(Upbeat Music) >> Announcer: Live from Los Angeles, it's theCUBE, covering Open Source Summit, North America, 2017, brought to you by the Linux Foundation and The Red Hat. >> Hey, welcome back everyone, live here in Los Angeles, California for theCUBE's exclusive coverage of Open Source Summit in North America. I'm John Furrrier, with my co-star Stu Miniman, Our next guest is Patrick Chanezan, who is a member of the technical docker, also on the governing board of the Cloud Native Compute Foundation, also known as CNCF, which is the hottest part of the open-source community right now. It's very fast, we're very trendy, a lot of people are on the bandwagon, a lot of contribution going on. Welcome back to theCUBE. Great to see you. >> Hey, thanks, John and Stu, it's very good to be back on theCUBE. >> Docker's been just a great company to follow since the beginning, the birth of Docker to the transformation from Dark Cloud to Docker. It's just a great team. We have a lot of respect for you guys. Congratulations. But the CNCF right now is the hottest thing, there's more platinum sponsors than I think maybe members. It seems to be very hot. Industry loves it, developer is going crazy about it, why is CNCF so hot? What's your perspective on that? >> What we're seeing right now is really the realization of adoption of containers, we talked about it two years ago. It was very early, and people were starting to use Docker and just covering containers. Today they're really putting them into production, and what we see at Docker with our customer base is that they are using it more and more to modernize traditional applications. So we see tremendous use of containers everywhere in enterprises, and the rise of CNCF is tied to that, I think. We're seeing more and more developers joining the bandwagon, more and more systems being built based on containers. And at Docker, we're playing a big role into that. >> Patrick, for a couple years, the chant was Docker, Docker, Docker, and sometimes people say, "Cubernetti's is where the hotness is." Well underneath that, there's containers. And a lot of those containers, Docker's involved there. Maybe you can help us understand the nuance a little bit as the Cubernetti's wave has grown, sure there was the Mezos, Docker Swarm, Cubernetti's war, if you will there, but what does this mean for Docker? What are you seeing from your customers? Give us the update on Docker itself. We'll probably need to get into the Mobi stuff, too, as we get into the interview. >> Sure, definitely. That's a big question, so let's start with the beginning. When enterprises adopt containers, what happens is that usually it starts with the wrappers who are adopting containers with Docker. So they download Docker for their Windows machine, or for their Mac, or on Linux, they start modernizing their applications. What we see is more and more enterprising wrappers, modernizing existing applications by Dockerizing them, and then the next step is that they want to put that into production. For that, you need the whole system. So at Docker, we have two systems. We have Docker C and Docker E, our enterprise version that has role-based controlled sequencing and all that good stuff. There are lots of different components that you need in order to have a production container system, and so Cuberneris, the orchestration engine is one piece of that. At Docker, we have swarm kits. But there are lots of other different components and lots of different layers to that system. So you have the infrastructure layer that you are using to deploy that inside the firewall or in different cloud providers. Many different solutions there. At Docker, we have one that's called infrakit, that we're using in our additions, to deploy it everywhere. Then on top of that, you need some version of Linux. At Docker Con in April, we released a project called Linuxkit, which helps you do that. On top of that, you need a container run-time. Traditionally, it's been Docker. Right now, we re-factored the Docker codebase to extract a core run-time component that's called container G, which we donated to CNCF. Container G is nearing one or better, so it would be one of them pretty soon. Then, on top of that, you need an orchestration engine. Docker E comes with its own orchestration based on swarm, Cuberneris is another orchestration engine that people like. Cuberneris, behind the scenes, is using Docker, and right now we are working very closely with theCUBE rneris community to implement CRI container G. So CRI is the container run-time interface in Cuberneris that lets you plug in different engines to plug container G in the place of Docker in there. >> Stu: There's a lot of pieces in here. We had too many interviews yesterday talking about the Open Container Initiative, or OCI, which really made sure we've got the 1.0 version of that done. What container format, seems like we're in agreement. We're not fighting over that kind of piece anymore. From the Cubernetti's community, I heard loud and clear, they're like, we've got container D. We've kind of got what we want. We're happy it's open-sourced. We're going. We were at Docker Con when you annouced Mobi, which is kind of open-source, and it felt like we were still trying to figure out all those pieces. Give us the update as to Mobi, you're talking at the open source show, you talk a little bit about CE and EE being the productized versions, but part of it is what we used to think of as Docker is now Mobi, and the company Docker versus the project. You kind of teased those apart a little bit, right? >> Yes. Exactly. And actually, that's what I came here at the Open Summit to talk about, to give people an update on the Mobi project. So what we announced back in April was the launch of the Mobi project, which is the end of a two year re-factoring of the Docker codebase into different components. So all these components on the stack that I told you about, we just tease them out from the Docker codebase so that it's a modular set of components that you can assemble together. Mobi is three things. It's an open source project where people can collaborate in container-based systems. It's also a tool that we're using to assemble our components into Mobi Corp, which is the upstream of Docker products. Then it's also a set of lots of components, like container G, Linux, Infrakit, Notary, and all the projects I talked about. One other thing we've started doing since April as well is we started proposing to donate some of these container projects to CNCF. So container G is already part of CNCF now. Recently, this summer, we proposed Infrakit, and they think it's a little bit too early for donation, because they want to see other, different projects in there. Right now we're in the process of donating and proposing Notary, so there's an active discussion in there, and I hope that the vote will happen probably next week or something like that. So Notary is the component that we're using for Docker, and we think that this could be used in lots of different Cloud Native systems, so it really has its place in the CNCF. >> So identity component for the container management, or what specifically is that going to address? >> So Notary is the piece that we're using in Docker Con Contrast to make sure that you can trust the images that you've built. A signed signature should be able to revoke all the signatures, all the kind of features that our customers love in Docker E. >> John: It's kind of like Stu and me on Twitter, he's verified, I'm not. But this is important, because now, this is a stamp of approval, if you will, that the community can look to. >> Yeah, definitely. So it's something that we implement in Docker, and now people building other containment systems who will be able to use it. And so Mobi saw a lot of traction for its different projects, some of them are going to CNCF, some of them are growing by themselves. On the Docker side, we made some progress prioritizing all that with Docker C and Docker E. We had a 1706 launch of Docker E recently, with lots of new role-based axis control, controls for enterprises, who are adopting it essentially to modernize their traditional apps. >> Take us through a kind of personal question. You were just at a board meeting with the CNCF. Did everyone show up or are people calling in? >> I think Alexi Richardson was the only one, maybe two people on the phone. >> John: Was Sam Redjay there? >> Sam was not there either, but Epona was standing for him. So the room was full, and to me it's really an impressive achievement, two years after we helped start the CNCF. The first meetings were 10, 15 people at Google deciding to create this foundation, and today, maybe we're twenty or thirty people around the table. An\d everybody-- >> Even before that Google meeting, we were covering theCUBE Con Cubernettis' movement early on from your event. So I think, out of Docker Con and some of the Linux Foundation events, the early momentum, we were there, Stu. Then it became the CNCF, and they decided, hey, let's get the Cloud Native Foundation. So it's interesting to me, seeing the growth from the beginning. And it's unique to have that opportunity to be in the front lines of an organically developing group. It wasn't really build the table and come, this was a realization. >> It was a realization and also a concerted effort to build something together to show customers where the containment systems were going in terms of architecture-- >> What were the factors beside, I mean Docker was big driver. Notably, you should get the credit for pioneering the space. But what were the drivers for this coalescing, this call to arms, if you will, or this organic formation of CNCF. What were the key drivers in your mind. Obviously, containers is one. What are the other ones? >> Yeah, to me, containers is a big one, because when you are starting to design your system with containers in mind, you need to change lots of things, how you're building them and things like that. And how you are architecting things together. There were lots of questions about how you do the balancing in that kind of system, how do you do monitoring, how do you do tracing. The CNCF was assembled so that all these components have a place where we can show our inter-repairability between them. So Docker is part of that, Mezos is part of that, as well as Cuberneris. There's a big inter-repairability work that's happening in there. We had a report in the board meeting today about the new CI Initiative that tests different CNCF projects together. >> John: What CI? >> Sorry, continuous integration. >> John: Got it, yeah. >> So there's the continuous integration-- >> John: Not conversion infrastructure. >> Oh, you're right, yeah. >> We always get acronym-ed up. But Chris Anazik was talking yesterday about the graduation path, still waiting to see something graduate from the process. What's going to graduate first? Any bets, what's the betting, what betting is going on? Do you guys actually make bets? Is there a fantasy drafting going on? >> I don't think that really matters, what matters is really adoption of the components. >> Okay, so what's happening on the graduation scale? What's coming out of the woodworks? What's next? What's going to graduate first? >> So one thing I'm curious about is whether Container G will graduate, because it's kind of mature now, it's reaching 1-0 with the CRI and soon integration in Docker, it may be a good candidate for graduation. For the others, I don't know which ones would be first into the graduation process. >> Well, we know it's a high bar, for sure. >> Patrick, the stuff that's getting mature. What about some of the roadmap there? From Docker and CNCF, something like serverless containers, first generation, are going to be important. We had too many interviews this week talking about, today, many of the containers we'll see in the future where serverless and open Faz and things like that go. So how does that all fit in? Can you give us a Docker and a CNCF view on that? >> Let's talk about the CNCF view first. CNCF is working on lots of different areas where there needs to be more definition about what Cloud Native means for storage, for example, with the CSI Initiative, container storage interface, CNI, container networking interface, and then there's the working group for CI, which is about integrating all these projects together, but the working group I'm most interested in is the serverless one. So we have a Docker rep at the serverless working group, and there we're trying to define what a portable, serverless stack looks like. And at Docker, we're naturally interested in this -- >> Of course, Serverless is a beautiful thing. >> Most of these projects are running on top of Docker, so open Faz for people-- >> I got to ask you, Patrick, because we love serverless, I have a love/hate relationship with the word serverless because technically it's a beautiful thing, but there's servers involved. I'm an old-school, so I kind of look at it differently. The younger generation, they want infrastructure as code. This is a clear obvious thing. It was once a dream, but now it's become a reality. What's your position on that? Where is it on the progress bar? How close are we to serverless? >> I'd say there's an initial adoption of serverless on one of the few stacks that exist out there today. So you have the hosted services, the Faz services, from Amazon, Microsoft, and Google, where I'm more interested, and I think customers are kind of looking for that, is a portable way of doing that. For example, in studying that on top of Docker platforms, so that's what projects like Open Faz is doing. Right now, I think we're really in the stage of discussions with CNCF of what a portable service layer would look like so that you could focus on your code, but be able to deploy on Prim, on top of Docker, or in different cloud providers. So that portability aspect to me is very important there. And I think it's important for customers as well. To me, also, I'm an old timer as well, I used to pitch a platform as a service at the beginning of it, Google App Engine, many years ago. To me, it's kind of a feeling of deja vu. We're kind of re-inventing that, but with containers and in a much more portable way. >> The beautiful thing about being an old-timer is we get to look back and, not so much to the young kids, get off my lawn, we had to walk to school with bare feet in the snow, build our own libraries. I was just talking to Eilene, she's like, "Oh, my low-level class was C and my high-level class was Python." I'm like, "Our low-level class was machine code "and high-level wasn't even C yet." >> Yesterday, at the party, I was discussing with one of the IBM engineers, who's working on Linux and containers on mainframe, and we were talking about GCL, and that's the type of feeling that we got. Like we're getting higher up in the stack, and I think for modern developers, it really helped them-- >> It's a beautiful thing right now. Just think about the young guns that are coming up. This is a beautiful library of options now. 90% of the code is leverage-able. That's like unbelievable. So it really allows the creativity of the developer to be a lot more about structural engineering code-base rather than just being very creative on the 10-20% of real intellectual property that they can bring to the table. >> I would add something, it's really about creating value, as opposed to building infrastructure. When we're getting up the stack, and serverless is an example of that, it's really about creating value for enterprises, and that's what these wrappers are about. >> When you start dreaming in code, you know you're doing good. Patrick, thanks so much for coming on theCUBE, and congratulations on all the success with CNCF, and certainty Docker. You guys continue to impress and do a great job. I know there's some changes over there we're looking for, some of the cool stuff graduating out of CNCF, more Docker container goodness from you guys. Thanks for coming on theCUBE. We appreciate it. I'm John Furrier, we're live in Los Angeles, California, for the Open Source Summit North America coverage with theCUBE. I'm John Furrier, Stu Miniman back with more after this short break.

from the noise it's the cube covering vmworld 2015 brought to you by VM world and its ecosystem sponsors now your host Stu minimun and Brian Grace Lee Patrick Shanna's on for a member of the technical staff for dr. Patrick saw you at the end of our spring tour and now you're here at the you know picking up the fall tour so thank you for joining us again hey thanks for having me alright so I mean last year you know containers with VMware I mean was a big discussion we kind of all had that you've got some background with Microsoft right and VMware yeah and VMware so you know there was kind of a joke of you know oh the old Microsoft you know extend embrace and we'll see how we go from there but you know it's been a year later so can you give us a little bit of the update of kind of you know how docker in VMware how do you guys see each other I could evm where is a great partner you so the announcement this morning VMware embrace containers so I'm super excited to be here some of the announcements that were made this morning is now this year is a control plane for containers there's this notion of native containers in this year one of the things that excites me the most is their project bonville that they talked about this morning it's actually been made by one of my friends on the ex-colleagues banchory and what they're doing in there that they are implemented the back end for the darker engine in terms of these fear primitives so when you're creating images it creates a set of vmdk layers and when you're creating when you want to create a container the isolation primitives are the ones of VMS as opposed to linux containers all right so that's a very good way of running container yes sir patrick last time we're in the cube you did a great job of helping us you know kind of walk the stack I don't know if you saw we actually did a research piece kind of layering the whole stack so here the announcement you mentioned this morning is the vSphere integrated containers and they've got photon and they've got Bonneville on and let me ask you am I looking at this right that we're VMware I mean VMware very much down at the infrastructure level yeah so when they build that photon layer you know whether they call it just enough virtualization as Kate kolbert said this morning when I heard him speak um but dr. sits on top of that am I getting that right yeah it's exactly right and actually one of my reasons for joining VMware I think four years ago was for them to go up stack and at that time it was with cloud foundry and I would argue that maybe with cloud foundry we were a little bit too much up stack compared to my vm worries at the bottom when I present the whole stack usually I talk about like the new hardware the new hardware today is your cloud provider it's a Amazon Microsoft Google and then the virtualization with VMware so that's the new hardware and that's where vmware is very strong so they manage networking storage and compute on top of that you have the OS layer and what really got me interested into moving to darker is that the whole landscape just changed when containers appear two years ago and the whole industry is reorganizing around that so what happened at the OS layer that all the OS providers starting with chorus initially who studied that friend started doing minimal release of their OS that are just designed to run containers so coral I started that trend but then very quickly read had followed with project atomic and then we went to with winter core the most interesting to me is Ranchero s where they run docker for everything so they have two darker system darker and userland occur and then VMware came out with photon I think twas last June or something like that and today I think they have a preview to of that coming out on top of that you have ducker so the rocker engine running and on top of the darker engine you have orchestration platforms and these are the ones that are replacing what used to be past platform as a service and when I was at Google I was doing google appengine at vmware i was doing cloud foundry now you see cloud foundry reinventing itself as a control plane for containers and so one of the announcement that excited me most in the keynote this morning is that now Cloud Foundry is running with photon they have an integrated distribution so finally vmware is going up stack with its own stack like vSphere at the bottom then on top of that you have photon and then on top of that you have cloud foundry yeah so really exciting times yeah I think for me one of the things that I always hear that feels like it's confusing or off the markets a lot of people want to kind of get into this containers replaces VMs or VMs versus container debate and as if they're both sort of infrastructure layer which if you think about them is something that holds that I could see you make the mistake but but Dockers is something that developers love they love to package their applications they love this idea of right on my laptop push it somewhere do you find that confusion a lot in the marketplace I mean oh yeah I find that a lot and I think it's tied to the rise of DevOps it really in the past five years the this new movement called DevOps like really took off and DevOps is a lot about people and processes a little bit about products as well and I think when docker appeared it was the right level of abstraction for DevOps to happen like the right packaging construct where developers can put all their dependencies in a container and then ups have all the right knobs to tweak for putting that in production but it's the same thing that you put in production that you have on your developer machine so to me a lot of the confusion assoc d2 docker is tied to that because it's a technology that you use both by developers and by ops I think vmware is doing a really good job of giving up so kind of control they need to put darker in production yeah so we're here at vmworld a lot of talk about vmware in containers you guys doing a ton of stuff with Microsoft like yeah talk a little bit about because you know for a long time people like to say what containers have been along for on for a long time Linux containers and but but windows and microsoft adopting this like what's going on there yeah so the partnership with Microsoft is super exciting so after a VMware I actually moved to Microsoft and at Microsoft my role was to help all the darker partners to get onto Azure and since I join I've seen all the work that happened with microsoft recently we've done tons of stuff we end many many different integration points to me the most important one is finally we have native windows containers that shipped with a Windows Server tv3 like literally I think two weeks ago so that's something that was pre announced that dark on and my croissan'wich came onstage with the ducati sure to do a demo now you can run it on Azure yourself what's exciting there is that the concepts that are at the heart of docker are based on using c groups and name spaces which are linux kernel features for isolation of your workloads the thing is these isolation primitive similar ones existed in windows server and especially the version of Windows Server that was running within Microsoft data center for to power Bing and things like that to have denser workloads in the data center where the Microsoft team has done is that they re implemented the darker back end in terms of windows containers primitives and so now you can create Windows net application running on windows server in windows native containers the beauty of it if you're a developer especially an enterprise developer in the enterprise basically you have half and half Java and.net very often like developers go from one to the other or they are developers who do Java others doing dotnet they have completely different tool chains now with darker they have a single tool chain that they can use to build a multi container application that use different technologies behind the scene so finally developers can use the best tools for the father father job yep so pattern one of the things we look at every year here at vmworld is how are we doing it kind of fixing the things that broke when virtualization went into both storage and networking yeah and it was big discussion point at dr. Khan this year you put up a beta of docker networking yep storage I'd say is even a little bit you know further behind there so you know what's the latest on how you guys think of that you know where are we along that maturity curve of you know storage and networking for for containers so I'm really glad you asked that because when i joined occur in march that was my first project to kick-start a project to do darker extensibility and the two extension points that we created based on ecosystem and customer demands were about storage and networking and so I'd acha kaun in June we announced to extension points for dr. a plug-in system one for networking and one for volumes and what I really love about what happened at vmworld today this morning in the keynote is that VMware implemented a networking plug-in based on NSX as well as a volume plug inning in collaboration with a cluster HQ who had built flutter and help us create that extension point four volumes so finally one of the big issues with containers is that when you were deploying it in a multi host set up especially with swarm and compose when you're stunning to the orchestration before June there was no way to to move one container when state full container with data to another machine with a volume plug-in now you can do that and with the networking aspect now you can refer to containers by instead of like doing links and there were some complicated ways to do that now you can use either the native networking driver that comes with ducker but as usual we use the philosophy of batteries included but replaceable and so you can plug networking plug-in coming from nsx if you're using this fear under the hood yeah so still we're we're going to be doing a panel tomorrow on on containers one of the things I want to dig into we're gonna have intel on the show and tells doing some neat things where they're they're calling it clear containers but in essence it's it's kind of the equivalent for the vm we're proud of you know VT technology right hardware isolation of processes talk about just what's the potential of that for containers ability to better leverage hardware to make containers a it's faster and yeah so that aspect of internal research is super exciting and it corroborates some of the things i see happening in the marketplace right now especially on the research side where you have both like Linux containers became super successful in the past two years now that we're going in production there will be lots of different type of isolation technologies applied to containers and so one of the first one I heard about West project banville where it's implemented in terms of this year primitives another one is the clear container by Intel another one that I heard about that that came through the oci project that will talk about that new standard that we announced a cocoon is called is called things of run V and it's based on the hyper SH container technology based on virtualization so I see more and more people using virtualization as an implementation for isolation in containers yeah talk about what's going on with run see so you know six months ago it was we had this you know are we gonna have diverging container standards you guys stood up with core OS and 20 other companies and said we're no we're going to have one standard what's going on with with oci and run c and that thing that's been super exciting so that was my second project that docker we announced it at Daka Connie you that we had a 20 of the biggest companies in the industry joining to create a standard container especially core OS joining as well as Google and Amazon and everybody and what blew my mind is that we're what were free month later less than three months later the team right now is preparing a first draft of the spec for September they've been working actively all throughout the summer we put out we started working on the spec just after dark on we had the darker contributor summit and the the working group for OC I was the largest we had like 15 people from different companies starting to iterate on the spec they continued throughout the summer and now we have something that's close to a first draft of the spec with a reference implementation that's runs in one of the most interesting development that happens there and that really speaks to the power of open source and open stone is is that once the specs started to mature we started to have already a second reference a second implementation of the spec that's called rungy that's been built by the hyper SH project based on virtualization and then why way contributed a test suite for compliance of the of the spec so that spec is advancing really fast yeah so I was having a conversation with Jim's emmalin who runs the Linux Foundation II week or so ago at linux con and we asked him we said you know it's hard because you love them all like your kids do you have a favorite project he said yeah no question oci is my favorite project right now just because of the promise of portability the sort of write once run anywhere so you're working on it it's an important product the Linux domain is really looking at you guys to make this work and and drive that portability yeah and the Linux Foundation has done a really great job at coordinating the work of all the maintainer Xin there it's really a neutral ground where we can advance so that all of us can innovate on top of it now a lot of the competition is happening at the upper layer of the stack like oci I think we all agree on the semantics of what a container runtime should be now at the higher level there are lots of discussions about how the orchestration should be done and there you have 15 different projects you have swarmed from darker this mess those this coup banaras which is very opinionated and one of the other development this summer is that Google and many others including us dr. with part of that announced an another foundation called the CNC F the cloud native computing foundation where the goal there is to create reference tax for orchestration that can interoperate together pretty much along the same line of the work that darker did with a mesosphere for having a swarm plugin for mezclas so Patrick boy there's been so much movement in this space we talked multiple foundations a lot going on one of the things we came out of dr. Khan that we were just I guess a little concerned about is how many people actually run an import and we know you know I mean live through the the VMware lived through the Linux you know adoption phases so is it fair to kind of gauge that piece of it you know what do you see when you know you're talking to the practitioners and the you pick users out there as to you know how should we be measuring you know that's a naturally occurring production yeah so I would say it's maturing a lot we see more and more users putting darker in production there are lots of holes still in the offering that needs to be filled and that's why I'm pretty excited to see VMware stepping in and saying hey for production use we have a lot of technology that you can use to put that in production some of the things that we've seen is a like networking and volumes so that was really needed now that there are lots of plugins I hope that people will have an easier time putting that into production the agreement on what orchestration should be so people are still asking a lot of question about which orchestrator should i use for my containers in production and so I've seen so people using measures others using coronary some are trying swarm there's still lots of questions out there about what the right stack should look like and I would say as usual in software project it kind of depends on what you're running well the one thing that concerns me and it's always there's so many good things going on around docker I've been doing some research over the last couple of months looking at all the different platforms so everything from you know dr. native to what hoshi corp is doing to what openshift is doing and we were we talkin to Adrian Cockroft he said you know dockers reached sort of plaid in terms of speed it moves so fast you guys are releasing some every two months how do you deal with that because you deal with the ecosystem how do they deal with the fact that you're now part of their core platform but you're releasing new stuff every two months I mean are we going to get into something where it's like well it's it's one dot six and two dot one and how do you deal with that yeah so ducker itself as a company is maturing addict Akane you one of the big things that we announced is a darker trusted registry and aqus yes so we have a version of docker that is supported where we're going to do backwards a porting of patches so for people who really want to run it in production we have an offering that supported for them so that they are not obliged to run on the tape every time some of the startups that I've seen out there like large startups with a more in the consumer space who have larger data center and a pretty mature ops team they some of them are running on tip or on the latest version of darker but in the enterprise you can assume that like the adoption of new versions will be slower and so we have that like support offering for for all the versions of darker now the darker open source project is continuing to fire I like to create lots of things and there are lots of poor request the project is more successful than ever I think in the last like recently the most prolific contributor was Microsoft in the project there are lots of torrid has a huge contributor that Google as well is sending lots of pull requests so there are not lots of new features coming with each new release but at the same time we're really working on a platform that everybody is going to use and that needs to mature that's why you have that really fast pace of innovation in that space yeah so I mean Patrick here you're you're in the weeds of some of this so the other one that comes up quite a bit of courses security so even just this last week there's a big back and forth on Twitter and a couple of blog posts talking about it you know what what your thought is to how how we should talk about kind of the maturity and where we're going with the container security discussion yeah so as you guess container security is one of our big focus abductor because that's one of the things that people are expecting from a platform especially to run in production my colleague yoga Monica did lots of blog posts recently about how to improve your security in production security is not only a factor of the software itself but on the all the processes that you put in place around it and basically around darker you have to put in place with some kind of processes you have for operating systems like getting the latest release of the official images I don't know if you saw that there's been a blog post like talking where they looked randomly at all the images in docker hub and evaluating them for security issues one of the things that they didn't look at is that the latest releases of operating systems that we have in there in blocker images are just tracking the upstream releases and people who have sound security practices internally I'll just pulling these latest releases all right last question I have for you Patrick it's it easy for people to come I come in here and be like oh well you know biggest threat to vmware is is docker what what I love talking to you is you know this is a real small community I over the last year a lot of former VMware people now working over a doctor and not that they're unhappy with VMware and you know Microsoft is is in the mix you know so I mean this whole community is pulling together and doing a lot of work a lot of contribution you know what do you see out there from the technology community to help mature this whole space yeah I'd say both VMware and Microsoft at the operating system an infrastructure level as well as Google at the orchestration layer VMware a red hat at the operating system layer like everybody is trying to make darker a sound platform to run in production so what I see in all corners is just darker getting solidified and getting part of most people's production infrastructure with all these efforts on the security and stability and processes as well as the development processes there are lots of innovation in the terms of CI CD integration with darker no no she saw the work that cloudbees has been doing for integrating jenkins with darker so doctor is both the platform for apps and for devs and in that in that qualification that the ecosystem is very broad both on the dev tools side as well as on the ops and platform side all right well Patrick unfortunately at a time is always great chatting with you thank you so much for joining us we'll be back with lots more coverage here from being real 2015 and thank you for watching you inseam six months you