOC2, NIST, you know HIPAA, whatever is important to you, and then how can I assure that we haven't had a breach, and if we do, how can we triage that breach? >> So in man respects we are trying to bring tried and true security concepts to this new world, but we need to do so in a way that doesn't drag along the technology limitations or that technologies were necessarily applied to securing an old style of infrastructure. Have I got that right? >> Yeah, absolutely. You know there's a number of things in technologies that are really critical here, but also on the people side. You know we can't bring over some of the old processes, for example change control windows. You can't have a change control window in something that's running, and you're pushing code a thousand times a day. There is no change control window. You're just doing it all the time, but you need to do things in a way that is mapping to the automation and the scale that's happening. In order to do that, you need definitely some technology, and people, and processes. >> So it sounds like what you're suggesting is we have to incorporate security directly into the DevOps process so that we at least feature some notion of a Pareto principle where each new push is at least as secure as the previous one, but ideally we're making things more secure as we go along. >> Yeah, I mean understanding change is really critical because things are changing so quickly. You know what we're seeing in a lot of companies is a shift over to security as a governance and tooling org., and then security engineering which is baked within DevOps teams. Whether it is a guild of people that are connected to the application developers, or right within the stand up, or the group directly. >> But if I think about kind of the outcome of DevOps, the outcome of DevOps really is this kind of more modern approach to thinking about technology resources. Service is a term that's thrown and it means a lot of things to a lot of people, but to a DevOps person, they create something that can then be used as a service by other folks within the organization. One of the fundamental challenges here it seems to me is that historically we've tried to secure the server, or the PC, or the network, or the perimeter, or whatever else it might be, but really this cloud native approach is securing some outcome, some capability, and that's really increasingly what we've got to focus on whether we call it a service or something else. Have I got that right? >> Yeah, absolutely, and you know I think we spent years kind of surrounding the applications in the development, really partly because we may have not been involved, so it was great. We had firewalls, we had defense in depth, multiple layers that we added on top of the next layer, and everything else, and really what needs to happen, it needs to be integrated. And you know, in order to integrate into the services world, it needs to be as a service. So your security needs to be a service that isn't surrounding, it's actually integrating directly, and that's partly from a process perspective, also from a people as we talked about, but also as a technology. It's got to be really baked into the solution. >> So one of the things we've seen in our research of Wikibon is that there are, as we think about how to introduce these new capabilities into this kind of DevOps culture, this DevOps approach to building new IT assets, new business capabilities, that if the solution itself doesn't correspond to a way that DevOps works, it itself gets abandoned. I mean it might integrate at some point in time in the future, but if it doesn't naturally fit into how things operate or how things evolve, then it gets abandoned. How would this new class of security products or services look so that DevOps picks it up, gets the best IP associated with the best security today? >> I think the first one is it can't be intrusive. So you know when you talk about blocking and tackling, it needs to be more about building and engineering than blocking. So you really need to make sure that you're not going to adversely or inadvertently affect the application and the service that's being run. So it's really important to the company. And anytime you introduce that, you're going to get blocked out, or your not going to be involved. The other is that it needs to pair to the tooling that is there. For example, you know our service integrates DarkLink, to Jira, and PagerDuty, and Slack, you know, real modern ways that DevOps work. So it needs to be directly integrated, and lastly the service and the context need to deliver information that serves two audiences, the security people, and the DevOps people, because the DevOps people are often the ones that are triaging, or they know the application and the information, the infrastructure's code, and the security people may not. So they have to work together and provide both of those. >> So as we think about what a modern secure DevOps function's going to look like, give us kind of the picture of what it looks like in three years. How are they going to be working together, and what are they going to be using to do so? >> Yeah, so I don't think there's, like this isn't the end of the SISO. There's still going to be a SISO. It's a incredibly important role. I think they're going to move a little bit more towards governance, compliance, and tooling. They may have a tooling org. You know for us, it's more important that we interoperate with open source and the cloud providers than we do with other vendors. So having tooling to do that is really critical. >> Peter: Especially in the visibility side. >> Absolutely, yeah getting visibility's key, and then there's going to be more security engineers. These are people with DNA in security but also are coders, versus the real deep threat specific environment that we see today. You know I would argue there's probably more people that write code and understand assembler than there is in Python and Go. So you know DevOps people, they don't know what assembler is, or are using assembler, so that is still important. There are still attacks. You need to deconstruct them, you need to understand them, but there's a lot you need to do on the security engineering side, which is really how do I program this service? How do I automate and orchestrate it? >> So today this is kind of where we're going. It makes perfect sense, but that's not where a lot of organizations are today. You mentioned the difference between built in cloud and migrating to the cloud. Give us a little bit of insight, visibility into how some of those migrate to the cloud shops are taking this roadmap as they move forward. >> Yeah, it's super interesting you know? We have customers that span across cloud born, you know more startupy, very tech savvy, and then very traditional, very large Fortune 50 companies. In the latter they're doing a couple things. One is they're trying to figure out how do I migrate a traditional app that's been built in a way, not for the cloud, to the cloud. That's kind of one, and there's all kindsa reasons why you'd want to do that, scale, performance, reliability, et cetera. The second is that they're being told or have initiatives driven from the top called cloud first, which means that everything new has to be that way. It has to be cloud native, and it has to be delivered as a service. And then the last one is that when you actually are building an application, and you're a new company, you're probably going to get acquired by one of these larger companies, which means that a cloud migrant becomes a cloud native company by definition because the company's they're buying. So it kind of spans across those three areas. What we run into though is that especially if they buy a company, they're very modern in how they think. They've got very modern practices, and then the traditional security people are going, oh who are these, what is this new technology? How do we interoperate, how do we take our policies, our practices, our functional organization and map those together? So they're really startin' to figure it out. So I think we're kind of in this middle ground. There is very forward thinking companies that have moved more forward, but still it's very, very early, and we talk to customers, we run workshops with customers, and a lot of it, just bringing the teams together and understanding both worlds, and getting to know what are the DevOps, things that they're working on, what are the security people, how do we meet in the technology, and then in the process side. So It's a little bit all over right now, and I think it's probably going to get worse before it gets better, but I think down the road as people deploy things like Kubernetes and containers, and services that are built a little bit better with resiliency into them, it's going to be a more secure place. >> Dan Hubbard, CEO of Laceworks. Great conversation about speed and safety. Thanks for being on the Cube. >> Thank you very much, nice to be here. >> And once again, I'm Peter Burris. Thank you very much for joining us. Until next time. (upbeat music)

>> Live from Atlanta, Georgia, it's theCUBE! Covering Citrix Synergy Atlanta 2019! Brought to you by Citrix. >> Welcome back to theCUBE. Lisa Martin here with Keith Townsend, two days, wall-to-wall coverage of Citrix Synergy 2019. Keith and I have been geeking out for two full days now, and speaking of geeking out, I think its going to continue because Christian Reilly is here, back on theCUBE, the vice president and CTO of Citrix. Christian, welcome back! >> Thank you so much, it's been a while. >> It has! >> It really has. >> Well, we hope to make it fun. We have had, like I said, such great conversations with your executives, customers, analysts, everybody is so excited about this obvious pivot that Citrix is making towards the general user. You know, the power users being that 1 percent, and what you guys started off yesterday showing, resonates with everybody. I get it. I want my work day to be far more productive. I want apps and actions brought to me, so I can actually get down to the business of what I was hired to do. And we also are hearing over and over again, how employee experience is now elevated to a c-suite imperative, that is so critical because it directly affects the customer experience. >> Yeah, it's super exciting, isn't it? You know, it's great to watch it all come to life, because, you know, we've been working on this for a number of years behind the scenes and, you know, it's just so great to see all the effort that goes in come out on the big stage. And your right, I mean, we've been very calculated about the approach here. We do a lot of research in trying to understand these problems and these challenges. And, you know, quite frankly, customers are looking for more innovation from Citrix, looking for better ways to work, and, you know, I think we've got a very privileged position in being so important in customer application delivery over the decades that Citrix has been around. And so the, you know, the move, even though it seems like it's a quantum leap, is actually a really natural thing for us to go do, because we've won the trust over three decades of being, you know, the vendor to deliver mission critical apps so this is just an extension of that, but it's, yeah, it's super exciting. >> Yeah, so we've talked about that for the past couple of days. Citrix is a verb within IT. You know, "I'm going to Citrix into the application," or, "Is that on Citrix?" Or, "Is it Citrixed yet?" It is, we commonly understand what it means to be Citrix. But that's something that you guys have built over 30 years, and I think what's really interesting, Dana Gardner, we had him on earlier, he said Citrix is much too modest, there should be a Citrix inside for so many SaaS offerings, so that end-users in end-users understand that the foundational technology for this SaaS service, whether it's some payroll software, or some other third party healthcare solution, is being brought to you. The underlying application didn't have to be rewritten because of Citrix. I think we're at another foundational moment now. What you guys announced yesterday was foundational. I tweeted out as David was talking, saying, "You know what? Citrix is going to be the future of work." Like you know what? We'll follow doing automation. Citrix can't possibly be the- be the future of work. And he announced it, but, I want to try and get you- get this in one answer, hopefully, because it's big, you've been working on this for years, it shows, it's natural for Citrix to say that they're going to go to the next step of integrating different applications because you've been there already. What's the foundational technology? As, you know, when Frame back in 1995 was the foundational technology for virtual applications, what's the foundational capability that you're giving businesses today, that we're going to look back 20 years from now and say, "Obviously, that was the innovation"? >> Yeah, so that's a great question, I think there's a of couple things really, you know, We talked about it in the keynote extensively yesterday about the analytics piece. So, I wouldn't say that analytics is the only thing, but certainly when you think about the way we lined up the analytics conversation around security performance and then productivity. So that's the foundational element, and we're going to look back at that in a few years time and realize that we were very privileged to be in the path of user transactions, and the more you're in the path, the more transactions you get. The more transactions you get, the more source data you get. The more source data you get, the more you can feed the machine learning model, and the more accurate you can be about delivering the context of the workspace, so I think that's super important. The next bit, of course, would be the acquisition that we made of the Sapho technology back in November of 2018. And I think, you know, what you see there in the micros and the micro work flows, is really that big shift from the version 1 of the workspace, which was still very much about the traditional applications, traditional desktops, and then bringing together web and SaaS applications, but we sort of always knew that there was a bigger play, which was really to try and, as PJ talked about yesterday, how do we take work and break it down into atomic units? So we don't think about just the application, we think about the why. Why do people use applications? What is it that they do? And if you think about how that plays out with analytics, the more intelligence that we gather, the more intelligent we make the workspace. So I think with a couple of things, we'll look back at the Sapho acquisition as a key technology piece, but we'll look back at analytics as maybe the thing that helped to be the flywheel to deliver that intelligence within the workspace environment itself. >> And the power that that intelligence has to deliver a personalized experience to each user is huge. If we look at the consumerization and the expectations that we all bring to our business lives we want things to be smart enough to serve up just what I'm looking for. To make my life easier, so that the intelligence and the analytics has huge implications on being able to help companies use their applications better. If I'm having to go in and learn sales floors and try to talk glamor and all these things that as a marketer, I don't need to do, but if I could have technology that's under the covers- under the bonnet, is evaluating that and going to learn, "this is all that she needs to do for her role," how much happier am I going to be? How much more productive am I going to be? It's game-changing. >> Yeah, absolutely, and I think that the most important thing to remember about the whole of the the strategy around analytics, is it's constantly learning, so it's not like we just do it once. And if you think about where that goes along the term, you know, we're talking about, obviously, gathering user transaction data that I talked about. That will help us to generate the most valuable micro applications. But then if you think about that a little bit further on, you know, how do we actually then begin to get analytics on the micros themselves, and even begin to free up more productivity. So there's a continuum here that we see. You know, automation, as you mentioned, will be critical, you know, and if you think about what's happening and the industry in general. You know, robotic process information has skyrocketed to the game as organizations look to kind of do exactly what we're talking about, which is to free up the very scarce human capital to work on things that really matter, not on these mundane tasks. And you know, we talked to lots of customers about this, you know, the notion of how much application do you really use, and you know, it's been quite common, and one of the foundation- I guess foundational components that we talked about of why we did what we did was, we looked at enterprise applications that we were delivering through our traditional technologies, and they were really complex for some things that were really actually quite simple. And of course the Pareto thing holds true there that the 80% of people only want to get something out and 20% of people put something in. So that was obviously a key decision point for us to move ahead with, with the intelligent workspace, the micros that you saw. The other thing that's really interesting that we don't really talk about so much is that from a security perspective as well, being able to deliver just a part of the application actually minimizes the entire sort of attack surface, if you like. Whether that's for, you know, nefarious employees internally, or for true people who want to come in or sort of hack into your systems. The less that we can expose generally, then I think that's better overall. So there's actually some other upsides that we don't necessarily talk about in the context of intelligence, but when we talk to CIOs and we talk to the people in the business who really are interested in these technologies and these solutions, then we tend to expand the conversation a little bit into some things that we don't necessarily talk about all the time. >> Yeah, it's surprising how many questions you guys have answered for me today. I was at SAP, sapphire a couple weeks ago, and they were talking about X data, O data, X data being experienced data, and this is the output of digital transformation, and I was having a really tough time wrapping my head around the concept of X data. And I think this is hopefully something you could further along the discussion. When I think of just the access that Citrix has to this raw data, maybe the only other company that has more user data, or more access to user data, would be Microsoft via Windows. But Citrix presents SAP, which 80% of the world's transactions run through, is presented via Citrix a good majority of the time. Your CRM solutions and cloud-based options and sales forces presented again, through Citrix, so you're collecting a ton of data, as customers, you know, say, "okay, what's the account balance out of SAP, let me put it into this CRM solution and sales force". You're capturing that x data. How do you make sense of it? I think is the question, this is where the AI comes in. From a person looking at the process, and they come to Citrix and say, "Christian, you guys have the X data. Help us understand how that X data translates into business productivity. How do I personalize the experience for a individual use?" >> Yeah, absolutely, so I'll give you an example, you know, CTOs like to have a vision, right? So we'll talk a little about the vision. So I'll give you a relatively straight- forward example. So, we tend to see used cases around reviews and approvals and those kinds of things, whether it's expense reports or PTO requests, all the things that we've typically shown in the keynotes and the various demos that we've done as we've grown the solution. So here is what we kind of think about, so let's say, for example, that you have an employee. That employee submits expense reports on a fairly frequent basis and they tend to submit them for under $500. You may get to the point where you say, "actually, why do I keep approving these, because my level of trust with the employee is high, the dollar values of the individual reports is relatively low". So why would the system not just handle that and automatically approve them, until something was an anomaly. So if one came in that was $750, $1000, then I would get an alert. So I think when you talk about the X data, absolutely. The interaction with the X data is really where we see the value from the Citrix perspective, because we can learn how you actually deal with those notifications and those actions. So if there's an example of a micro application which gives you an expense report from let's say SAP Concur, and you never actually open it, you just click the approve button, then is there a real reason for you to continue to see the opportunity to open it? Because, you know, as I've said, the level of trust is high, the dollar value is low, and I could get productivity back that way, by actually looking at it from a sort of, "why should I actually approve this in the traditional way? I'll let the system take care of it until there's something that exceeds the threshold that I've learned that you're comfortable with". >> What- oh, sorry Keith, I was going to say, on that front though, where are enterprise companies in terms of letting that control go to the intelligence in the system? I mean how many times have we all submitted expense reports and maybe some of us like me go to Starbucks twice on the same day, hey, it happens, and you get rejection because it's the exact same dollar amount, and it's wasting all these cycles. But where is the appetite and maybe the trust from some of those larger organizations that culturally say somebody in procurement or finance has to click on every single funding and evaluate every single line item? >> Yeah, so I think the, sort of the beauty of what we've built here, certainly with what you saw yesterday and what we've been talking about at the show here. We're not actually changing any existing business rules or business work flow and gen components, right? So I think that's a really interesting point for us to bring up and to make sure that everybody understands, you know, right now, in the version that we're talking about for release later this year, you know, we're actually honoring most of the business rules and the work flows that are in the system of records. So that could be, you know, the HR system, the finance system, all the ERP system or whatever. So you know, I think when audit perspective, then we're good from that perspective, because you know, when we actually submit things back into the system of record from the micro apps, we're doing it on behalf of the user. So the transactions are still valid as if they were coming from the native experience. So I think that's great that we don't mess with any of that, because I think the higher, you know, we kind of make the hurdles for people to adopt by, and then, you know, whether it's cultural or whether it's regulatory, that obviously, you know, there's a downside to that. So, I think that's a good sort of first pass for us. I would suspect that as we go through this a little bit later though, there's going to be some potentially interesting questions that come up about, certainly of highly regulated environments about, you know, the legality of a robot, or digital assistant, or some kind of, you know, ancillary system being able to submit and do things on your behalf. So, you know, that's- this is not a GDPR thing by the way, or anything of that nature, it's more a, you know, if something was to happen in the system that wasn't intended, who's responsible? Is it the robot or is it the individual that's allowed the robot to work on their behalf? So I think there will be some interesting questions that come up along those lines, but I think, you know, in the v1 we're honoring the business rules, we're honoring the business logic and the work flow. And so, you know, I'm expecting that most customers will look at this and say, "yeah, I kind of get it," and you know, it's more valuable than it is a problem. That's certainly the goal. >> So let's talk about scale of this new foundational capability. Like I can easily see this working inside of your existing set of VDI products. You have visibility into the analytic data, but at some point, you're going to have enough data that the VDI isn't needed to create these work flows and these solutions. I can see this actually freeing up desktops for some employees where the only reason why they ever needed a desktop because they had to go on to Concur or the time management solution. If I do 40 hours every week for 52 weeks, I don't need to log into a portal to do that. How tied to your existing set of products is this capability? Is this something that, from a total addressable market that you- whether it's a mobile app or mobile first app that you guys can ingest this type of capability into? >> Yeah, so you know, as you know well, Kieth, we've been talking about the death of the PC in the industry for a decade, right? And it's- the reality is that most customers have an application portfolio that's heavily reliant on Windows. Now, having said that, there are obviously cases- and we look at sort of, some of the, what we call the customer jobs to be done, okay? Which is a Harvard business thing that came from Clayton Christianson. And it's a really interesting way of making sure that the innovations that we bring are actually addressing things that customers need to get done within their own environments. So if you take a used case, let's say it was a field technician. So you're going out, you're going to fix a faulty gas meter, or you're going to go out and perform some kind of maintenance work. It's highly likely that you're going to use a mobile device. And so, what we showed yesterday with the mobile version of the intelligent experience, what we show with the work space assistant, absolutely. I see used cases where we can give them instant productivity. So you know to pull and to push data into the systems of record, where the underlying operating system on the mobile device is kind of academic. But there will certainly be used cases where VDI or physical Windows desktops will be around for a very long time. So I think the value that we have is making sure that all those user transactions go through the workspace one way or another, so that helps us with the analytics piece. But I think I'll look a little bit further out, you know, again, we showed some demos of it yesterday, in one of the CTO breakout sessions that we had. The real ultimate goal is to think about the work space overall as more of an experience that will evolve. It's not necessarily an app, an app is one way to consume it, but we want to build a platform that can consume and be consumed by other things. So whether that's Microsoft teams that we showed yesterday, whether that becomes slack, Facebook for work, or whether it's an integrated voice assistant within, you know, an Apple device, or a Microsoft device, or a Google device, or a Samsung device. See, the value of that from a choice perspective is that we really then don't demand what the customers use, and ultimately their end use. So I think when we get a little bit further along in the thinking on the platform itself, it opens up endless possibilities to interact with the information you need. And it's not predicated upon any operating system because hopefully we can be ubiquitous. >> So, Citrix has over 400,000 customers worldwide. I think I read 98-99% of the Fortune 500, the Fortune 100, intelligence experience goes generally available later on this year, there's some customers in beta. What are you looking forward to as 2019 continues, coming off the high that is Citrix Synergy 2019? >> Well, you know, so like I said at the start here, I've been working on this thing with, frankly, the brilliant team we have here at Citrix for just about three years, so I wouldn't say it was quite stealth, but we've gone through these kind of programmatic changes internally. I'm looking for- I'm most looking forward to when customers understand the power of what we're going to give them with the builder. So the builder, again, is something we showed yesterday, but, you know, you think about the approach that we have is that we're going to, obviously, help customers to get productive and to get going with the intelligent experience by creating these out with the box micro apps and micro work flows for many of the most popular SaaS applications. The real big thing I'm looking forward to is when people can actually take the builder that we've developed and give it to their line of business people and say, "hey, you can create as many micro apps as you think are necessary within the constructs of your business process to enable your people". So that, to me, is kind of like, going to be the ultimate wow, when people say, "actually, I can give this to a person who is capable of creating a Pivot Table in Microsoft Excel," as an example. And they can then actually use the technologies that we provide to create the micros and micro work flows for their own part of the business without the help of traditional development. I think that's going to be huge and I can't wait until we've got, you know, the first examples of people who have said, "hey, you've made my life easier, I can't work without Citrix". >> While businesses can be built on that, the new Excel uh, Citrix builder, the new Excel. >> I hope so, I hope so. >> Well, we'll all be excited to- and be watching with close eyes. Christian, thank you for joining Kieth and me on theCUBE, but Synergy 2019! >> Thank you so much. >> Our pleasure. For Kieth Townsend, I'm Lisa Martin. You're watching theCUBE live from Citrix Synergy 2019. Thanks for watching! (electronic music)

>> Speaker: From the SiliconANGLE Media Office in Boston, Massachusetts, it's TheCube. Now, here's your host, Stu Miniman. >> I'm Stu Miniman, and this is a special Cube conversation here in our Boston area studio. Happy to welcome to the program Bobby Allen, who's the chief technology officer and chief evangelist at CloudGenera. Bobby thanks so much for joining us. >> Thank you Stu, thanks for having us. >> Alright so Bobby we had a great conversation with your CEO Brian Kelly talking about CloudGenera, helping customers if, in my own words I'll say, there's this great mess of the cloud and service providers and data centers and things are changing all the time. And here's a great tool to help people understand this. Now, I've had people asking me for years, it's like "Hey, I've got my app, "or I'm building a new app, where do I do this?" And I've always said well, there are certain things that are really easy. If it's going to be up for a really short period of time, and it's something there, it's like you're not going to spend the time to rack and stack and build and do this. hey, Cloud was great for that. And on the other end of the spectrum now, the public clouds might disagree, but if I have something that's just like it's going to be cooking along and it's not changing and it's there, the rent versus buy analogy once again goes towards kind of doing it in a hosted or my own data center. But there's a whole lot of stuff in the middle, That is, well, it depends. There's there's this uncertainty in the world and that's where you live, so bring us in a little bit as to some of the thinking as to how CloudGenera helps and where let's get into it. >> That's a great question Stu. So, we feel like the market is actually changed, in the sense that information is coming faster and faster, there's more and more information that people are inundated and honestly overwhelmed by. And so when people ask us for more information, we typically tell them you don't need more information in our opinion, you really want to move from information to clarity to insight, "What should I actually do?" And so to go back to the real estate analogy you talked about, I think people think of cloud as a house. Cloud is at least a neighborhood if not a state, and you need to figure out where should I live within that state or that neighborhood. So, let's take AWS for example. AWS is a vendor that has many, many, many services, but also different flavors of how you can run things. So before people would look at CloudGenera as a company that can compare different execution venues. Do I want to run this in Amazon or Azure or Google? Still we increasingly get people that want to understand which flavor of Amazon should I do? Do I do the multi-tenant, do I do the dedicated, do I do the VMware cloud on AWS? And those are all valid choices for us. And so for us, we don't really care where a customer wants to evaluate. Let's define what you need and map that to the relevant or interesting options in the marketplace, and then take the guesswork out of it so you have some data-driven decision making. >> Yeah, I love that because I have been covering Amazon for many years, and boy I go to the show and it was like "Alright, I thought I got my arms around Aurora and now there's the serverless based Aurora, and there's 17 different database options inside of Amazon so, oh boy," and then, right. Let's not even talk about all the compute instances. I think it's more complicated to pick a compute instance in the public cloud than it is if I was going to put something in my own rack these days. >> Bobby: Yes, yes it is. >> So, but that being said I want to for a second before we talk about the public cloud, talk to your viewpoint, how are you helping customers in kind of the service provider to data center world. And because that's a complicated and very I have to say fragmented space. >> It is. >> How does CloudGenera help there? >> So CloudGenera deals with the consumers, so ones who actually want to benefit from the technology themselves, but also from the service provider side. So if you're Joe's Cloud Shack, or regional cloud provider or Vmware service provider, anyone who is offering technology services, you may want to know number one, how do you compare with the large hyperscale providers, and then number two, how can you showcase your valued proposition next to those. So maybe Amazon and Azure and Google are on the top of peoples' minds, but how do your services compare to those? So in our platform you can actually show a Joe's Cloud Shack next to an Amazon next to something like a Synergy or SimpliVity. So options inside and outside the data center that you thought about and then ones that you didn't can all be kind of presented in a fair way, so you take the guesswork out of how they compare to each other. >> Yeah, it's interesting. One of the big raging debates we've had out there is, "Oh I wish I had a cloud concierge." And it's like well, it's not a utility, and therefore, I could stand up something in my data center or I could put a Paz in my environment or there's so many layers in the stack and so much nuance that it's the paradox of choice I think that most people have. So, maybe walk us through a customer. When do they tend to come to you, what are some of those patterns, and what are the things that really help get accelerated when they use a platform like yours? >> So, some of the things that people think about are they have workloads that they want to move maybe they want to exit a data center, or what really happens commonly is there's a new leader in town. New CIO comes in, "We're going to have a cloud-first strategy." And we're not opposed to that. The biggest principle for us is do you understand why you're doing, and whether this is the right time, the when? Because if you don't do the right thing at the right time for the right reason there's a hole in your strategy. And so what we look at is, okay what is it that you're trying to move or change or transform, What are the things that are interesting to you or strategic, and then let's look at putting those things together. Now when you define what you need, you shouldn't define what you need in terms of where you're going, right. I don't decide my venue based on the airline I want to get on, I decide I need to be in Vegas for this conference at this time, and then I see the airline that can get me there on time for the best price, hopefully. And we take that same approach when it comes to helping customers. Let's talk about what you need in a vendor agnostic way that's divorced from the options in the market. Because your needs are not impacted by Amazon or Azure or HPE or Dell. And so then, after we define your expectations and your requirements let's map those to the things that you're curious about, or that your leadership says are strategic, and then let's make sure that we understand what we call the concept of logical equivalence. The spirit of your requirement may be called x in one provider and y in a different one, are they really the same as a tomato to-mah-to, or are they really two different types of, excuse me, services or entities altogether? So let's, let's evaluate then, how well your needs are met by these different vendors. Is it just a semantics issue or are these really two different things? Yes, they're both different types of block storage but the requirements are different. The latency is different, the redundancy is different, the pricing is certainly different. How close are these things to meeting the spirit of what you asked for? And the other parts too that I'll just offer that we see a lot is people are concerned overly about cost. How much does it cost? And we feel like the problem is not a problem of cost, it's a problem of value. People go to look for cost calculators but really what they need are value calculators, right? I take a Porsche and an F-150. An F-150 is a bigger vehicle but the Porsche is more expensive for a reason. There's a different experience than just space. And so the reality is people don't mind paying more if they know what they're paying for. Transparency is really the key. >> On that cost piece though, how much of the total equation do you look at? So I think about, my data center there's everything like the power, space, and all those pieces, if I go to a service provider, if it's my stuff, if I still have to manage it, versus some of the operational expenses. How much of kind of the, I hate to say total cost, but how much of that spread do you look at? >> We try to be pretty comprehensive, Stu. So, if you go to a public provider for example you're not paying for power but you're paying for a certainly hourly charge typically on an (mumbling) basis that accommodates a lot of the things that I'll say are platform or hypervisor and below. Now where I think a lot of the other people that are in this space maybe fall short, and our opinion is that they don't look at things above the hypervisor. If I move a workload to an AWS, they may have some great services I can take advantage of. The labor and the licensing and the other considerations that we consider to be carryover costs are things that I still need to accommodate. If I put a workload in Amazon, someone still needs to patch the OS, maybe manage the database, maybe audit security. Those are things that have labor and licensing and software considerations that we try to look at. So we try to be as comprehensive as possible, but we also look at SLA, we also look at security, so you may need to bring another manage services or consulting or software packages to fill those other gaps, so we try to be as holistic and comprehensive as possible. >> What other kind of patterns and data do you bring for CloudGenera? So thinking things either from a vertical standpoint or kind of size of company. I just think there's been certain movements in virtualization and containers and the like where there's been kind of that data and how do I understand what's going to make sense for me, so. Does CloudGenera get into any of that? >> We do get into some of that. So we try again not to force anything down someone's throat. We try to look at where you are, but also understand that there are some patterns. So for example, when we talk about different industry verticals it's very aligned to security and compliance for example. So we know that there are certain providers that are interesting but not ready for primetime because they don't have HIPAA, high tech, high trust, things that are typically relevant for the healthcare industry, so we're very quickly able to say this is something that may not be right for you just yet. Or if you have certain regional concerns, maybe you're looking at GDPR in Europe, you're looking at IRAP in Australia, we can, again, typically guide them to, this provider has some very interesting services but they don't have the security or the SLA that you need. So we try to do that to kind of whittle it down. The other thing that we're seeing though, Stu, is that honestly, many enterprises are biting off more than they can chew. They try to do too much at once, and so some of the things that we talked about, even off camera, is I would ask the question "Does the industry have a POT problem? "Are we trying to do too much at once?" And when I say POT I'm using that to represent the acronym of, to me, three pieces that we need to break this down to. Number one is parity, number two is optimization, and then number three is transformation. Many enterprises in our opinion are trying to eat an elephant with a spoon. They have no idea how to get there and they really don't understand what is too much in terms of the cost, and so when they're evaluating how much they can handle, how much change is too much, in terms of people, process, and technology, the thing to us is, what does parity look like? And that may mean a lift and shift in some cases, it may not, but you at least have to define what success looks like if you take what you're doing in your data center and move that somewhere else. But then, the middle ground is optimization. How do I take the spirit of what I'm doing, move it to that venue and then kind of clean it up or optimize it a little bit, and then once I'm there and I can evaluate the unintended consequences of change, what are the things that I didn't think about? The impacts to my people, the retraining, the other software package I need to put in place for monitoring and management, and so forth. Once I have a handle on that, then I can finally move from optimization to transformation, but that's not, that's not glamorous. That's not interesting. People don't want to talk about that. They want to go whole hog and change everything all at once and we get into trouble doing that. >> Bobby you've given me flashbacks. I worked in the storage industry for a decade, and migrations, you still kind of wake up in the middle of the night, screaming a little bit because it's always challenging, there's always all of those things to work through. You think you've gone through all of your checklists and then, oh wait, something didn't work. Database migrations, big discussion going on there. From Wikibon David Floyer has just been like, it's so many horror stories. People get there but it's, if you don't have to, maybe you don't want to, but there's so many reasons why you want to, so, I guess I want to highlight, we're not telling people not to change, and moving faster and getting on board, some modernization's a good thing, everywhere. You've got a virtualization environment, there's lots you can do today that we couldn't do two or four years ago. So, how do we get over this POT problem then? >> I think part of it is, so again going back to the moving analogy, if I'm going to move, Stu, it would be foolish for me to move without getting an estimate. And there are times when an estimate should be able to come in my house and tell me "It's actually better for you to sell that piano "than to try to move it, 'cause it's not worth it." I would want someone, if I were CIO in an enterprise today, to tell me, "Don't waste your time focusing on this, "this is really where you need to focus your time "because this is going to be the Pareto principle "that saves you the time and the money." The reality is bringing someone who's benefited from the land mines and the pitfalls, so in our opinion, bringing whether that's an SI, consultancy, a data service company like CloudGenera that's benefited from a lot of the things we've seen in the industry, don't hit things on your own that other people have stumbled on, right? Benefit from others' mistakes to allow you to take a look at the whole thing. So the challenge that I think we're having, Stu, is that we're proficient in talking about these things, there aren't enough use cases in terms of mature of cloud transformations to really look back at anecdotal data this comprehensive. We're still figuring a lot of this stuff out, and I know people don't want to hear that, but that's my opinion. >> So, Bobby, is there some place when I'm filling out these forms that I put in here's the skill set my team has, and a little alarm goes off and says, "Hey, time to do some retraining, some reskilling, "maybe bringing on some new people "to handle some of these new areas." How do you handle that side of it? >> I think part of it is honestly, and this may sound a little trite, I think people that are willing to raise their hand and say that we need some help or that "We don't have this all figured out," or that "There are some things that we need to bring in "a little bit of help to help us get that estimate "before we look to move everything," that's really the skill set you want to have. People that are not saying, "I'm the (mumbles) "juggernaut of everything cloud," because those people don't exist yet in my opinion. There are people that have pockets of expertise in things that they have really deep knowledge about, but we need to mix that with, I think, a healthy appreciation for the fact that there's still a lot of things that we're learning about together. The other part of that, Stu, is it's a community and it's a network. You may know storage migrations, I may know database migrations, let's put our heads together about how we can work together as an enterprise and make sure that we minimize impact to the users, because at the end of the day, that's really the challenge, is not to do a cool project, it's to deliver value to the business, and that's what I think we're loosing sight of with all this cool technology sometimes. >> Alright, so Bobby you've got over a thousand people using the tool. What are some of the big areas that people are like, "Oh wow, this is the stuff that's saving me "either lots of time, lots of money, saving my business, "and heck if I'm running the show, keeps my job"? >> I think storage is a big one. So people are oftentimes unaware that there are so many different ways that you can run storage in a given provider. So Amazon for example has four to six different ways you can just run block storage in their particular multi-tenant cloud, and people aren't aware of that. So there's a case that we did for a major bank. We showed them that a terabyte of storage in Amazon can run from 300 dollars up to 26 thousand dollars depending on the level or performance that you want to hit. Egress is another one, so what does the network behavior look like in those applications? Because people often will estimate the resources but not the traffic. What are the estimates to have a level of parity around security. So I don't have HIPAA compliance or SOP compliance in this particular provider. What is it going to take me to get to that level of parity that I need to have, because if I save money, Stu, but I have to spend all that on my lawyer because my data got accessed, then I've still got a problem, I've just kind of moved that down the road. So lots of things out there that I believe we're hiding in plain sight. Again, information is out there that we just don't have the filters to find. What I would say is a lot of people think that cloud is a commodity, we're not there yet. There're providers to this day, I can't give any names to protect the innocent, but the same service is literally triple in one provider what it costs in another one for almost exactly the same service. And there're examples like that that have been out there for years, we just can't see them. >> So, Bobby, last question, if somebody wanted to get started with CloudGenera, is there like a trial version, or how would somebody get involved? >> Yeah, so a couple things that are really interesting. So there's a try now button on our website that lets you kind of answer a few questions and actually get a sample mini-assessment, download a sample report, and actually see the type of analysis that we provide, number one. Number two, CloudGenera is a software company but also a services company. If you want to purchase the software, great, and we actually have trials that we can set up for you to do that. We also do what we call proofs of value. If you want to engage our team to come in and do five to ten applications to see how those might look with our analysis, and then they go at scale and look at your whole CMDB. We want to make sure we're meeting the needs of the business and not trying to boil the ocean if they're not ready for that yet. >> Bobby Allen, CTO and chief evangelist to CloudGenerate, thanks so much for joining me. So much happening in the cloud world. Be sure to check out thecube.net for all of our coverage, as well as wikibon.com for all the research. Thanks for watching theCUBE, I'm Stu Miniman.