(upbeat music) >> We're back with a Blueprint for Trusted Infrastructure in partnership with Dell Technologies and theCUBE. And we're here with Mahesh Nagarathnam who is a consultant in the area of networking product management at Dell technologies. Mahesh, welcome, good to see you. >> Hey, good morning, Dave. It's nice to meet you as well. >> Hey, so we've been digging into all the parts of the infrastructure stack, and now we're going to look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective what's unique and challenging about securing network infrastructure that we should know about? >> Yeah, so a few years ago, IT security in an enterprise was primarily putting a wrapper around the data center because IT was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a wrapper around it like a perimeter or a firewall was a sufficient response because you could basically control the enormous data into small enough control. Today, with the distributed data intelligent software different systems, multi-cloud environment and asset service delivery. The infrastructure for the modern era changes the way to secure the network infrastructure. In today's data driven world, IT operates everywhere and data is created and accessed everywhere. So far from the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent, with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >> Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed, there is no perimeter anymore. So you can't just, as you say, put a wrapper around it, I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >> So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles. In order to prevent the threat actors from accessing, changing, destroying or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective it's the ability to protect from and withstand attacks on the networking systems. As we continue to evolve, this will also include the ability to adapt and recover from these attacks which is what cyber resilience aspect is all about. So cybersecurity, best practices as you know is continuously changing the landscape primarily because the cyber threats also continue to evolve. >> Yeah, got it. I like that. So, it's got to be integrated. It's got to be scalable. It's got to be comprehensive and adaptable. You're saying it can't be static. >> Right. So I think, you had a second part of the question that says, what are the basic principles when you're thinking about securing network infrastructure. When you are looking at securing the network infrastructure it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to, based on their user level. Now accessing a network platform like a switch or a router, for example, is typically used for configuration and management of the networking switch. So user access is based on roles for that matter role based access control, whether you are security admin or a network admin or a storage admin. And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. When we're talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And this is important because it could actually get hold of the system and you could get undesired results. In terms of validation of the images, it needs to be done through digital signature. So it's important that when you're talking about software integrity, A, you are ensuring that the platform is not compromised and B, that any upgrades that happens to the platform is happening through validated signature. >> Okay. And now you've, so there's access control, software integrity and I think you got a third element, which is, I think response, but please continue. >> Yeah. So, the third one about vulnerability. So we follow the same process that's been followed by the rest of the products within the Dell Product family that's to report or identify any kind of vulnerability that's being addressed by the Dell Product Security Incident Response Team. So the networking portfolio is no different. It follows the same process for identification for triage and for resolution of these vulnerabilities. And this address either through patches or through new resource via networking software. >> Yeah, got it. I mean, you didn't say zero trust but when you were talking about access control you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but you, I think gave it some clarity there. Software integrity, it's about assurance, validation, your digital signature, you mentioned, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description. Thank you for that. But then the next question is how does Dell Networking fit into the construct of what we've been talking about, Dell Trusted Infrastructure? >> So networking is the key element in the Dell Trusted Infrastructure. It provides the interconnect between the server and the storage world and it's part of any data center configuration. For a trusted infrastructure, the network needs to have access control in place where only the authorized personals are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network, you have things like segmentation, isolated segments and via VRFs or micro-segmentation via partners. This allows various level of security for each of those segments. So it's important that the network infrastructure has the ability to provide all these services. From a Dell networking security perspective, there are multiple layers of defense, both at the edge and in the network, in the hardware and in the software. And essentially, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality and accessibility of the network assets. So each network security layer, it implements policies and controls, as I said, including network segmentation, we do have capabilities, resources, centralized management, automation, and capability and scalability for that matter. Now you add all of these things with the open networking standards or software different principles, and you essentially reach to the point where you're looking at zero trust network access which is essentially sort of a building block for increased cloud adoption. If you look at the different pillars of a zero touch architecture, if you look at the device aspect, we do have support for secure boot, for example, we do have trusted platform, trusted platform models, TPMs on certain offer products. And the physical security, plain simple old WLAN port enable disable. From a user trust perspective, we know it's all done via access control base via role based access control and capability in order to provide remote authentication or things like sticky MAC or MAC learning limit and so on. If you look at a transport and a session trust layer, these are essentially, how do you access this switch. Is it by plain old Telnet, or is it like secure SSH. And when a host communicates to the switch, we do have things like self-signed or a certificate authority based certification. And one of the important aspect is, in terms of the routing protocol the routing protocol, for example, BGP, for example, we do have the capability to support MD5 authentication between the BGP peers so that there is no malicious attack to the network where the routing table is compromised. And the other aspect is about control plain ESL. It's typical that if you don't have a control plane Azure, it could be flooded and the switch could be compromised by denial of service attacks. From an application test perspective, as I mentioned, we do have the application specific security rules where you could actually define the specific security rules based on the specific applications that are running within the system. And I did talk about the digital signature and the cryptographic checks and that we do for authentication and, I mean rather for the authenticity and the validation of the image and the boundary and so on and so forth. Finally the data trust, we are looking at the network separation. The network separation could happen over VRF, plain old VLANs which can bring about multitenancy aspects. We talk about micro-segmentation as it applies to NSX, for example. The other aspect is we do have with our own smart fabric services, that's enabled in a fabric, we have a concept of cluster security. So all of this, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >> Yeah, so thank you for that. There's a lot to unpack there. One of the premise, the premise really this segment that we're setting up in this series, is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team and the premise that we're putting forth is that because security teams are so stretched thin, you got to shift a vendor community, Dell specifically is shifting a lot of those tasks to their own R&D and taking care of a lot of that. 'cause SecOps teams got a lot of other stuff to worry about. So my question relates to things like automation which can help and scalability. What about those topics as it relates to networking infrastructure? >> Our portfolio, it enables state of the automation software that enables simplifying of the design. So for example, we do have the fabric design center, a tool that automates the design of the entire fabric and from a deployment and the management of the network infrastructure, there are simplicities using like Ansible playbooks for SONiC, for example. Or for a better storage, we do have smart fabric services that can automate the entire fabric for a storage solution or for one of the workloads, for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, we have those capabilities using SONiC or smart traffic services. If you look at SONiC for example, it delivers automated intent based secure containerized network. And it has the ability to provide network visibility and awareness and of these things are actually valid for a modern networking infrastructure. So now if you look at SONiC, the usage of those tools that are available within the SONiC NAS is not restricted just to the data center infrastructure, it's a unified NAS that's well applicable beyond the data center, right up to the edge. Now, if you look at our NAS from a smart traffic OS10 perspective, as I mentioned, we do have smart traffic services, which essentially simplifies the deployment, day one day two deployment expansion plans and the life cycle management of our converged infrastructure and hyperconverged infrastructure solutions. And finally, in order to enable zero touch deployment, we do have a VEP solution with our SD-WAN capability. So these are in a ways by which we bring down the complexity by enhancing the automation capability using a singular NAS that can expand from a data center now, right to the edge. >> Great, thank you for that. Last question real quick. Pitch me, can you summarize from your point of view what's the strength of the Dell networking portfolio? >> So from a Dell networking portfolio we support the capabilities at multiple layers, as I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface, sticky MAC and trusted platform modules are the things that to go after. And when you're talking about secure boot, for example, it delivers the authenticity and the integrity of the OS10 images at the startup. And secure boot also protects the startup configuration so that the startup configuration file is not compromised. And secure boot also enables the bootloader protection, for example. That is at another aspect of software image, integrity validation, wherein the image is validated for the digital signature prior to any upgrade process. And if you are looking at secure access control we do have things like role-based access control, SSH to the switches, control plane, access control, that pre-onset attacks and access control through multifactor authentication. We do have Radius Tech ads for entry control to the network and things like CSE and PRV support from a federal perspective. We do have logging wherein any event, any auditing capabilities can be possible by looking at the syslog servers which are pretty much in our transmitter from the devices ORTS, for example. And last we talked about network separation. And this separation ensures that that is a contained segment for a specific purpose or for the specific zone. And this can be implemented by a micro-segmentation, just a plain old WLAN or using virtual route of framework VRF, for example. >> A lot there. I mean, I think frankly, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for coming on theCUBE and explaining that in quite some depth. Really appreciate it. >> Thank you, Dave. >> Oh, you're very welcome. Okay in a moment, I'll be back to dig into the hyperconverged infrastructure part of the portfolio, and look at how, when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a Blueprint for Trusted Infrastructure made possible by Dell technologies and collaboration with theCUBE, your leader in enterprise and emerging tech coverage. (soft upbeat music)

(upbeat music) >> Hey, everyone. Welcome to this CUBE Conversation that's part of the AWS startup showcase Season Two, Episode Four. I'm your host Lisa Martin. Chase Doelling joins me, the principles strategist at JumpCloud. Chase, welcome to theCUBE. It's great to have you. >> Chase: Perfect. Well, thank you so much, Lisa. I really appreciate the opportunity to come and hang out. >> Let's talk about JumpCloud. First of all, love the name. This is an open directory platform. Talk to the audience about what the platform is, obviously, the evolution of the domain controller. But give us that backstory? >> Yeah, absolutely. And so, company was started, and I think, from serial entrepreneurs, and after kind of last exit, taking a look around and saying, "Why is this piece of hardware still the dominant force when you're thinking about identities, especially when the world is moving to cloud, and all the different pieces that have been around it?" And so, over the years, we've evolved JumpCloud into an open directory platform. And what that is, is we're managing your identities, the devices that are associated to that, all the access points that employees need just to get their job done. And the best part is, is we're able to do that no matter where they are within the world. >> It seems like kind of a reinvention of how modern IT teams are getting worked done, especially in these days of remote work. Talk to me a little bit about the last couple of years particularly as remote work exploded, and here we are still probably, permanently, in that situation? >> Yeah, absolutely. And I think it's probably going to be one of those situations where we stick with it for quite a while. We had a very abrupt force in making sure that essentially every IT and security team could grapple with the fact of their users are no longer coming into the office. You know, how do we VPN into all of our different resources? Those are very common and unfortunate pain points that we've had over the last couple years. And so, now, people have starting to kind of get into the motion of it, working from home, having background and setups and other pieces. But one of the main areas of concern, especially as you're thinking about that, is how does it relate to my security infrastructure, or kind of my approach to my organization. And making sure that too, on the tail end, that a user's access and making sure that they can get into everything that they need to do in order to get work done, is still happening? And so, what we've done, is we've really taken, evolving and really kind of ripping apart this notion of what a directory was. 'Cause originally, it was just like, great, almost like a phone directory. It's where people lived they're going into all those different pieces. But it wasn't set up for the modern world, and kind of how we're approaching it, and how organizations now are started with a credit card and have all of their infrastructure. And essentially, all of their IP, is now hosted somewhere else. And so, we wanted to take a different approach where we're thinking about, not only managing that identity, but taking an open approach. So, matter where the identity's coming from, we can integrate that into the platform but then we're also managing and securing those devices, which is often the most important piece that we have sitting right in front of us in order to get into that. But then, also that final question, of when you're accessing networks applications, can you create the conditions for trust, right? And so, if you're looking at zero trust, or kind of going after different levels of compliance, ISO, SOC2, whatever that might be, making sure that you have all that put in place no matter where your employees are. So, in that way, as we kind of moved into this remote, now hybrid world, it wasn't the office as the gating point anymore, right? So, key cards, as much as we love 'em, final part, whereas the new perimeter, the kind of the new barrier for organizations especially how they're thinking about security, is the people's identities behind that. And so, that's the approach that we really wanted to take as we continue to evolve and really open up what a directory platform can do. >> Yeah. Zero trust security, remote work. Two things that have exploded in the last couple of years. But as employees, we expected to be able to still have the access that we needed to apps, to the network, to WiFi, et cetera. And, of course, on the security side, we saw massive changes in the threat landscape that really, obviously, security elevates to a board level conversation. So, I imagine zero trust security, remote work, probably compliance, you mentioned SOC2, are some of the the key use cases that you're helping organizations with? >> Those are a lot of the drivers. And what we do, is we're able to combine a lot of different aspects that you need for each one of those. And so, now you're thinking about essentially, the use case of someone joins an organization, they need access to all these different things. But behind the scenes, it's a combination of identity access management, device management, applications, networks, everything else, and creating those conditions for them to do their roles. But the other piece of that, is you also don't want to be overly cumbersome. I think a lot of us think about security as like great biometrics, so I'm going to add in these keys, I'm going to do everything else to kind of get into these secured resources. But the reality of it now, is those secure resources might be AWS infrastructure. It might be other Salesforce reporting tools. It might be other pieces, or kind of IP within the organization. And those are now your crown jewel. And so, if you're not thinking about the identities behind them and the security that you have in order to facilitate that transaction, it becomes a board level conversation very quickly. But you want to do it in a way that people can move forward with their lives, and they're not spending a ton of time battling the systems and procedures you put in place to protect it, but that it's working together seamlessly. And so, that's where, kind of this notion for us of bringing all these different technologies into one platform. You're able to consolidate a lot of those and remove a lot of the friction while maintaining the visibility, and answering the question, of who has access to what? And when did they do that? Those are the most critical pieces that IT and security teams are asking themselves when something happens. And hopefully, on the preventative side and not so much on the redacted side. >> Have you seen the escalation up the C-Suite change of the board in terms of really focusing on how do we do identity management? How do we do single sign on? How do we do device management and network access? Is that all the way up to the C-Suite board level as well? >> It certainly can be. And we've seen it in a lot of different conversations, because now you are thinking about all different portions of the organization. And then, two, as we're thinking about times we're currently in, there's also a cost associated to that. And so, when you start to consolidate all of those technologies into one area, now it becomes much more of total cost optimization types of story while you're still maintaining a lot of the security and basic blocking and tackling that you need for most organizations. So, everything you just mentioned, those are now table stakes for a lot of small, medium, startups to be at the table. So, how do you have access to enterprise level, essentially technology, without the cost that's associated to it. And that's a lot of the trade offs that organizations are facing and having those types of conversations as it relates to business preparedness and how we're making sure that we are putting our best foot forward, and we're able to be resilient in no matter what type, of either economic or security threat that the organization might be looking at. >> So, let's talk about the go-to market, the strategy from a sales and marketing perspective. Where are the customer conversations happening? Are they at the IT level? Are they higher up the stack? >> It's really at, I'd say the IT level. And so, by that, I mean the builders, the implementers, everyone that's responsible for putting devices in people's hands, and making sure that they can do their job effectively. And so, those are their, I'd say the IT admins the world as well as the managed service providers who support those organizations, making sure that we can enable them to making sure that their organizations or their client organizations have all the tools that their disposable to make sure that they have the security or the policies, and the technology behind them to enable all those different practices. >> Let's unpack the benefits from an IT perspective? Obviously, they're getting one console that they can manage at all. One user identity for email, and devices, and apps, and things. You mentioned regardless of location, but this is also regardless of operating system, correct? >> That's correct. And so, part of taking an open approach, is also the devices that you're running on. And so, we take a cross OS approach. So, Mac, Windows, Linux, iPhone, whatever it might be, we can make sure that, that device is secure. And so, it does a couple different things. So, one, is the employees have device choice, right? So, I'm a Mac person coming in. If forced into a Windows, it'd be an interesting experience. But then, also too, from the back end, now you have essentially one platform to manage your entire fleet. And also give visibility and data behind what's happening behind those. And then, from the end user perspective as well, everything's tied together. And so, instead of having, what we'll call user ID schizophrenia, it might be one employee, but hundreds of different identities and logins just to get their work done. We can now centralize that into one person, making sure you have one password to get into your advice, get into the network, to get into your single sign on. We also have push MFA associated with that. So, you can actually create the conditions for your most secured access, or you understand, say, "Hey, I'm actually in the office. I'm going to be a hybrid employee. Maybe I can actually relax some of those security concerns I might have for people outside of the network." And all we do, is making sure that we give all that optionality to our IT admins, manage service providers of the world to enable that type of work for their employees to happen. >> So, they have the ability to toggle that, is critically important in this day and age of the hybrid work model, that's probably here to stay? >> It is, yeah. And it's something that organizations change, right? Our own organizations, they grow, they change different. New threats might emerge, or same old existing threats continue to come back. And we need to just have better processes and automations put within that. And it's when you start to consolidate all of those technologies, not only are you thinking about the visibility behind that, but then you're automating a lot of those different pieces that are already tightly coupled together. And that actually is truly powerful for a lot of the IT admins of the world, because that's where they spend a lot of time, and they're able to spend more time helping users tackling big projects instead of run rate security, and blocking, and tackling. That should be enabled from the organization from the get go. >> You mentioned automation. And I think that there's got to be a TCO reduction aspect here with respect to security and IT practices. Can you talk about that a little bit? >> Yeah, absolutely. Let's think about the opposite of that. Let's say we have a laundry list of technology that we need to go out and source. One is, great, where the identity is, so we have an identity provider. Now, we need to make sure that we have application access that might look like single sign on. Now, we need to make sure, you are who you are no matter where you are in the world. Well, now we need multifactor authentication and that might involve either a push button, or biometrics. And then, well, great the device's in front of us, that's a huge component, making sure that I can understand, not only who's on the device, but that the device is secure, that there's certificates there, that there's policies that ensure the proper use of that wherever it might be. Especially, if I'm an employee, either, it used to be on the the jet center going between flying anywhere you need. Now, it's kind of cross country, cross domain, all those different areas. And when you start to have that, it really unlocks, essentially IT sprawl. You have a lot of different pieces, a lot of different contracts, trying to figure out one technology works, but the other might not. And you're now you're creating workarounds for all these different pieces. So, the opposite of that, is essentially, let's take all those technologies and consolidate that into one platform. So, not only is it cheaper essentially, looking after that and understanding all the different technologies, but now it's all the other soft costs around it that many people don't think about. It's all the other automations. It's all the workarounds that you didn't have to do in the first place. It's all the other pieces that you'd spend a lot of time trying to wire it together. Into the hopes of that, it creates some security model. But then again, you lose a lot of the visibility. So, you might have an incident happen over here, or a trigger, or alert, but it's not tied to the rest of the stack. And so, now you're spending a lot of time, especially, either trying to understand. And worse timing, is if you have an incident and you're trying to understand what's happening? Unraveling all of that as it happens, becomes impossible, especially if it's not consolidated with one platform. So, there's not only the hard cost aspect of bringing all that together, but also the soft costs of thinking about how your business can perform, or at least optimize for a lot of those different standard processes, including onboarding, offboarding, and everything else in between. >> Yeah. On the soft cost side, I can imagine. I can see huge benefits for HR onboarding, offboarding. I can see benefits for the employee experience period, which directly relates to the customer experience. So, in terms of the business impact that JumpCloud can make, it seems to be pretty horizontal across any type of organization? >> It is, and especially as you mentioned HR. Because when you think about, where does the origin of someone's identity start? Well, typically, it starts with a resume and that might be in applicant tracking software. Now, we're going to get hired, so we're going to move into HR, because, well, everyone likes payroll, and we need that in our lives, right? But now you get into the second phase, of great, now I've joined the organization. Now, I need access to all of these different pieces. But when you look at it, essentially horizontally, from HR, all the way into the employee experience, and their whole life cycle within the organization, now you're touching multiple different teams And that's one of the other, I'd say benefits of that, is now you're actually bringing in HR, and IT, and security, and everyone else that might be related within these kind of larger use cases of making work happen all coming under. And when they're tightly integrated, it's also a lot more secure, right? So, you're not passing notes along. You're not having a checklist of other stuff, especially when it relates to something as important as someone's identity, which is more often than not, the most common attack vector for people to go after. Because they know it's the keys to the kingdom. There's going to be a lot of different attempts, maybe malware and other pieces, but a lot of it comes back into, can I impersonate, or become the person that I want within the organization, because it's the identity allows you to access all those different pieces. And so, if it's coming from a disjointed process or something that's not as tightly as it could be, that's where it really opens up a lot of different vectors that organizations don't think about. >> Right, and those vectors are only growing and multiplying as we know, and here to stay. When you're in customer conversations what do you describe as maybe the top three differentiators of JumpCloud compared to the competition? >> Well, I think a lot of it is we take an open approach. And so, by that, I mean, it's one we're not locking into, I'd say different vendors or other areas. We're really looking into making sure that we can work within your environment as it stands today, or where you want to migrate in the future. And so, this could be a combination of on-prem resources, cloud resources, or nothing if you're starting a company from today. And the second, is again, coming back into how we're looking at devices. So, we take a cross OS approach that way, no matter what you're operating on, it all comes back from the same dashboard. But then, finally, we leverage a ton of different protocols to make sure it works with everything within your current technology stack, as well as it continues to elevate and evolve over time. So, it could be LD app and Radius, and Sam, and skim, and open ID Connect, and open APIs. And whatever that might be, we are able to tie in all those different pieces. So, now, all of a sudden, it's not just one platform, but you have your whole business tied into as that gives you some flexibility too, to evolve. Because even during the pandemic and the shift for remote, there's a lot of technology choices that shifted. A lot of people are like, "Okay, now's the time to go to the cloud." There might be other events that organizations change. There's other things that might happen. So, creating that flexibility for organizations to move and make those calls, is essentially how we're differentiating ourselves. And we're not locking you into this, walled garden of technology that's just our own. We really want to make sure that we can operate, and be that glue, so that way, no matter what you're trying to do and making sure that your work is being done, we can help facilitate that. >> Nice. No matter what happens. Because boy, at this day, anything's possible. One more question for you about your AWS partnership. Talk to me a little bit about that? >> Yeah, absolutely. So, we are preferred ADP identity provider and SSO provider for AWS. And so, now rebranded under their identity center. But it's crucial for a lot of our organizations and joint customers because again, when we think about a lot of organization IP and how they operate as a business, is tied into AWS. And so, really understanding, who has the right level of access? Who should be in there or not? And when too, you should challenge in making sure that actually there's something fishy there. Like let's make sure that they're not just traveling to Europe on a sabbatical, and it's really who they are instead of a threat actor. Those are some of the pieces when we're thinking about creating that authentication, but then also, the right authorization into those AWS resources. And so, that's actually something that we've been very close to, especially, I'd say that the origins of a company. Because a lot of startups, that's where they go. That's where they begin their journey. And so, we meet them where they are, and making sure that we're protecting not only everything else within their organization, but also what they're trying to get into, which is typically AWS >> Meeting customers where they are. It's all about that. Chase, thank you so much for joining me on the program talking about JumpCloud, it's open directory platform. The benefits, the capabilities, what's in it for IT, HR, security, et cetera. We appreciate all of your insights and time. Where do you want to point folks to go to learn more? >> Well, absolutely. Well, thank you so much for having us. And I'd say, if you're curious about any and all these different technologies, the best part is everything I talked about is free up to 10 users, 10 devices. So, just go to jumpcloud.com. You can create an organization, and it's great for startups, people at home. Any size company that you're at, we can help support all of those different facets in bringing in those different types of technologies all into one roof. >> Awesome. Chase, thank you so much. This is awesome, go to jumpcloud.com. For Chase Doelling, I'm Lisa Martin. We want to thank you so much for giving us some of your time and watching this CUBE Conversation. (upbeat music)

(bright, upbeat music) >> Thank you, Adam, you're looking great in the studio. Those clouds going behind you in that beautiful blue sky. Okay. We're excited here at the Fira in Barcelona at Mobile World Congress 21. Yes, it's on. Yes, it's alive and I'd say it's pretty well. Andriy Zhylenko is here as the CEO of Porta One and Roman Khalenkov is joining us as well He's the Chief Commercial Officer of Porta One. Gents, great to see you. Thanks for coming on the Cube. >> Thank you very much for having us. >> You're very welcome. You guys are local Barcelonans now. That's awesome. You've came in from Russia. You had this great idea for a company. Tell us about Porta One. >> Well, Porta One exists for over 20 years and we focus on helping Telco operators to deliver services more efficiently or create something new by providing an open architecture platform. And we mostly focus on tier two and three operator. So, I think about us as this weapon they can use to fight the Goliath; the large telecom operators because they need flexibility and the ability to get there faster. >> I mean, I love that, right. And we're going to talk about the cloud is a key part of that because you're now giving the smaller operators the capabilities that the big guys have had but actually doing it a way that may be cleaner and more agile, it's cloud based, they can price differently. It's a whole new ball game, right? I mean, what are you seeing when you talk to customers? What's that? What's the initial conversation like? >> Well, people still, to some extent, are afraid of the cloud but we try to give them different options on premises or in the cloud. It's a software after all. >> Dave: What, what are they afraid of with the cloud? >> They're afraid of not having the full control and usually people are afraid of things, which they don't completely understand and I guess having us here helps them to overcome that fear. >> Well, we saw this with the traditional enterprise IT when we used to have financial services executives on the cube. 10 years ago, they go, we will never put our data in the cloud. It's never going to happen. It was financial services, one of the fastest growing and largest customer segments for the cloud. But you're focusing on, you say, the tier two and tier three, I would think they have a greater motivation, right? Because they see the opportunity to disrupt. Right? >> That's true. I see cloud and other technologies such as SDN as this great equalizer because now it doesn't matter that much how much of the fiber optics you have in the ground or how many base towers you have. The true advantage will come from your platform, from the application and the service you can create. And if there's a company, they can create a great service, if it's in the cloud, it can scale to millions of subscribers easily, they just to find that product market fit. >> And Roman, you've got almost 500 customers, I believe. >> Yes. All around the globe. >> Well, that's the interesting thing, you got like 90 customers or more and so, >> 90 countries >> 90 countries, I meant 500 customers in 90 countries. So you've got local laws, you've got local politics, public policy, different across those countries, you know, provenance etc. etc. How do you see - what's the spectrum like are they open to the tier two and tier three disrupting? I mean, I would imagine some countries are trying to protect, you know, their relationships with the big Telcos because it's such critical infrastructure. What's that spectrum look like? Paint a picture of that diversity. >> It all depends on the specific country. In some countries like South Africa, the market is totally liberalized. You want to become a Telco. Here you go. In other countries like China, for example, it's only for a very small group of national carriers. So we basically follow the lead of the customers. If there are an opportunity in the specific countries, they will pop up like mushrooms. If there is no market liberation, what can you do? >> Right. Okay. So now talk more about what you guys sell to these customers. You're talking about the BSS systems and what exactly am I buying from you? And how is that all working? >> We sell the ability to manage your subscribers, create new services, and then provision and deliver those services to a variety of network elements, equipment and through integrations, and through connections to various types of apps. And right now with the cloud move, I see this as an- it's a challenge and an opportunity at the same time. If Telco has existing infrastructure that's our chance to rethink the architecture and approach. Because if they just think we have a cloud, it's some kind of computer where I'm going to run the applications a bit cheaper, they're missing the point. We were born in Soviet Union and one of my treasures is the jokes from Soviet Union times is one of them is a lady writes to the Central Committee of Communist Party and she says, I work at the Moscow Teapot Factory. And I like my job, I like my colleagues, I'm employee of the month, but, what bothers me; I can never buy a teapot in my store. I go there but they never have teapots. Can you do something? And she receives a reply saying, well, we can not change the way how we distribute goods in the whole country but there's an exception that will allow you to take one part of teapot, bring it home, and you can assemble teapot for yourself. And then two months later, there's now a letter from the same lady saying, Dear comrades, I did as you told me and now in my backyard, I have an intercontinental ballistic missile SS20 but I still don't have a teapot. So you cannot replicate what already had to just bring it piece by piece into the cloud and expect it's going to be something different, it's going to be better. >> Dave: We call it the Lunar Landing Module, very complex. Okay! Let's talk about the move from and the journey from on-prem maybe through hybrid but to the cloud, ultimately, and it starts with the customer conversation. First of all, they got to be willing. Right? Okay. But what's that journey look like? What are the phases that we should- how should we think about that? >> Over the last 20 years we've been offering our platform on premises and usually with unlimited license. So, whatever you can squeeze out of your physical machines is all yours. We don't count that. And that was a pretty straightforward model because you own your servers. We give you the license to the product, and it's fully separated. In the cloud it's not possible by default. You will provide both the physical infrastructure and software infrastructure. So, we need to change that model and we need to explain to our customers first of all. The next step; no Telco is the same. So, they provide different set of services. They offer their products to different audiences of the end-users. So it can be hosted PPBX or IP Centrics environments. So, we would then price our platform based on the number of active seats or it can be a mobile operator, a full mobile network operator or virtual mobile operator MVNO, or even enabler MVNE. So in that case, we would price our platform based on number of active sims. Many manual customers prefer to diversify. They want to choose different models, serve different market segments and not only deliver voice, but also data, messaging, value added services. We have a huge customer in Brazil, for example, they don't have a single end-user customer because everything what they do is pure IOT. So how do we price the platform? Because the variety of business models is so huge. We use the idea of billable events. So any call, any message, any data session, subscription, or anything which can produce a rate-able file can counter against the capacity of what the customer uses. So it gives a full transparency for the customer and it's easy to predict the future costs >> And you're able to charge accordingly and transparently because you've written software to do that. >> Roman: Absolutely. >> Its in the cloud, I presume. And so, you're able to show your customers exactly what you're paying for and the seat in that instance is somebody who's creating those services or somebody who's administering those services, or it's a developer? >> It's an extension >> Somebody who's using the service. So the end user. >> Ah, right. Yeah, okay. >> And actually we use our own software to charge our customers for using our software. >> Okay so you eat your own dog food or drink your own champagne as people like to say, right? How about from an engineering standpoint? Going from on-prem to the cloud, how should we think about architecting that? What are some of the roadblocks that we potentially see? >> The biggest roadblock we see in the developing countries is data centers not being available yet. That customer in Brazil, they were like knocking on the doors of the data center >> 9: 00 AM when it just opened, because they've been waiting for so long. We have about 15 customers in South Africa. They still are waiting for proper cloud at the center to be open there. But that's just the question of time. We just have to wait a little bit and this will get improved. And then that's a big thing. that you have your data center, you have your cloud software, and then you have your existing operations. You have your systems. So how do you move there? And I'm a proponent of gradual migration and gradual movement because every Telco, if they were in business for at least a few years, they have accumulated the variety of different systems, legacy, different products, different departments. It's difficult to jump in the cloud in one jump. So let's build a ladder. And with our customers, we use a technology called Dual-Version with RADIUS. It's a gradual migration. You don't move it at once You first with the pilot batch of customers, observe them, then add more customers, add more customers, and you keep going until everybody's on the new version. And it helps tremendously with new technology, or just with different user experience, because maybe some things which were improved in our perspective from some users, they don't like the change or they need some adjustments. So we see a way to the cloud. It's starting the small steps and then get them to the cloud and the process doesn't start there because once you get to version one of Clio cloud software, it's going to be version two and version three and version four. So the first is a general change in the mentality of telco, all this constant gradual improvements. >> You call it radio? Gradual? >> Gradual. >> Okay, so, gradual migration. So when you do a migration and it's gradual what, do you create some kind of abstraction layer so they don't have to freeze everything, right? Or, maybe I do freeze it but I can still operate with the pieces that have moved. >> Exactly. >> So I'm not shutting down my business. >> No, no way. >> That's the problem with migrations, right? I got to, I got to freeze it. And then, so I say, forget it. I don't ever do a migration, but technology allows you to hide that. >> Right. Some freeze may be required because maybe you should not add a new product or change one, which is currently being immigrated. >> Right. >> But to try to minimize the amount of those freezes from a product catalog perspective and the amount of potential inconveniences for the end user while they be integrated. >> Let's talk about the business value. We know that before, we know what it's like, it's a hairball. You described that spaghetti code. It's slow. It's not transparent. It's expensive. What are you seeing in the after state with some of your tier two and tier three customers, in particular, the ones that are disrupting the Telcos, what do you see? Roman. >> It Brings value, first of all. Because the scalability is no longer an issue. Their ability to migrate, ability to update the system to the new releases is also, much more easier in the cloud. So, the industry's changing fast. The consumers are instantly moving from one preferred way of communicating to another. So the Telcos need to change as well, pretty rapidly. So we are trying to give them that set of tools so they are not being dragged behind by the changes. So update faster, scale faster, introduce new products faster, configure new subscription, and get more customers. >> And then that leads to compress time to monetization. >> Roman: Exactly >> Better customer satisfaction. If we talked in this industry about NPS and how it's so negative. Usually people talk about "my NPS is better than Apple's". When they, in this industry, it's like we need to improve the NPS. Unique approach. Okay! Guys, we're almost out of time. Andriy, I'll give you the last word, put a bow on Mobile World Congress 2021 and how poor to seize it. >> Well, I think it's very symbolic, this place we are in right now, it's a space which used to belong to a large telecom software vendor. And now there's a variety of smaller disruptive companies. And I think that's the future. So the days when Telco would shop for a single huge RFP to solve all of their problems, are gone for good. Because now with the cloud, with integration, with API, You, the Telcos, have the power to build what they need, peak the solutions to integrate and create something which will deliver value and allow them to have it (indistinct) >> Fantastic. We are tracking the transformation of Telco and it just coincides with the exit of the post isolation economy. We're really excited to be here in cloud city. Adam, back to you in the studio.