>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>> Narrator: The cube presents, the Kubecon and Cloudnativecon Europe, 2022 brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon and Cloudnativecon Europe, 2022. I'm your host Keith Townsend. It's been a amazing day, three days of coverage 7,500 people, 170 sponsors, a good mix of end user organizations, vendors, just people with open source at large. I've loved the conversations. We're not going to stop that coverage just because this is the last session of the conference. Colin Murphy, senior software engineer, Adobe, >> Adobe. >> Oh, wow. This is going to be fun. And then Liam Randall, the chair of CNCF Cloud Native WebAssembly Day. >> That's correct. >> And CNCF & CEO of Cosmonic. >> That's right. >> All right. First off, let's talk about the show. How has this been different than other, if at all of other Kubecons? >> Well, first I think we all have to do a tremendous round of applause, not only for the vendors, but the CNC staff and all the attendees for coming out. And you have to say, Kubecon is back. The online experiences have been awesome but this was the first one, where Hallwaycon was in full effect. And you had the opportunity to sit down and meet with so many intelligent and inspiring peers and really have a chance to learn about all the exciting innovations that have happened over the last year. >> Colin. >> Yeah, it's been my most enjoyable Kubecon I've ever been to. And I've been to a bunch of them over the last few years. Just the quality of people. The problems that we're solving right now, everywhere from this newer stuff that we're talking about today with WebAssembly but then all these big enterprises trying to getting involved in Kubernetes >> Colin, to your point about the problems that we're solving, in many ways the pandemic has dramatically accelerated the pace of innovation, especially inside the CNCF, which is by far the most critical repository of open source projects that enterprises, governments and individuals rely on around the world, in order to deliver new experiences and to have coped and scaled out within the pandemic over the last few years. >> Yeah, I'm getting this feel, this vibe of the overall show that feels like we're on the cuff for something. There's other shows throughout the year, that's more vendor focused that talk about cloud native. But I think this is going to be the industry conference where we're just getting together and talking about it and it's going to probably be, in the next couple of years, the biggest conference of the year, that's just my personal opinion. >> I actually really strongly agree with you. And I think that the reason for that is the diversity that we get from the open source focus of Kubecon Kubecon has started where the industry really started which was in shared community projects. And I was the executive at Capital One that led the donation of cloud custodian into the CNCF. And I've started and put many projects here. And one of the reasons that you do that is so that you can build real scalable communities, Vendors that oftentimes even have competing interest but it gives us a place where we can truly collaborate where we can set aside our personal agendas and our company's agendas. And we can focus on the problems at hand. And how do we really raise the bar for technology for everybody. >> Now you two are representing a project that, you know as we look at kind of, how the web has evolved the past few decades, there's standards, there's things that we know that work, there's things that we know that don't work and we're beyond cloud native, we're kind of resistant to change. Funny enough. >> That's right. >> So WebAssembly, talk to me about what problem is WebAssembly solving that need solving? >> I think it's fitting that here on the last day of Kubecon, we're starting with the newest standard for the web and for background, there's only four languages that make up what we think of as the modern web. There's JavaScript, there's HTML, there's CSS, and now there's a new idea that's WebAssembly. And it's maybe not a new idea but it's certainly a new standard, that's got massive adoption and acceleration. WebAssembly is best thought of as almost like a portable little virtual machine. And like a lot of great ideas like JavaScript, it was originally designed to bring new experiences to browsers everywhere. And as organizations looked at the portability and security value props that come from this tiny little virtual machine, it's made a wonderful addition to backend servers and as a platform for portability to bring solutions all the way out to the edge. >> So what are some of the business cases for WebAssembly? Like what problem, what business problem are we solving? >> So it, you know, we would not have been able to bring Photoshop to the web without WASM. >> Wow. >> And just to be clear, I had nothing to do with that effort. So I want to make sure everybody understands, but if you have a lot of C++ or C code and you want to bring that experience to the web browser which is a great cost savings, cause it's running on the client's machines, really low latency, high performance experiences in the browser, WASM, really the only way to go. >> So I'm getting hints of fruit berry, Java. >> Liam: Yeah, absolutely. >> Colin: Definitely. >> You know, the look, WebAssembly sounds similar to promises you've heard before, right ones, run anywhere. The difference is, is that WebAssembly is not driven by any one particular vendor. So there's no one vendor that's trying to bring a plug in to every single device. WebAssembly was a recognition, much like Kubecon, the point that we started with around the diversity of thought ideas and representation of shared interest, of how do we have a platform that's polyglot? Many people can bring languages to it, and solutions that we can share and then build from there. And it is unlocking some of the most amazing and innovative experiences, both on the web backend servers and all the way to the edge. Because WebAssembly is a tiny little virtual machine that runs everywhere. Adobe's leadership is absolutely incredible with the things that they're doing with WebAssembly. They did this awesome blog post with the Google Chrome team that talked about other performance improvements that were brought into Chrome and other browsers, in order to enable that kind of experience. >> So I get the general concept of WebAssembly and it's one of those things that I have to ask the question, and I appreciate that Adobe uses it but without the community, I mean, I've dedicated some of my team's resources over the years to some really cool projects and products that just died on the buying cause there was no community around. >> Yeah. >> Who else uses WebAssembly? >> Yeah, I think so. We actually, inside the CNCF now, have an entire day devoted just to WebAssembly and as the co-chair of the CNCF Cloud Native WebAssembly Day, we really focus on bringing those case studies to the forefront. So some of the more interesting talks that we had here and at some of the precursor weekend conferences were from BMW, for example, they talked about how they were excited about not only WebAssembly, but a framework that they use on WebAssembly called WASM cloud, that lets them a flexibly scale machine learning models from their own edge, in their own vehicles through to their developer's workstations and even take that data onto their regular cloud Kubernetes and scale analysis and analytics. They invested and they just released a machine learning framework for one of the many great WebAssembly projects called WASM cloud, which is a CNCF project, a member project here in the CNCF. >> So how does that fit in overall landscape? >> So think of WebAssembly, like you think of HTML. It's a technology that gives you a lot of concept and to accelerate your journey on those technologies, people create frameworks. For example, if you were going to write a UI, you would not very likely start with an empty document you'd start with a react or view. And in a similar vein, if you were going to start a new microservice or backend application, project for WebAssembly, you might use WASM cloud or you might use ATMO or you might use a Spin. Those are three different types of projects. They all have their own different value props and their own different opinions that they bring to them. But the point is is that this is a quickly evolving space and it's going to dramatically change the type of experiences that we bring, not only to web browsers but to servers and edges everywhere. >> So Colin, you mentioned C+ >> Colin: Yeah. >> And other coding. Well , talk to me about the ramp up. >> Oh, well, so, yeah, so, C++ there was a lot of work done in scripting, at Adobe. Taking our C++ code and bringing it into the browser. A lot of new instructions, Cimdi, that were brought to make a really powerful experience, but what's new now is the server side aspect of things. So, just what kind of, what Liam was talking about. Now we can run this stuff in the data center. It's not just for people's browsers anymore. And then we can also bring it out to the edge too, which is a new space that we can take advantage of really almost only through WebAssembly and some JavaScript. >> So wait, let me get this kind of under hook. Before, if I wanted a rich experience, I have to run a heavy VDI instance on the back end so that I'm basically getting remote desktop calls from a light thin client back to my backend server, that's heavy. >> That is heavy. >> WebAssembly is alternative to that? >> Yes, absolutely. Think of WebAssembly as a tiny little CPU that is a shim, that we can take the places that don't even traditionally have a concept of a processor. So inside the browser, for example, traditionally cloud native development on the backend has been dominated by things like Docker and Docker is a wonderful technology and Container is a wonderful technology that really drove the last 10 years of cloud native with the great lift and shift, if you will. Take our existing applications, package them up in this virtual desktop and then deliver them. But to deliver the next 10 years of experiences, we need solutions that let us have portability first and a security model that's portable across the entire landscape. So this isn't just browsers and servers on the back end, WebAssembly creates an a layer of equality from truly edge to edge. It's can transcend different CPUs, different operating systems. So where containers have this lower bound off you need to be running Linux and you need to be in a place where you're going to bring Kubernetes. WebAssembly is so small and portable, it transcends that lower bound. It can go to places like iOS. It can go to places like web browsers. It can even go to teeny tiny CPUs that don't even traditionally have a full on operating systems inside them. >> Colin: Right, places where you can't run Docker. >> So as I think about that, and I'm a developer and I'm running my back end and I'm running whatever web stack that I want, how does this work? Like, how do I get started with it? >> Well, there's some great stuff Liam already mentioned with WASM cloud and Frmion Spin. Microsoft is heavily involved now on providing cloud products that can take advantage of WebAssembly. So we've got a lot of languages, new languages coming in.net and Ruby, Rust is a big one, TinyGo, really just a lot of places to get involved. A lot of places to get started. >> At the highest level Finton Ryan, when he was at Gartner, he's a really well known analyst. He wrote something profound a few years ago. He said, WebAssembly is the one technology, You don't need a strategy to adopt. >> Mm. >> Because frankly you're already using it because there's so many wonderful experiences and products that are out there, like what Adobe's doing. This virtual CPU is not just a platform to run on cloud native and to build applications towards the edge. You can embed this virtual CPU inside of applications. So cases where you would want to allow your users to customize an application or to extend functionality. Give you an example, Shopify is a big believer in WebAssembly because while their platform covers, two standard deviations or 80% of the use cases, they have a wonderful marketplace of extensions that folks can use in order to customize the checkout process or apply specialized discounts or integrate into a partner ecosystem. So when you think about the requirements for those scenarios, they line up to the same requirements that we have in browsers and servers. I want real security. I want portability. I want reuseability. And ultimately I want to save money and go faster. So organizations everywhere should take a few minutes and do a heads up and think about one, where WebAssembly is already in their environment, inside of places like Envoy and Istio, some of the most popular projects in the cloud native ecosystem, outside of Kubernetes. And they should perhaps consider studying, how WebAssembly can help them to transform the experiences that they're delivering for their customers. This may be the last day of Kubecon, but this is certainly not the last time we're going to be talking about WebAssembly, I'll tell you that. >> So, last question, we've talked a lot about how to get started. How about day two, when I'm thinking about performance troubleshooting and ensuring clients have a great experience what's day two operation like? >> That's a really good question. So there's, I know that each language kind of brings their own tool chain and their, and you know we saw some great stuff on, on WASM day. You can look it up around the .net experience for debugging, They really tried to make it as seamless and the same as it was for native code. So, yeah, I think that's a great question. I mean, right now it's still trying to figure out server side, It's still, as Liam said, a shifting landscape. But we've got some great stuff out here already >> You know, I'd make an even bigger call than that. When I think about the last 20 years as computing has evolved, we've continued to move through these epics of tech that were dominated by a key abstraction. Think about the rise of virtualization with VMware and the transition to the cloud. The rise of containerization, we virtualized to OS. The rise of Kubernetes and CNCF itself, where we virtualize cloud APIs. I firmly believe that WebAssembly represents the next epic of tech. So I think that day two WebAssembly continues to become one of the dominant themes, not only across cloud native but across the entire technical computing landscape. And it represents a fundamentally gigantic opportunity for organizations such as Adobe, that are always market leading and at the cutting edge of tech, to bring new experiences to their customers and for vendors to bring new platforms and tools to companies that want to execute on that opportunity. >> Colin Murphy, Liam Randall, I want to thank you for joining the Cube at Kubecon Cloudnativecon 2022. I'm now having a JavaScript based app that I want to re-look at, and maybe re-platforming that to WebAssembly. It's some lot of good stuff there. We want to thank you for tuning in to our coverage of Kubecon Cloudnativecon. And we want to thank the organization for hosting us, here from Valencia, Spain. I'm Keith Townsend, and you're watching the Cube, the leader in high tech coverage. (bright music)

(upbeat music) >> Hello, and welcome to this startup showcase. It's great to be here and talk about some of the innovations we are doing at AWS, how we work with our partner community, especially our open source partners. My name is Deepak Singh. I run our compute services organization, which is a very vague way of saying that I run a number of things that are connected together through compute. Very specifically, I run a container services organization. So for those of you who are into containers, ECS, EKS, fargate, ECR, App Runner Those are all teams that are within my org. I also run the Amazon Linux and BottleRocketing. So anything AWS does with Linux, both externally and internally, as well as our high-performance computing team. And perhaps very relevant to this discussion, I run the Amazon open source program office. Serving at AWS for over 13 years, almost 14, involved with compute in various ways, including EC2. What that has done has given me a vantage point of seeing how our customers use the services that we build for them, how they leverage various partner solutions, and along the way, how AWS itself has gotten involved with opensource. And I'll try and talk to you about some of those factors and how they impact, how you consume our services. So why don't we get started? So for many of you, you know, one of the things, there's two ways to look at AWS and open-source and Amazon in general. One is the number of contributors you may have. And the number of repositories that contribute to. Those are just a couple of measures. There are people that I work with on a regular basis, who will remind you that, those are not perfect measures. Sometimes you could just contribute to one thing and have outsized impact because of the nature of that thing. But it address being what it is, increasingly we'll look at different ways in which we can help contribute and enhance open source 'cause we consume a lot of it as well. I'll talk about it very specifically from the space that I work in the container space in particular, where we've worked a lot with people in the Kubernetes community. We've worked a lot with people in the broader CNCF community, as well as, you know, small projects that our customers might have got started off with. For example, I want to like talking about is Argo CD from Intuit. We were very actively involved with helping them figure out what to do with it. And it was great to see how into it. And we worked, etc, came together to think about get-ups at the Kubernetes level. And while those are their projects, we've always been involved with them. So we try and figure out what's important to our customers, how we can help and then take because of that. Well, let's talk about a little bit more, here's some examples of the kinds of open source projects that Amazon and AWS contribute to. They arranged from the open JDK. I think we even now have our own implementation of Java, the Corretto open source project. We contribute to projects like rust, where we are very active in the rest foundation from a leadership role as well, the robot operating system, just to pick some, we collaborate with Facebook and actively involved with the pirates project. And there's many others. You can see all the logos in here where we participate either because they're important to us as AWS in the services that we run or they're important to our customers and the services that they consume or the open source projects they care about and how we get to those. How we get and make those decisions is often depends on the importance of that particular project. At that point in time, how much impact they're having to AWS customers, or sometimes very feel that us contributing to that project is super critical because it helps us build more robust services. I'll talk about it in a completely, you know, somewhat different basis. You may have heard of us talk about our new next generation of Amazon Linux 2022, which is based on fedora as its sub stream. One of the reasons we made this decision was it allows us to go and participate in the preneurial project and make sure that the upstream project is robust, stays robust. And that, that what that ends up being is that Amazon Linux 2022 will be a robust operating system with the kinds of capabilities that our customers are asking for. That's just one example of how we think about it. So for example, you know, the Python software foundation is something that we work with very closely because so many of our customers use Python. So we help run something like PyPy which is many, you know, if you're a Python developer, I happened to be a Ruby one, but lots of our customers use Python and helping the Python project be robust by making sure PyPy is available to everybody is something that we help provide credits for help support in other ways. So it's not just code. It can mean many different ways of contributing as well, but in the end code and operations is where we hang our happens. Good examples of this is projects that we will create an open source because it makes sense to make sure that we open source some of the core primitives or foundations that are part of our own services. A great example of that, whether this be things that we open source or things that we contribute to. And I'll talk about both and I'll talk about things near and dear to my heart. There's many examples I've picked the two that I like talking about. The first of these is firecracker. Many of you have heard about it, a firecracker for those of you who don't know is a very lightweight virtual machine manager, which allows you to run these micro VMs. And why was this important many years ago when we started Lambda and quite honestly, Fugate and foggy, it still runs quite a bit in that mode, we used to have to run on VMs like everything else and finding the right VM for the size of tasks that somebody asks for the size of function that somebody asks for is requires us to provision capacity ahead of time. And it also wastes a lot of capacity because Lambda function is small. You won't even if you find the smallest VM possible, those can be a little that can be challenging. And you know, there's a lot of resources that are being wasted. VM start at a particular speed because they have to do a whole bunch of things before the operating system spins up and the virtual machine spins up and we asked ourselves, can we do better? come up with something that allows us to create right size, very lightweight, very fast booting. What's your machines, micro virtual machine that we ended up calling them. That's what led to firecracker. And we open source the project. And today firecrackers use, not just by AWS Lambda or foggy, but by a number of other folks, there's companies like fly IO that are using it. We know people using firecracker to run Kubernetes on prem on bare metal as an example. So we've seen a lot of other folks embrace it and use it as the foundation for building their own serverless services, their own container services. And we think there's a lot of value and learnings that we can bring to the table because we get the experience of operating at scale, but other people can bring to the table cause they may have specific requirements that we may not find it as important from an AWS perspective. So that's firecracker an example of a project where we contribute because we feel it's fundamentally important to us as continually. We were found, you know, we've been involved with continuity from the beginning. Today, we are a whole team that does nothing else, but contribute to container D because container D underlies foggy. It underlies our Kubernetes offerings. And it's increasingly being used by customers directly by their placement. You know, where they're running container D instead of running a full on Docker or similar container engine, what it has allowed us to do is focus on what's important so that we can operate continuously at scale, keep it robust and secure, add capabilities to it that AWS customers need manifested often through foggy Kubernetes, but in the end, it's a win-win for everybody. It makes continuously better. If you want to use containers for yourself on AWS, that's a great way to you. You know, you still, you still benefit from all the work that we're doing. The decision we took was since it's so important to us and our customers, we wanted a team that lived in breathed container D and made sure a super robust and there's many, many examples like that. No, that we ended up participating in, either by taking a project that exists or open sourcing our own. Here's an example of some of the open source projects that we have done from an AWS on Amazon perspective. And there's quite a few when I was looking at this list, I was quite surprised, not quite surprised I've seen the reports before, but every time I do, I have to recount and say, that's a lot more than one would have thought, even though I'd been looking at it for such a long time, examples of this in my world alone are things like, you know, what work had to do with Amazon Linux BottleRocket, which is a container host operating system. That's been open-sourced from day one. Firecracker is something we talked about. We have a project called AWS peril cluster, which allows you to spin up high performance computing clusters on AWS using the kind of schedulers you may use to use like slum. And that's an open source project. We have plenty of source projects in the web development space, in the security space. And more recently things like the open 3d engine, which is something that we are very excited about and that'd be open sourced a few months ago. And so there's a number of these projects that cover everything from tooling to developer, application frameworks, all the way to database and analytics and machine learning. And you'll notice that in a few areas, containers, as an example, machine learning as an example, our default is to go with open source option is where we can open source. And it makes sense for us to do so where we feel the product community might benefit from it. That's our default stance. The CNCF, the cloud native computing foundation is something that we've been involved with quite a bit. You know, we contribute to Kubernetes, be contribute to Envoy. I talked about continuity a bit. We've also contributed projects like CDK 8, which marries the AWS cloud development kit with Kubernetes. It's now a sandbox project in Kubernetes, and those are some of the areas. CNCF is such a wide surface area. We don't contribute to everything, but we definitely participate actively in CNCF with projects like HCB that are critical to eat for us. We are very, very active in just how the project evolves, but also try and see which of the projects that are important to our customers who are running Kubernetes maybe by themselves or some other project on AWS. Envoy is a good example. Kubernetes itself is a good example because in the end, we want to make sure that people running Kubernetes on AWS, even if they are not using our services are successful and we can help them, or we can work on the projects that are important to them. That's kind of how we think about the world. And it's worked pretty well for us. We've done a bunch of work on the Kubernetes side to make sure that we can integrate and solve a customer problem. We've, you know, from everything from models to work that we have done with gravity on our arm processor to a virtual GPU plugin that allows you to share and media GPU resources to the elastic fabric adapter, which are the network device for high performance computing that it can use at Kubernetes on AWS, along with things that directly impact Kubernetes customers like the CDKs project. I talked about work that we do with the container networking interface to the Amazon control of a Kubernetes, which is an open source project that allows you to use other AWS services directly from Kubernetes clusters. Again, you notice success, Kubernetes, not EKS, which is a managed Kubernetes service, because if we want you to be successful with Kubernetes and AWS, whether using our managed service or running your own, or some third party service. Similarly, we worked with premetheus. We now have a managed premetheus service. And at reinvent last year, we announced the general availability of this thing called carpenter, which is a provisioning and auto-scaling engine for Kubernetes, which is also an open source project. But here's the beauty of carpenter. You don't have to be using EKS to use it. Anyone running Kubernetes on AWS can leverage it. We focus on the AWS provider, but we've built it in such a way that if you wanted to take carpenter and implemented on prem or another cloud provider, that'd be completely okay. That's how it's designed and what we anticipated people may want to do. I talked a little bit about BottleRocket it's our Linux-based open-source operating system. And the thing that we have done with BottleRocket is make sure that we focus on security and the needs of customers who want to run orchestrated container, very focused on that problem. So for example, BottleRocket only has essential software needed to run containers, se Linux. I just notice it says that's the lineups, but I'm sure that, you know, Lena Torvalds will be pretty happy. And seeing that SE linux is enabled by default, we use things like DM Verity, and it has a read only root file system, no shell, you can assess it. You can install it if you wanted to. We allowed it to create different bill types, variants as we call them, you can create a variant for a non AWS resource as well. If you have your own homegrown container orchestrator, you can create a variant for that. It's designed to be used in many different contexts and all of that is open sourced. And then we use the update framework to publish and secure repository and kind of how this transactional system way of updating the software. And it's something that we didn't invent, but we have embraced wholeheartedly. It's a bottle rockets, completely open source, you know, have partners like Aqua, where who develop security tools for containers. And for them, you know, something I bought in rocket is a natural partnership because people are running a container host operating system. You can use Aqua tooling to make sure that they have a secure Indiana environment. And we see many more examples like that. You may think so over us, it's all about AWS proprietary technology because Lambda is a proprietary service. But you know, if you look peek under the covers, that's not necessarily true. Lambda runs on top of firecracker, as we've talked about fact crackers and open-source projects. So the foundation of Lambda in many ways is open source. What it also allows people to do is because Lambda runs at such extreme scale. One of the things that firecracker is really good for is running at scale. So if you want to build your own firecracker base at scale service, you can have most of the confidence that as long as your workload fits the design parameters, a firecracker, the battle hardening the robustness is being proved out day-to-day by services at scale like Lambda and foggy. For those of you who don't know service support services, you know, in the end, our goal with serverless is to make sure that you don't think about all the infrastructure that your applications run on. We focus on business logic as much as you can. That's how we think about it. And serverless has become its own quote-unquote "Sort of environment." The number of partners and open-source frameworks and tools that are spun up around serverless. In which case mostly, I mean, Lambda, API gateway. So it says like that is pretty high. So, you know, number of open source projects like Zappa server serverless framework, there's so many that have come up that make it easier for our customers to consume AWS services like Lambda and API gateway. We've also done some of our own tooling and frameworks, a serverless application model, AWS jealous. If you're a Python developer, we have these open service runtimes for Lambda, rust dot other options. We have amount of number of tools that we opened source. So in general, you'll find that tooling that we do runtime will tend to be always be open-sourced. We will often take some of the guts of the things that we use to build our systems like firecracker and open-source them while the control plane, etc, AWS services may end up staying proprietary, which is the case in Lambda. Increasingly our customers build their applications and leverage the broader AWS partner network. The AWS partner network is a network of partnerships that we've built of trusted partners. when you go to the APN website and find a partner, they know that that partner meets a certain set of criteria that AWS has developed, and you can rely on those partners for your own business. So whether you're a little tiny business that wants some function fulfill that you don't have the resources for or large enterprise that wants all these applications that you've been using on prem for a long time, and want to keep leveraging them in the cloud, you can go to APN and find that partner and then bring their solution on as part of your cloud infrastructure and could even be a systems integrator, for example, to help you solve this specific development problem that you may have a need for. Increasingly, you know, one of the things we like to do is work with an apartment community that is full of open-source providers. So a great one, there's so many, and you have, we have a panel discussion with many other partners as well, who make it easier for you to build applications on AWS, all open source and built on open source. But I like to call it a couple of them. The first one of them is TIDELIFT. TIDELIFT, For those of you who don't know is a company that provides SAS based tools to curate track, manage open source catalogs. You know, they have a whole network of maintainers and providers. They help, if you're an independent open developer, or a smart team should probably get to know TIDELIFT. They provide you benefits and, you know, capabilities as a developer and maintainer that are pretty unique and really help. And I've seen a number of our open source community embraced TIDELIFT quite honestly, even before they were part of the APN. But as part of the partner network, they get to participate in things like ISP accelerate and they get to they're officially an advanced tier partner because they are, they migrated the SAS offering onto AWS. But in the end, if you're part of the open source supply chain, you're a maintainer, you are a developer. I would recommend working with TIDELIFT because their goal is making all of you who are developing open source solutions, especially on AWS, more successful. And that's why I enjoy this partnership with them. And I'm looking to do a lot more because I think as a company, we want to make sure that open source developers don't feel like they are not supported because all you have to do is read various forums. It's challenging often to be a maintainer, especially of a small project. So I think with helping with licensing license management, security identification remediation, helping these maintainers is a big part of what TIDELIFT to us and it was great to see them as part of a partner network. Another partner that I like to call sysdig. I actually got introduced to them many years ago when they first launched. And one of the things that happened where they were super interested in some of our serverless stuff. And we've been trying to figure out how we can work together because all of our customers are interested in the capabilities that cystic provides. And over the last few years, he found a number of areas where we can collaborate. So sysdig, I know them primarily in a security company. So people use cystic to secure the bills, detect, you know, do threat response, threat detection, completely continuously validate their posture, get this continuous analytics signal on how they're doing and monitor performance. At the end of it, it's a SAS platform. They have a very nice open source security stack. The one I'm most familiar with. And I think most of you are probably familiar with is Falco. You know, sysdig, a CNCF project has been super popular. It's just to go SSS what 3, 37, 40 million downloads by now. So that's pretty, pretty cool. And they have been a great partner because we've had to do make sure that their solution works at target, which is not a natural place for their software to run, but there was enough demand and interest from our customers that, you know, or both companies leaned in to make sure they can be successful. So last year sister got a security competency. We have a number of specific competencies that we for our partners, they have integration and security hub is great. partners are lean in the way cystic has onto making our customer successful. And working with us are the best partners that we have. And there's a number of open source companies out there built on open source where their entire portfolio is built on open source software or the active participants like we are that we love working with on a day to day basis. So, you know, I think the thing I would like to, as we wind this out in this presentation is, you know, AWS is constantly looking for partnerships because our partners enable our customers. They could be with companies like Redis with Mongo, confluent with Databricks customers. Your default reaction might be, "Hey, these are companies that maybe compete with AWS." but no, I mean, I think we are partners as well, like from somebody at the lower end of the spectrum where people run on top of the services that I own on Linux and containers are SE 2, For us, these partners are just as important customers as any AWS service or any third party, 20 external customer. And so it's not a zero sum game. We look forward to working with all these companies and open source projects from an AWS perspective, a big part of how, where my open source program spends its time is making it easy for our developers to contribute, to open source, making it easy for AWS teams to decide when to open source software or participate in open source projects. Over the last few years, we've made significant changes in how we reduce the friction. And I think you can see it in the results that I showed you earlier in this stock. And the last one is one of the most important things that I say and I'll keep saying that, that we do as AWS is carry the pager. There's a lot of open source projects out there, operationalizing them, running them at scale is not easy. It's not all for whatever reason. It may not have anything to do with the software itself. But our core competency is taking that and being really good at operating it and becoming experts at operating it. And then ideally taking that expertise and experience and operating that project, that software and contributing back upstream. Cause that makes it better for everybody. And I think you'll see us do a lot more of that going forward. We've been doing that for the last few years, you know, in the container space, we do it every day. And I'm excited about the possibilities. With that. Thank you very much. And I hope you enjoy the rest of the showcase. >> Okay. Welcome back. We have Deepak sing here. We just had the keynote closing keynote vice-president of compute services. Deepak. Great to a great keynote, great wisdom and insight from that session. A very notable highlights and cutting edge trends and product information. Thanks for sharing. >> No, anytime it's always good to be here. It's too bad that we still doing this virtually, but always good to talk to you, John. >> We'll get hopefully through this way pretty quickly, I want to jump right in. Cause we don't have a lot of time. I want to get some quick question. You've brought up a good things. Open source innovation. Okay. Going next level. You've seen the rise of super clouds and super apps developing at open source. You're seeing big companies contributing, you know, you mentioned Argo into it. You're seeing that dynamic where companies are forming around this. This is a rising tide. This is, this is actually real. It's not the old school of, okay, here's a project. And then someone manages support and commercialization of it. It's actually platform in cloud scale. This is next gen. >> Yeah. And actually I think it started a few years ago. We can talk about a company that, you know, you're very familiar with as part of this event, which is armory many years ago, Netflix spun off this project called Spinnaker. A Spinnaker is CISED you know, CSED system that was developed at Netflix for their own purposes, but they chose to open solicit. And since then, it's become very popular with customers who want to use it even on prem. And you have a company that spun up on it. I think what's making this world very unique is you have very large companies like Facebook that will build things for themselves like VITAS or Netflix with Spinnaker and open source them. And you can have a lot of discussion about why they chose to do so, etc. But increasingly that's becoming the default when Amazon or Netflix or Facebook or Mehta, I guess you call them these days, build something for themselves for their own needs. The first question we ask ourselves is, should it be opensource? And increasingly we are all saying yes. And here's what happens because of that. It gives an opportunity depending on how you open source it for innovation through commercial deployments, so that you get SaaS companies, you know, that are going to take that product and make it relevant and useful to a very broad number of customers. You build partnerships with cloud providers like AWS, because our customers love this open source project and they need help. And they may choose an AWS managed service, or they may end up working with this partner on a day-to-day basis. And we want to work with that partner because they're making our customers successful, which is one reason all of us are here. So you're having this set of innovation from large companies from, you know, whether they are just consumer companies like Metta infrastructure companies like us, or just random innovation that's happening in an open source project that which ends up in companies being spun up and that foster that innovative innovation and that flywheel that's happening right now. And I think you said that like, this is unique. I mean, you never saw this happen before from so many different directions. >> It really is a nice progression on the business model side as well. You mentioned Argo, which is a great organic thing that was Intuit developed. We just interviewed code fresh. They just presented here in the showcase as well. You seeing the formation around these projects develop now in the community at a different scale. I mean, look at code fresh. I mean, Intuit did it Argo and they're not just supporting it. They're building a platform. So you seeing the dynamics of tools and now emerging the platforms, you mentioned Lambda, okay. Which is proprietary for AWS and your talk powered by open source. So again, open source combined with cloud scale allows for new potential super applications or super clouds that are developing. This is a new phenomenon. This isn't just lift and shift and host on the cloud. This is actually a construction production developer workflow. >> Yeah. And you are seeing consumers, large companies, enterprises, startups, you know, it used to be that startups would be comfortable adopting some of these solutions, but now you see companies of all sizes doing so. And I said, it's not just software it's software, the services increasingly becoming the way these are given, delivered to customers. I actually think the innovation is just getting going, which is why we have this. We have so many partners here who are all in inventing and innovating on top of open source, whether it's developed by them or a broader community. >> Yeah. I liked, I liked the represent container. Do you guys have, did that drove that you've seen a lot of changes and again, with cloud scale and open source, you seeing the dynamics change, whether you're enabling that, and then you see kind of like real big change. So let's take snowflake, a big customer of AWS. They started out as a startup too, but they weren't a data warehouse. They were bringing data warehouse like functionality and then changing everything differently and making it consumable for the cloud. And hence they're huge. So that's a disruption into an incumbent leader or sector. Then you've got new capabilities emerging. What's your thoughts, Deepak? Can you share your vision on how you have the disruption to existing leaders, old guard, if you will, as you guys call them and then new capabilities as these new platforms emerge at a net new functionality, how do you see that emerging? >> Yeah. So I speak from my side of the world. I've lived in over the last few years, which has containers and serverless, right? There's a lot of, if you go to any enterprise and ask them, do you want to modernize the infrastructure? Do you want to take advantage of automated software delivery, continuous delivery infrastructure as code modern observability, all of them will say yes, but they also are still a large enterprise, which has these enterprise level requirements. I'm using the word enterprise a lot. And I usually it's a trigger word for me because so many customers have similar requirements, but I'm using it here as large company with a lot of existing software and existing practices. I think the innovation that's coming and I see a lot of companies doing that is saying, "Hey, we understand the problems you want to solve. We understand the world where you live in, which could be regulated." You want to use all these new modalities. How do we allow you to use all of them? Keep the advantages of switching to a Lambda or switching to, and a service running on far gate, but give you the same capabilities. And I think I'll bring up cystic here because we work so closely with them on Falco. As an example, I just talked about them in my keynote. They could have just said, "Oh no, we'll just support the SE2 and be done with it." They said, "No, we're going to make sure that serverless containers in particular are something that you're going to be really good at because our customers want to use them, but requires us to think differently. And then they ended up developing new things like Falco that are born in this new world, but understand the requirements of the old world. If you get what I'm saying. And I think that a real example. >> Yeah. Oh, well, I mean, first of all, they're smart. So that was pretty obvious for most people that know, sees that you can connect the dots on serverless, which is a great point, but not everyone can see that again, this is what's new and and systig was just found in his backyard. As I found out on my interview, a great, great founder, they would do a new thing. So it was a very easy to connect the dots there again, that's the trend. Well, I got to ask if they're doing that for serverless, you mentioned graviton in your speech and what came out of you mentioned graviton in your speech and what came out of re-invent this past year was all the innovation going on at the compute level with gravitron at many levels in the Silicon. How should companies and open source developers think about how to innovate with graviton? >> Yeah, I mean, you've seen examples from people blogging and tweeting about how fast their applications run and grab it on the price performance benefits that they get, whether it's on, you know, whether it's an observability or other places. something that AWS is going to embrace across a compute something that AWS is going to embrace across a compute portfolio. Obviously you can go find EC2 instances, the gravitron two instances and run on them and that'll be great. But we know that most of our customers, many of our customers are building new applications on serverless containers and serveless than even as containers increasingly with things like foggy, where they don't want to operate the underlying infrastructure. A big part of what we're doing is to make sure that graviton is available to you on every compute modality. You can run it on a C2 forever. You've been running, being able to use ECS and EKS and run and grab it on almost since launch. What do you want me to take it a step further? You elastic Beanstalk customers, elastic Beanstalk has been around for a decade, but you can now use it with graviton. people running ECS on for gate can now use graviton. Lambda customers can pick graviton as well. So we're taking this price performance benefits that you get So we're taking this price performance benefits that you get from graviton and basically putting it across the entire compute portfolio. What it means is every high level service that gets built on compute infrastructure. And you get the price performance benefits, you get the price performance benefits of the lower power consumption of arm processes. So I'm personally excited like crazy. And you know, this has graviton 2 graviton 3 is coming. >> That's incredible. It's an opportunity like serverless was it's pretty obvious. And I think hopefully everyone will jump on that final question as the time's ticking here. I want to get your thoughts quickly. If you look at what's happened with containers over the past say eight years since the original founding of the first Docker instance, if you will, to how that's evolved and then the introduction of Kubernetes and the cloud native wave we're seeing now, what is, how would you describe the relationship between the success Docker, seeing now with Kubernetes in the cloud native construct what's different and why is this combination so successful? >> Yeah. I often say that containers would have, let me rephrase that. what I say is that people would have adopted sort of the modern way of running applications, whether containers came around or not. But the fact that containers came around made that migration and that journey is so much more efficient for people. So right from, I still remember the first doc that Solomon gave Billy announced DACA and starting to use it on customers, starting to get interested all the way to the more sort of advanced orchestration that we have now for containers across the board. And there's so many examples of the way you can do that. Kubernetes being the most, most well-known one. Here's the thing that I think has changed. I think what Kubernetes or Docker, or the whole sort of modern way of building applications has done is it's taken people who would have taken years adopting these practices and by bringing it right to the fingertips and rebuilding it into the APIs. And in the case of Kubernetes building an entire sort of software world around it, the number of, I would say number of decisions people have to take has gone smaller in many ways. There's so many options, the number of decisions that become higher, but the com the speed at which they can get to a result and a production version of an application that works for them is way low. I have not seen anything like what I've seen in the last 6, 7, 8 years of how quickly the most you know, the most I would say is, you know, a company that you would think would never adopt modern technology has been able to go from, this is interesting to getting a production really quickly. And I think it's because the tooling makes it So, and the fact that you see the adoption that you see right and the fact that you see the adoption that you see right from the fact that you could do Docker run Docker, build Docker, you know, so easily back in the day, all the way to all the advanced orchestration you can do with container orchestrator is today. sort of taking all of that away as well. there's never been a better time to be a developer independent of whatever you're trying to build. And I think containers are a big central part of why that's happened. >> Like the recipe, the combination of cloud-scale, the timing of Kubernetes and the containerization concepts just explode as a beautiful thing. And it creates more opportunities and will challenges, which are opportunities that are net new, but it solves the automation piece that we're seeing this again, it's only makes things go faster. >> Yes. >> And that's the key trend. Deepak, thank you so much for coming on. We're seeing tons of open cloud innovations, thanks to the success of your team at AWS and being great participants in the community. We're seeing innovations from startups. You guys are helping enabling that. Of course, they want to live on their own and be successful and build their super clouds and super app. So thank you for spending the time with us. Appreciate. >> Yeah. Anytime. And thank you. And you know, this is a great event. So I look forward to people running software and building applications, using AWS services and all these wonderful partners that we have. >> Awesome, great stuff. Great startups, great next generation leaders emerging. When you see startups, when they get successful, they become the modern software applications platforms out there powering business and changing the world. This is the cube you're watching the AWS startup showcase. Season two episode one open cloud innovations on John Furrier your host, see you next time.

>>Welcome everyone to the cubes presentation of the AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series and we're covering exciting and innovative startups from the AWS ecosystem. Today. We're going to focus on the open source community. I'm your host, Dave Vellante. And right now we're going to talk about open source security and mitigating risk in light of a recent discovery of a zero day flaw in log for J a Java logging utility and a related white house executive order that points to the FTC pursuing companies that don't properly secure consumer data as a result of this vulnerability and with me to discuss this critical issue and how to more broadly address software supply chain risk is Don Fisher. Who's the CEO of tide lift. Thank you for coming on the program, Donald. >>Thanks for having me excited to be here. Yeah, pleasure. >>So look, there's a lot of buzz. You open the news, you go to your favorite news site and you see this, you know, a log for J this is an, a project otherwise known as logged for shell. It's this logging tool. My understanding is it's, it's both ubiquitous and very easy to exploit. Maybe you could explain that in a little bit more detail. And how do you think this vulnerability is going to affect things this year? >>Yeah, happy to, happy to dig in a little bit in orient around this. So, you know, just a little definitions to start with. So log for J is a very widely used course component that's been around for quite a while. It's actually an amazing piece of technology log for J is used in practically every serious enterprise Java application over the last 10 going on 20 years. So it's, you know, log for J itself is fantastic. The challenge that organization organizations have been facing relate to a specific security vulnerability that was discovered in log for J and that has been given this sort of brand's name as it happens these days. Folks may remember Heartbleed around the openness to sell vulnerability some years back. This one has been dubbed logged for shell. And the reason why it was given that name is that this is a form of security vulnerability that actually allows attackers. >>You know, if a system is found that hasn't been patched to remediate it, it allows hackers to get full control of a, of a system of a server that has the software running on it, or includes this log for J component. And that means that they can do anything. They can access, you know, private customer data on that system, or really do anything and so-called shell level access. So, you know, that's the sort of definitions of what it is, but the reason why it's important is in the, in the small, you know, this is a open door, right? It's a, if, if organizations haven't patched this, they need to respond to it. But one of the things that's kind of, you know, I think important to recognize here is that this log for J is just one of literally thousands of independently created open source components that flow into the applications that almost every organization built and all of them all software is going to have security vulnerabilities. And so I think that log for J is, has been a catalyst for organizations to say, okay, we've got to solve this specific problem, but we all also have to think ahead about how is this all gonna work. If our software supply chain originates with independent creators across thousands of projects across the internet, how are we going to put a better plan in place to think ahead to the next log for J log for shell style incident? And for sure there will be more >>Okay. So you see this incident as a catalyst to maybe more broadly thinking about how to secure the, the digital supply chain. >>Absolutely. Yeah, it's a, this is proving a point that, you know, a variety of folks have been making for a number of years. Hey, we depend, I mean, honestly these days more than 70% of most applications, most custom applications are comprised of this third party open source code. Project's very similar in origin and governance to log for J that's just reality. It's actually great. That's an amazing thing that the humans collaborating on the internet have caused to be possible that we have this rich comments of open source software to build with, but we also have to be practical about it and say, Hey, how are we going to work together to make sure that that software as much as possible is vetted to ensure that it meets commercial standards, enterprise standards ahead of time. And then when the inevitable issues arise like this incident around the log for J library, that we have a great plan in place to respond to it and to, you know, close the close the door on vulnerabilities when they, when they show up. >>I mean, you know, when you listen to the high level narrative, it's easy to point fingers at organizations, Hey, you're not doing enough now. Of course the U S government has definitely made attempts to emphasize this and, and shore up in, in, in, in, in push people to shore up the software supply chain, they've released an executive order last may, but, but specifically, I mean, it's just a complicated situation. So what steps should organizations really take to make sure that they don't fall prey to these future supply chain attacks, which, you know, are, as you pointed out are inevitable. >>Yeah. I mean, it's, it's a great point that you make that the us federal government has taken proactive steps starting last year, 2021 in the fallout of the solar winds breach, you know, about 12 months ago from the time that we're talking, talking here, the U S government actually was a bit ahead of the game, both in flagging the severity of this, you know, area of concern and also directing organizations on how to respond to it. So the, in May, 2021, the white house issued an executive order on cybersecurity and it S directed federal agencies to undertake a whole bunch of new measures to ensure the security of different aspects of their technology and software supply chain specifically called out open source software as an area where they put, you know, hard requirements around federal agencies when they're acquiring technology. And one of the things that the federal government that the white house cybersecurity executive order directed was that organizations need to start with creating a list of the third-party open source. >>That's flowing into their applications, just that even have a table of contents or an index to start working with. And that's, that's called a, a software bill of materials or S bomb is how some people pronounce that acronym. So th the federal government basically requires federal agencies to now create Nessbaum for their applications to demand a software bill of materials from vendors that are doing business with the government and the strategy there has been to expressly use the purchasing power of the us government to level up industry as a whole, and create the necessary incentives for organizations to, to take this seriously. >>You know, I, I feel like the solar winds hack that you mentioned, of course it was widely affected the government. So we kind of woke them up, but I feel like it was almost like a stuck set Stuxnet moment. Donald were very sophisticated. I mean, for the first time patches that were supposed to be helping us protect, now we have to be careful with them. And you mentioned the, the bill of its software, bill of materials. We have to really inspect that. And so let's get to what you guys do. How do you help organizations deal with this problem and secure their open source software supply chain? >>Yeah, absolutely happy to tell you about, about tide lift and, and how we're looking to help. So, you know, the company, I co-founded the company with a couple of colleagues, all of whom are long-term open source folks. You know, I've been working in around commercializing open source for the last 20 years that companies like red hat and, and a number of others as have my co-founders the opportunity that we saw is that, you know, while there have been vendors for some of the traditional systems level, open source components and stacks like Linux, you know, of course there's red hat and other vendors for Linux, or for Kubernetes, or for some of the databases, you know, there's standalone companies for these logs, for shell style projects, there just hasn't been a vendor for them. And part of it is there's a challenge to cover a really vast territory, a typical enterprise that we inspect has, you know, upwards of 10,000 log for shell log for J like components flowing into their application. >>So how do they get a hand around their hands around that challenge of managing that and ensuring it needs, you know, reasonable commercial standards. That's what tide lifts sets out to do. And we do it through a combination of two elements, both of which are fairly unique in the market. The first of those is a purpose-built software solution that we've created that keeps track of the third-party open source, flowing into your applications, inserts itself into your DevSecOps tool chain, your developer tooling, your application development process. And you can kind of think of it as next to the point in your release process, where you run your unit test to ensure the business logic in the code that your team is writing is accurate and sort of passes tests. We do a inspection to look at the state of the third-party open source packages like Apache log for J that are flowing into your, into your application. >>So there's a software element to it. That's a multi-tenant SAS service. We're excited to be partnered with, with AWS. And one of the reasons why we're here in this venue, talking about how we are making that available jointly with AWS to, to drink customers deploying on AWS platforms. Now, the other piece of the, of our solution is really, really unique. And that's the set of relationships that Tyler has built directly with these independent open source maintainers, the folks behind these open source packages that organizations rely on. And, you know, this is where we sort of have this idea. Somebody is making that software in the first place, right? And so would those folks be interested? Could we create a set of aligned incentives to encourage them, to make sure that that software meets a bunch of enterprise standards and areas around security, like, you know, relating to the log for J vulnerability, but also other complicated parts of open source consumption like licensing and open source license, accuracy, and compatibility, and also maintenance. >>Like if somebody looking after the software going forward. So just trying to basically invite open source creators, to partner with us, to level up their packages through those relationships, we get really, really clean, clear first party data from the folks who create, maintain the software. And we can flow that through the tools that I described so that end organizations can know that they're building with open source components that have been vetted to meet these standards, by the way, there's a really cool side effect of this business model, which is that we pay these open source maintainers to do this work with us. And so now we're creating a new income stream around what previously had been primarily a volunteer activity done for impact in this universe of open source software. We're helping these open source maintainers kind of GoPro on an aspect of what they do around open source. And that means they can spend more time applying more process and tools and methodology to making that open source software even better. And that's good for our customers. And it's good for everyone who relies on open source software, which is really everyone in society these days. That's interesting. I >>Was going to ask you what's their incentive other than doing the right thing. Can you give us an example of, of maybe a example of an open source maintainer that you're working with? >>Yeah. I mean, w we're working with hundreds of open source maintainers and a few of the key open source foundations in different areas across JavaScript, Java PHP, Ruby python.net, and, you know, like examples of categories of projects that we're working with, just to be clear, are things like, you know, web frameworks or parser libraries or logging libraries, like a, you know, log for J and all the other languages, right? Or, you know, time and date manipulation libraries. I mean, they, these are sort of the, you know, kind of core building blocks of applications and individually, they, you know, they may seem like, you know, maybe a minor, a minor thing, but when you multiply them across how many applications these get used in and log for J is a really, really clarifying case for folks to understand this, you know, what can seemingly a small part of your overall application estate can have disproportionate impact on, on your operations? As we saw with many organizations that spent, you know, a weekend or a week, or a large part of the holidays, scrambling to patch and remediate this, a single vulnerability in one of those thousands of packages in that case log. >>Okay, got it. So you have this two, two headed, two vectors that I'm going to call it, your ecosystem, your relationship with these open source maintainers is kind of a, that just didn't happen overnight, and it develop those relationships. And now you get first party data. You monetize that with a software service that is purpose built as the monitor of the probe that actually tracks that third, third party activity. So >>Exactly right. Got it. >>Okay. So a lot of companies, Donald, I mean, this is, like I said before, it's a complicated situation. You know, a lot of people don't have the skillsets to deal with this. And so many companies just kind of stick their head in the sand and, you know, hope for the best, but that's not a great strategy. What are the implications for organizations if they don't really put the tools and processes into place to manage their open source, digital supply chain. >>Yeah. Ignoring the problem is not a viable strategy anymore, you know, and it's just become increasingly clear as these big headline incidents that happened like Heartbleed and solar winds. And now this logged for shell vulnerability. So you can, you can bet on that. Continuing into the future and organizations I think are, are realizing the ones that haven't gotten ahead of this problem are realizing this is a critical issue that they need to address, but they have help, right. You know, the federal government, another action beyond that cybersecurity executive order that was directed at federal agencies early last year, just in the last week or so, the FTC of the U S federal trade commission has made a much more direct warning to private companies and industry saying that, you know, issues like this log for J vulnerability risk exposing private, you know, consumer data. That is one of the express mandates of the FTC is to avoid that the FTC has said that this is, you know, bears on both the federal trade commission act, as well as the Gramm-Leach-Bliley act, which relates to consumer data privacy. >>And the FTC just came right out and said it, they said they cited the $700 million settlements that Equifax was subject to for their data breach that also related to open source component, by the way, that that had not been patched by, by Equifax. And they said the FTC intents to use its full legal authority to pursue companies that failed to take reasonable steps, to protect consumer data from exposure as a result of log for J or similar known vulnerabilities in the future. So the FTC is saying, you know, this is a critical issue for consumer privacy and consumer data. We are going to enforce against companies that do not take reasonable precautions. What are reasonable precautions? I think it's kind of a mosaic of solutions, but I'm glad to say tide lift is contributing a really different and novel solution to the mix that we hope will help organizations contend with this and avoid that kind of enforcement action from FTC or other regulators. >>Well, and the good news is that you can tap a tooling like tide lift in the cloud as a service and you know, much easier today than it was 10 or 15 years ago to, to resolve, or at least begin to demonstrate that you're taking action against this problem. >>Absolutely. There's new challenges. Now I'm moving into a world where we build on a foundation of independently created open source. We need new solutions and new ideas, and that's a, you know, that's part of what we're, we're, we're showing up with from the tide lift angle, but there's many other elements that are going to be necessary to provide the full solution around securing the open source supply chain going forward. >>Well, Donald Fisher of tide lift, thanks so much for coming to the cube and best of luck to your organization. Thanks for the good work that you guys do. >>Thanks, Dave. Really appreciate your partnership on this, getting the word out and yeah, thanks so much for today. >>Very welcome. And you are watching the AWS startup showcase open cloud innovations. Keep it right there for more action on the cube, your leader in enterprise tech coverage.

(upbeat music) >> Welcome to this CUBE Conversation. This is part of the second season of the AWS startup showcase, season two, episode one. I'm Dave Nicholson, and I am joined with a very special guest, CEO and co-founder of Tidelift, Mr. Donald Fischer. Donald, welcome to the CUBE. >> Thanks David. Really glad to be here. >> So, first and foremost, tell us about Tidelift. >> Happy to, yeah, so, at Tidelift we're on a mission. Our mission is to make open source software work better for everyone, and when we say that, we mean, make it work better for all the organizations and governments and everybody that depends on open source software to build the applications that we all rely on. But also part of our mission, is making open source work better for the creators of open source. The independent open source maintainers, who are behind so many of those building blocks, technology building blocks that our commerce industry and society is comprised of these days. They've got a hard task to hold up all of that stuff and make sure that it meets, you know, professional grade standards and that we can all rely on it. And so, we want to do our part to help both sides of that equation. >> Fantastic, well, I want to double click on a few of the things that you said, but I think I want to format this by starting out with a little role play between the two of us, if you don't mind. I know you're CEO, but for the sake of this, you're going to be the CIO and I'm going to be the CEO, and we're going to play off some recent events here. So, hey Donald, come on in, sit down. Listen, I want to talk to you about this whole log shell, log for something, or another thing that's going on. So, let me get this straight. Our multinational Fortune 500 company is dependent upon software, that's free, and somehow we've been running this and the people who maintain it, do it for free, we don't pay for it, but somehow this has opened us up to a threat from people who can log into a system we're using to keep track of stuff, and then, what's going on? By the way, you're fired, but I want to know if, I want to know if you can stay on for the next 90 days to train your replacement, but, explain to me what's going on with this whole open-source nonsense? >> Yeah. Don't panic boss. Only about 70 or 80% of the software in our enterprise that is third-party open source software. So, there's definitely, like 20 or 30% that's not, and we're on top of it. Now, yeah, I think it's a, you know, you're right to say, we are completely dependent on this software, that's being created by these, you know, amazing folks on the internet. Boss, you told me that we had to have a global corporation here with modern digital customer experience. We're not going to be able to do it using Microsoft front page from 1997, and there's no other path to take than to build with modern building blocks. And today in, you know, the modern era, that means building on open source packages and technologies across a whole slew of language, ecosystems, like JavaScript and Java PHP, Ruby, Python, .NET, Rust, Go, we use all of it here, boss, and, we don't get to have a business unless we do. >> Okay, so, I didn't understand a word that you just said, but it was enough to convince me to let you keep your job. So, end-scene, we're not getting paid scale wages to do this, Donald, so I think we can go back to our normal personas. So, how does Tidelift play into all of this? I'd really want to hear about this concept of what an open source maintainer is, because these are largely volunteers, aren't they, in terms of the maintenance that they're doing? >> Yeah, so, I mean, open source, there's a lot of different models for open source software development. There certainly are a number of foundational open source projects, certainly at the infrastructure level, like operating systems, databases and things like that, that tend to be, you know, predominantly driven by vendors, software vendors, you know, like you can think of Red Hat, VMware organizations like that. But when you get up to the application development world, teams, building, you know, websites, web applications, mobile applications, most of the building blocks at that tier in these a programming language ecosystems, most of the software there is actually being created, that enterprise organizations use, is being created by individual, independent, open source maintainers, where it's not their day job, it's a side hustle for them. And it's a really interesting question, like, how did we get here? You know, why are these folks doing it? It sort of rhymes with the question I asked myself years ago, like, who's typing all this stuff into Wikipedia, and why? Like, it's amazing resource, I'm so glad it's there, but why are they doing this, right? And it turns out that there's a bunch of motivations there's some cynical motivations for the open source maintainers that people attribute that are practical too, you know, people say your GitHub repository is your resume in as a modern developer, things like that helps you get a reputation, you can use that to get a job. But, when we've talked to the maintainers of the most widely used open source packages, and by that, I mean, thousands of packages that every major organization that builds software relies on, the main reason why they do it is actually impact. We find we've actually done direct surveys of this audience and the reason why they spend their nights and weekends and carve out time, where they could be, you know, getting paid to do something else or going skiing or going to the beach, is it really feels good to have this activity that they put out into the world, and, you know, they know that folks use this stuff and rely on it, and there's a pride in their work and the impact that they're making. But the challenge with this model is that when it's only an impact and pride, and sort of a, you know, a good feeling driven effort, it means that maybe all of the things that organizations might want their standards that organizations might want their software to meet doesn't get done, right? Like it's one thing, if you've got a job as a software engineer, building corporate software, or even as a, you know, a maintainer at a corporate open source company, and you have a checklist of, you know, standard enterprise software development, commercial grade software development tasks that you need to be completing, if you're doing it as a side hustle for good reasons, like impact and, you know, releasing your creative juice, you might not get to some of the more boring aspects of commercial software engineering, like security engineering and some of the documentation and release engineering and, you know, making sure there's structured metadata around all the elements of it. And then that's the gap that we're really trying to fill at Tidelift, by connecting these two audiences. >> Yeah. How? How? You want to fill the gap, you want to connect the audiences, but, how do you do that? >> Yeah, perfect, so, we do it by paying the maintainers, paying the open source maintainers, actual dollars, or the currency of their preference, and what we're paying them for is not just to sort of hack on their projects, or hack on their projects more, we're asking them to help us ensure that the software that the organizations that we work with depend on meets certain specific concrete enterprise standards, and those standards fall into three categories, security, licensing, and maintenance. So, on the security front, you know, a baseline standard, there is making sure that we have known versions of the open source packages that are free of known defects, right? So there's like a catalog of known security defects that the industry uses called the National Vulnerability Database, you may have seen the terminology CVE referred to in passing, that's the identifier for these things. So, we work with the open-source maintainers to make sure that we've figured out, mapped out, which versions of software packages are impacted by known security vulnerabilities. And then we also look forward and make sure that we have a plan in place for what happens in the future when there are security vulnerabilities. So, you know, traditional commercial software, there's a security response team, who's kind of standing by 24/7, ready to respond, and then there's a defined protocol of what's going to happen, in terms of what's called responsible disclosure, telling the right folks in the right sequence, that there is a vulnerability causing there to be a patch version of the software available, communicating that through, you know, traditional commercial software vendors for, you know, years have been doing that internally, that doesn't exist by default for volunteer, you know, part-time open source, independent open source maintainers. So we fill that gap and we pre-wire that with them to make sure that that first track security is can be buttoned up. >> So, you're paying them, are you and your co-founders wealthy philanthropists that are just doing this, or what's the business model here? Now you're pulling these people who were doing it for free, they're happy, but how does that translate into a business model for Tidelift. >> Perfect, so, the work that they're doing, you know, I talked a little bit about security, we also do similar things on those other attributes, like licensing, making sure that the licenses are completely accurate, and we kind of know who wrote the software, et cetera, and then maintenance, is it being proactively cared for going forward? Is somebody still on the case with these projects? Now, the result of all of that work, is we create a vetted catalog of known good open source releases that we've vetted with the experts, often the individuals and teams that wrote the code in the first place, usually, we vet that it meets these enterprise standards. That's a really useful tool for organizations that are building with that. So, the way that we convey that to organizations that are building software in a useful way is we have a SAS service software, that as a service platform, that's what Tidelift is, and basically, the teams that use this stuff, they plug us into their software development process, typically alongside other tools that they might have, like CI/CD tools that are running tests on their application logic, they'll plug in Tidelift into their release process to ensure that those, the 70 or 80% of the software that they ship, that comes from GitHub, comes from the Python package index, or NPM, or the Maven Central Repository for Java, we're vetting that that meets their enterprise standards and ensuring that the ingredients, the building blocks that go into their applications are known good and vetted to these concrete standards. And they are, you know, this is an unsolved problem for almost every serious organization. There's a couple of, you know, over-performing organizations, like Google has done some amazing internal work on this, Amazon has an incredible dedicated team that does this internally for Amazon developers, very few other organizations, even some of the largest multinational companies have a dedicated internal function doing this comprehensively and systematically. Tidelift is that function that these organizations can use. They can work with us and our network, our unique network of hundreds of these independent open source maintainers, to ensure that there is a feed of known good vetted packages to go into their applications. >> So, were maintainers going in and auditing, and editing, and vetting software that was essentially created by others? That's one question, and then the other question that kind of goes along with that is, are you vetting a gold copy of something and saying, this software meets certain criteria, you should feel okay using it, that's one thing. Validating that the actual distribution, you know, the actual code that's being executed in their enterprise is secure and hasn't been tampered with is another thing. So where do you sit in that distribution channel or that supply chain? >> Sure, so, on the distribution front, you can think of us, we're sort of a GPS system that your application developers can use to know which versions of software are going to meet your enterprise standards. We don't create a separate world where we have our own, you know, side copy of the entire development ecosystem. It's not what these organizations want. They don't want to use some weird enterprise world set of open source packages, they want to just, you know, type NPM install have the, you know, software flow into their organization, but they also want it to not have no insecurity vulnerabilities in it, and they don't want to get bitten two weeks or two years later with a license violation, because there was kind of fuzzy, or incomplete data around the open source license. So what we do is, we help them consume the open source software, you know, knowing that it's been vetted to these standards. And then we also work with the open source community to cause the software to be changed to meet those standards, right? So back to the first part of your question, We work with a lot of projects with the prime maintainers, often the authors, as I said, and we've actually been extending our model over the years to work with these open source maintainers to cover not just their own project, but, some of those neighboring projects, right? Like the core projects that their project depends on, other projects that are co-used with them, they have a lot of expertise, and also, you know, relationships with the surrounding open source community there. So, they're working with us as curators, if you will, our ambassadors that help us get on the community and cover as much of the landscape as possible. >> And, so, what's the relationship with AWS? This is, you know, we're talking here as part of the AWS startup showcase season two, episode one, which is, that's actually pretty cool. So we need to, you know, the challenge here is, season one was awesome, much like Ted Lasso, season two, we have big shoes to fill here, Donald. So, what's the-- >> We got to up our game. >> (laughs) What's the relationship with AWS? And, I mean, why would they call you out as someone interesting for us to talk to? >> Yeah, so, we've had a great relationship that we've been investing in, and working on together with AWS. So, every one of AWS's customers faces this challenge around the software workloads that they're deploying on AWS. You know, it's just, you can't argue against the fact that the vast majority of the application software in the modern world is comprised majority of this third-party open source software. And so, it's really important whether it's running on a device, you know, an Edge device, or whether it's running in a Cloud data center, that those applications meet these standards, especially on the security front. So, AWS recognizes this need and opportunity for their customers, and so we've been working really well jointly with them. We're glad to say that we're an ISV, and AWS ISV accelerate partner now, which gives us the ability to co-engage with AWS and work together to solve mutual customers challenges, and we've had a great time working with the AWS team to help scale up our efforts to get the word word out around this important area, and then more importantly, give organizations the tools to address it and make sure that they have a comprehensive strategy for managing their open source in place. >> Fantastic, Donald, we're up against time, but I do have a 10 second answer I'd like from you. Tidelift, is that a reference to a rising tide lifting all boats, or is it an admonishment not to build a house on the beach in Malibu? >> It's the former, you know, think about this network of independent open source maintainers, working together, a rising tide lifts all boats. >> Eight seconds, that was like four seconds. Perfect. Donald Fischer, from Tidelift, thank you so much. For me, Dave Nicholson here at the CUBE. This has been a CUBE Conversation, as part of AWS's startup showcase, season two, episode one. Come to the CUBE for the best in tech coverage. (soft music)

(upbeat music) >> Welcome to AnsibleFest, 2021, the virtual version. This is The Cube and my name is Dave Volante. We're going to dig into automation and its continuing evolution. Tom Anderson is here. He's the vice president of Red Hat Ansible, the automation platform. And Richard Henshall is also here, Senior Manager of Ansible Product Management, of course, at Red Hat. Guys, welcome to the cube. Good to see you. >> Thanks for having us. >> Thank you for having us Dave. You're welcome, so Rich with this latest release of the Ansible Automation Platform, AAP, we'll get the acronyms out of the way. The focus seems to be an expanding the reach of automation and its potential use cases. I mean, I'll say automation everywhere, not to be confused with the RPA vendor, but the point is, you're trying to make it easier to automate things like provisioning, configuration management, application deployment, throw in orchestration and all these other IT processes. Now, you've talked about this theme in previous releases of AAP. So what's new in this release? What can customers do now that they couldn't do before? >> Yeah, it's a good question thank you. So, we look at this in two dimensions. So, the first dimension we have is like where automation can happen, right? So, you know, we always have traditional data center, clouds being been very prevalent for us for the last, you know, sort of five, 10 years in most people's view. But now we have the Edge, right? So now we have Edge computing, which is sometimes a lot more of the same, but also it comes with a different dynamic of how it has to be sort of used and utilized by different use cases, different industry segments. But then, while you expand the use cases to make sure that people can do automation where they need to do it and make sure if we don't close to the Edge or close to the data center, based on where the technology needs to be run, you also have to think about who's now using automation. So, the second dimension is making sure that different users can take access. You mentioned like application deployment, or infrastructure, or network configuration. We expand the number of different users we have that are starting to take advantage of Ansible. So how do we get more developers? How do we get into the developer workflow, into the development workflow, for how Ansible is created, as well as how we help with the operational, the posts deployment stage that people do operating automation, as well as then the running of Ansible Automation Platform itself. >> Excellent, okay. So, in thinking about some of those various roles or personas, I mean, I think about product leads. I would see developers, obviously you're going to be in there. Managers I would think want that view. You know the thrust seems to be, you're trying to continue to enhance the experience, for these personas and others, I suppose, with new tooling. Maybe you could add some color to that and what's happening in the market Tom if you take this and Rich chime in, what's happening in the market that makes this so important? Who are the key roles and personas that you're targeting? >> Yeah. So, there's a couple of things happening here. I mean, traditionally the people that had been using Ansible to automate their subsystems were the domain expert for that subsystem, right? I'm the storage operations team. I'm the network operations team. I'm using this tool to automate the tasks that I do day to day to operate my piece of the sub system. Now, what they're being asked to do is to expose that subsystem to other constituencies in the organization, right? So they had not, they're not waiting for a call to come in to say, can I have a network segment? Can I have this storage allocated to me? Can I deploy these servers so I can start testing or building or deploying my application. Those subsystems need to be exposed to those different audiences. And so the type of automation that is required is different. Now, we need to expose those subsystems in a way that makes those domain owners comfortable. So they're okay with another audience having access to their subsystem. But at the same time, they're able to ensure the governance and compliance around that, and then give that third-party that developer, that QE person, that man, that business, that line of business manager, whoever it might be, that's accessing that resource, a interface that is friendly and easy enough for them to do. It's kind of the democratization. I know it's a cliche, but the democratization of automated automation within organizations, giving them roles, specific experiences, of how they can access these different subsystems and speed their access to these systems and deploy applications. >> So if we could stay on that for a second, cause that's a complicated situation. You're now opening this up. You Richard mentioned the Edge. So you got to make sure that the person that's getting access has access, but then you also have to make sure that that individual can't screw it up, do things that you don't want that individual to do. And it's probably a whole other set of compliance issues and policy things that you have to bake in. Is that, am I getting that right? >> Yeah. And then that's the aspect of it. When you start to think, you know, Tom listed off there, you know, 10, you can just keep adding different sort of personas that individuals that work in roles, identify with as themselves. I'm a network person, I'm a storage person. To us they're all just Ansible users, right? There may be using a slightly different way, maybe using it slightly different places, but they're just an Ansible user, right? And so as you have, like those people that just like become organically, you've now got thousands potentially of Ansible users inside a large enterprise organization, or if you know, a couple of hundred if your smaller. But you're then go, well, what do I do with Ansible, right? And so at that point, you then start to say, now we try to look at it as what's their use of Ansible itself, because it's not just a command line tool. It's got a management interface, it's got analytics, we've got content management, we've got operational runtime, we've got responsiveness to, you know, disaster recovery scenarios for when, you know, when you need to be able to do certain actions, you may use it in different ways at different places. So we start, try and break out, what is the person doing with Ansible Automation Platform at this part of their workflow? Are they creating content, right? Are they consuming content, or are they operating that automation content for those other constituent users that Tom referred to. >> Yeah, that's really helpful because there's context, there are different roles, different personas need different contexts, you know, trying to do different things. Sometimes somebody just wants to see the analytics to make sure it's, you know, hey, everything's green, Oh, we got a yellow, versus, hey actually want to make some changes and I'm authorized to do so. Let's shift gears a little bit and talk about containers. I want to understand how containers are driving change for customers. Maybe what new tools you're providing to support this space? What about the Edge? Yeah, how real is that in terms of tangible pockets or patterns that you can identify that require new types of capabilities that you're delivering? Maybe you can help us unpack that a little bit. >> Okay so, I think there's two ways to look at containers, right? So the first is how are we utilizing the container technology itself, right? So containers are a package, right? So the amount of work we've been doing as Ansible's become more successful in the last couple of years, separating content out with Ansible collections. The ability to bring back manage, control a containerized runtime of Ansible so that you can lifecycle it, you can deploy it, it becomes portable. Edge is important there. How do I make sure I have the same automation running in the data center as the same automation running out on the Edge, if I'm looking at something that needs to be identical. The portability that the packaging of the container gives us, is a fantastic advantage, given you need to bring together just that automation you want. Smaller footprint, more refined footprint, lifecycle manage footprint. But at the same time, containers are also a very useful way of scaling the operation, right? And so as red hat puts things like Open Shift out in all these different locations, how can we leverage those platforms, to push the runtime of Ansible, the execution component, the execution plane of Ansible. How into anywhere that's hospitable for it to run? And as you move out towards Edge, as you move further away from the data center, you need a more ubiquitous sort of like run-time plane that you can put these things on. So they can just spin up when as, and when you need to. Potentially even at the end, actually being on the device, because at the same time with Edge, you also have different limits around how Edge works. It's not just about, hey I'm wifi points in an NFL stadium, actually, you're talking about I'm at the end of a 2000 mile, you know, piece of cable on an oil pipeline or potentially I'm a refinery out in the Gulf of Mexico. You know, you've got a very different dynamic to how you interact with that end point, than you do when it's a nice big controlled network, you know, powered location, which is well-governed and well-orchestrated. >> That's good. Thank you Rich. So Tom, think about automation, you know, back in the day, seems like a long time ago, but it really wasn't, automation used to scare some IT folks, because you know, sometimes it created unintended consequences or maybe it was a cultural thing and that you didn't want to automate themselves out of a job, but regardless. The cloud has changed that mindset, you know, showing us what's possible. You guys obviously had a big role in that, and the pandemic and digital initiatives, they really have made I call it the automation mandate. It was like the fourth March to digital, at least that's how I see it. I wonder if you could talk about, how you see your users approaching automation in as it relates to their business goals. Do you think automation is still being treated sometimes with trepidation or as a side project for some organizations or is it really continuing to evolve as a mainstream business imperative? >> Yes, so Dave we see it continuing to evolve as a strategic imperative for our customers. I mean, you'll, hear some of the keynote folks that are speaking here today. I've done an interview or doing an interview with Joe Mills from Discover, talking about extreme automation throughout Discovers organization. You'll hear representatives from JPMC talk about 22,000 JPMC employees contributing automation content in their environment, across 20 or 22 countries. I mean, just think about that scale, and the number of people that are involved in automation now and their tasks. So I think it's, I think we are, we have moved beyond or are moving beyond that idea that automation is just there to replace people's jobs. And it's much more about automation replacing the mundane, increasing consistency, increasing security, increasing agility, and giving people an opportunity to do more and more interesting stuff. So that's what we hear from our customers, this idea of them building. And it's not just the technology piece, but it's the cultural piece inside organizations where they're building these guilds or communities of practice, bringing people together to share best practices and experience with automation, so that they can feel comfortable learning from others and sharing with others and driving the organization forward. So we see a lot of that, and you'll hear a lot of that, at some of the Ansible Fest sessions this week. >> Well, I mean though I think that's a really important point. The last point you made about the skills, because I think you're right. I think we have moved beyond it's just job replacement. I don't know anybody who loves provisioning LUNs and say, oh, I'm the best in the world at that. It's just kind of something that was maybe important 10, 15, 20 years ago, but today, he should let the machines do that. So that's the whole skills transformation, is obviously a big part of digital transformation. Isn't it? >> It absolutely is. And frankly, we still hear, it's an impediment, that skills shortages are still an impediment to our customer success. They are still skilling up. I mean, honestly, that's one of the differentiators, for Ansible, as a language, a human readable language, that is easy to learn, easy to use, easy to share across an organization. So that's why you see job boards, and whatnot with so many opportunities that require or, or ask for Ansible skills out there. It's just a, it's become sort of a ubiquitous automation language in organizations, because it can be shared across lots of different roles. You don't have to be a Ruby software developer or a Python software developer to create automation with Ansible. You can be Tom Anderson or Rich Henshall. You don't have to, you don't have to be the, you know, the, the sharpest software developer in the world to take advantage of it. So anyway, that's one of the things that kind of overcoming some of the skills apprehension and bringing people into this, into the kind of new environment, of thinking about automation as code, not software code, but thinking of it like code. >> Got it. Guys we've got to leave it there, but Rich, how about you bring us home. We'll give you the last word. >> I mean, I think, you know what Tom just said there I think, about the skills side of things, is I think that the part that made it resonates the most. I mean I was a customer before I joined Red Hat, and trying to get large numbers of people, onto a same path, to try and achieve that outbound objective, that an organization has. The objective of an organization is not to automate, it's to achieve what is needed by what the automation facilitates. So how do we get those different groups to go from, Hey, this is about me, to this is actually about what we're trying to achieve as a business what we're trying to facilitate as a business, and how do we get those people easier access, a reduced barrier of entry to the skills they need to help make that successful, that compliments what they do, in their primary role, with a really strong secondary skill set that helps them do all the bits and pieces they need to do to make that job work. >> That's great, I mean you guys have done a great job, I mean it wasn't clear, you know, decade ago, or maybe half a decade ago, who was going to win this battle. Ansible clearly has market momentum and has become the leader. So guys congratulations on that and good job. Keep it going. I really appreciate your time. >> Thank you. >> Thank you. Thanks. >> Okay. This is the cubes, continuous coverage of Ansible Fest, 2021. Keep it right there for more content that educates and inspires. Thanks for watching. (upbeat music)

>>From around the globe. It's the cube covering Fortinet security summit brought to you by Fortinet. >>Okay. Welcome back everyone. To the cubes, coverage of Fortinets championship golf tournament, we're here for the cybersecurity summit. David got a great guest, Ruby cutoff CEO, and co-founder of Tufin great to have you on. Thank you for coming on the cube. We were chatting before. Came on. Camera, big talk. You just gave it. Thanks mom. Thanks >>For having me >>Not a bad place here. Golf tournament, golf and cybersecurity, kind of go together. You know, keep the ball in the middle of the fairway. You know, don't let it get out of bounds, you know, >>And it's a beautiful place. So, uh, very happy to be here and be a premier sponsor of the event. >>Congratulations and a good, good to have you on let's get into the cybersecurity. We were talking before we came on camera around how transformation is really hard. We went to the cloud is really hard refactoring. You're just really hard, but security is really, really hard. That's true. So how do you look at how security is perceived in companies? Is there dynamics that are being amplified by the rapid moved movement to the cloud? You seeing apps being developed really fast changes fast. What's the, what's the barometer of the industry right now? Sure, >>Sure. It's interesting. And this hasn't really changed in the past, but we've seen like exacerbated getting worse and worse. I think a lot of companies security is actually seen as a blocker and frankly security is probably the most hated department in the organization because a lot of times, first of all, the security says no, but also they just take their time. So if you think about organizations, enterprises, they run on top of their enterprise applications. They have applications that their own in-house developers are writing, and those developers are changing their apps all the time. They're driving change in it as well. So you end up having dozens of change requests from developers want to open connectivity. You want to go from point a to point B on the network. They open a ticket. It reaches the network security team that ticket might take several days until it's implemented in production. So the level of service that security provides the application teams today is really not very high. So you can really understand why security is not, um, looked upon favorably by the rest of the organization. >>And some organizations. My perception is, is that, you know, the hardcore security teams that have been around for awhile, they've got standards and they're hardcore, a new app comes in, it's gotta be approved. Something's gotta get done. And it's slower, right? It slows people down the perception. It could be slow. How is it changing? Yes, >>So it changing because when you're moving to the cloud and a lot of organizations are adopting the cloud in many ways, private cloud, public cloud hybrid cloud, you know, they're working in cloud native environments and those environments, you know, the developers are, they own the keys to the kingdom, right? They're managing AWS Azure, Google cloud to managing get hub. You know, they got the place to themselves. So they're pushing changes in their apps without asking it for permission. So they're suddenly exposed to this is how fast it can really be. And while anything that they do in the on-prem or sort of traditional applications is still moving very slowly unless they're using an automated approach to policy. So one of the things that I spoke about today is the need for organizations to adopt a policy centric approach. So they need to define a policy of who can talk to whom and what conduct to what across the entire organizational network, whether it's firewalls routers, which is cloud platforms. >>And then once you have that policy, you can start automated based on the policy. So the concept is somebody opens a ticket, a developer wants to make a change. They want a ticket in service. Now remedy that ticket reaches, uh, some system that's going to check for compliance against the policy. If you're able to immediately tell if that change is compliant or not, then you're able to make that split-second decision, which might take an analyst a couple of days, and then you can design the perfect minimal change to implement on the network. That is really agile, right? That's what developers want to see. And a lot of security departments are really struggling with that today. >>Why, why are they? That seems like a no brainer because policy-based innovation has been around in the network layer for many, many years decades. Right? We'll see, makes things go better, faster. Why would they be against it? Where were they? >>Yeah. So they're not really against it. I think it's just the sheer complexity and size of today's networks is nothing compared to where it was 10 years ago. So you have tens to hundreds of firewalls in large enterprises, thousands of routers and switches, load balancers, private cloud SDN, like NSX and ACI public cloud Kubernetes. It's just a plethora of networking. So we're thinking of it as proliferation of networking is getting worse and worse, especially with IOT and now moving to the cloud. So it is just so complex that if you don't have specialized tools, there's absolutely no way they'll, you'll be able to. >>So your talk must so gone over well, because I do a lot of interviews and I hear developers talking about shift left, right? Which is, you know, basically vernacular for do security in the dev CIC D pipelining. So while you're there rather than having to go fix the bugs later, this seems to be a hot trend. People like it, they want it, they want to check it off, get it done, move on this policy-based automation, help them here. >>It does in some ways, I mean, so you need a policy for the cloud as well, but there's a different challenge that I see altogether in the cloud. And one of the challenges that we're saying is that there's actually a political divide. You have network security folks who are managing, you know, firewalls routers, switches, and maybe the hub to the cloud. And then inside the spokes inside the cloud itself, you have a different team, cloud operators, cloud security folks. And those two teams don't really talk to each other. Some companies have set up centers of excellence, where they're trying to bring all the experts together. But most companies, network security, folks who want to understand what's happening inside the cloud are sort of given the Heisman. They're not invited to meetings. Um, and there's lack of which I think is tragic because it's not going to go over well. So there's huge challenges in security in the cloud. And unless these two departments are going to talk to each other and work together, we're not going to get anywhere near the level of security that we need. >>The cloud team, the cloud guys, if you will, you know, quote guys or gals and the security guys and gals, they're not getting along. What's the, what's the, is it historical? Just legacy structures? Is it more of my department? I own the keys to the kingdom. So go through me kind of the vibe, or is it more of just evolution of the, developer's going to say, I'm going to go around you like shadow it, um, created the cloud. Is there like a shadow security, but trend around this? >>Yeah, there is. And I think it stems from what we covered in the beginning, which is, you know, app developers are now used to and trained to fear security. Every change they want on the on-prem network takes a week, right? They're moving to the cloud. Suddenly they're able to roam freely, do things quickly. If network security folks come by and say, oh, we want to take a look at those changes. What they're hearing, the music is all we're going to slow you down. And the last thing cloud guys want to hear is that we're going to slow you down. So they have they're fearfully. You know, they're, they're rightly afraid of what's going to happen. If they enable a very cumbersome and slow process, we got to work differently. Right? So there's new paradigms with dev DevSecOps where security is built into the CIC pipeline, where it doesn't slow down app developers, but enables compliance and visibility into the cloud environments at the same time. Great stuff. >>Great insight. I want to ask you your, one of your things in your top that I found interesting. And I like to have you explain it in more detail is you think security can be an enabler for digital transformation. Digital transformation can kick the wrong yeah. With transforming. Okay. Everyone knows that, but security, how does security become that enabler? >>So, I mean, today security is a, um, as a blocker to digital transformation. I think anybody that claims, Hey, we're on a path to digital transformation. We're automated, we're digitally transformed. And yet you asked the right people and you find out every change takes a week on the network. You're not digitally transformed, right? So if you adopt a, a framework where you're able to make changes in a compliant secure matter and make changes in minutes, instead of days, suddenly you'll be able to provide a level of service to app developers like they're getting in the cloud, that's digital transformation. So I see the network change process as pretty much the last piece of it that has not been digitally transformed yet. >>And this is where a lot of opportunity is. Exactly. All right. So talk about what you guys are doing to solve that problem, because you know, this is a big discussion. Obviously security is on everyone's mind. They're reactive to proactive that buying every tool they can platforms are coming out. You're starting to see a control plane. You're starting to see things like collective intelligence networks forming, uh, what's the solution to all this, >>Right? So what we've developed is a security policy layer that sits on top of all the infrastructure. So we've got, uh, four products in the two for an orchestration suite where we can connect to all the major firewalls, router, switches, cloud platforms, private cloud SDN. So we see the configuration in all those different platforms. We know what's happening on the ground. We build a typology model. That is one of the industry's best apology models that enables us to query and say, okay, from point a to point B, which firewalls, router switches and cloud platforms will you traverse. And then we integrate it with ticketing system, like a remedy or service now, so that the user experiences a developer opens a ticket for a change that ticket gets into Tufin. We check it against the policy that was defined by the security managers, the security manager defined a policy of who can talk to whom and what conducted what across the physical network and the cloud. >>So we can tell within a split second, is this compliant or not? If it's not compliant, we don't waste an engineer's time. We kick it back to the original user. But if it is compliant, we use that typology model to perform network change design. So we design the perfect minimal change to implement an every firewall router switch cloud platform. And then the last mile is we provision that change automatically. So we're able to make a change in minutes, instead of days would dramatically better security and accuracy. So the ROI on Tufin is not just security, but agility balanced with security at the same time. So you like the rules of the road, >>But the roads are changing all the time. That's how do you keep track of what's going on? You must have to have some sort of visualization technology when you lay out the topology and things start to be compliant, and then you might see opportunity to do innovative buckets. Hey, you know, I love this policy, but I'm, I'm going to work on my policy because sure. Got to up your game on policy and continue to iterate. Is that how do they, how do your customers Daniel? >>So listen, we we're, uh, we're not a tiny company anymore. We've grown. We went public in April of 2019 race and capital. We have over 500 employees, we sold over 2000 customers worldwide. So, um, you know, when customers ask us for advice, we come in and help them with consulting or professional services in terms of deployment. And the other piece is we gotta keep up all the time with what's happening with Fortnite. For example, as, as one of our strategic partners, every time fortnight makes the change we're on the beta program. So we know about a code change. We're able to test them the lab we know about their latest features. We got to keep up with all that. So that takes a lot of engineering efforts. We've hired a lot of engineers and we're hiring more. Uh, so it takes a lot of investment to do this at scale. And we're able to deliver that for our customers. >>I want the relationship with 400. I see you're here at the golf tournament. You're part of the pavilion. You're part of the tournament by the way. Congratulations. Great, great, great event. Thank you. What's the relationship with food and air from a product and a customer technology standpoint, >>We're working closely with Fortnite, where they're a strategic partner of ours. We're integrated into their Fordham manager, APIs. We're a fabric ready solution for them. So obviously working closely. Some of our biggest customers are fortnight's biggest customers will get the opportunity to sponsor this event, which is great tons of customers here and very interesting conversations. So we're very happy with that relationship. >>This is good. Yeah. So that ask you, what have you learned? I think you got great business success. Looking back now to where we are today, the speed of the market, what's your big takeaway in terms of how security changed and it continues to be challenging and these opportunities, what was the big takeaway for you? >>Well, I guess if you were like spanning my career, uh, the big takeaway is, uh, first of all, and just in startup world, patients think things come to those away, but also, um, you know, just, you got to have the basics, right? What we do is foundational. And there were times when people didn't believe in what we do or thought, you know, this is minor. This is not important as people move to the cloud, this won't matter. Oh, it matters. It matters not just in on-prem and it matters in the cloud as well. You gotta have a baseline of a policy and you gotta base everything around that. Um, and so w we've sort of had that mantra from day one and we were right. And we're, we're very happy to be where we are today. Yeah. >>And, you know, as a founder, a co-founder of the company, you know, most of the most successful companies I observed is usually misunderstood for a long time. That's true. Jesse's favorite quote on the cube. He's now the CEO of Amazon said we were misunderstood for a long time. I'm surprised it took people this long to figure out what we were doing. And, and that was good. A good thing. So, you know, just having that north star vision, staying true to the problem when there were probably opportunities that you are like, oh, we, you know, pressure or sure. Yeah. I mean, you stayed the course. What was the, what was the key thing? Grit focused. Yes. >>Looking to startup life. It's sorta like being in sales. We, we got told no, a thousand times before we got told yes. Or maybe a hundred times. So, uh, you gotta, you gotta be, um, you got to persevere. You gotta be really confident in what you're doing and, uh, just stay the course. And we felt pretty strongly about what we're building, that the technology was right. That the need of the market was right. And we just stuck to our guns. >>So focus on the future. What's the next five, five years look like, what's your focus? What's the strategic imperative for you guys. What's your, what's your, what do you mean working on? >>So there's several things that on the business side, we're transitioning to a subscription-based model and we're moving into SAS. One of our products is now a SAS based product. So that's very important to us. We also are now undergoing a shift. So we have a new version called Tufin Aurora Tufin Aurora is a transformation. It's our next generation product. Uh, we're rearchitected the entire, uh, underlying infrastructure to be based on microservices so we could be cloud ready. So that's a major focus in terms of engineering, uh, and in terms of customers, you know, we're, we're selling to larger and larger enterprises. And, uh, we think that this policy topic is critical, not just in the on-prem, but in the cloud. So in the next three years, as people move more and more to the cloud, we believe that what we do will be, become even more relevant as organization will straddle on-premise networks and the cloud. So >>Safe to say that you believe that policy based architecture is the key to automation. >>Absolutely. You can't automate what you don't know, and you can't people, like I mentioned this in my talk, people say, oh, I can do this. I can cook up an Ansible script and automate, all right, you'll push a change, but what is the logic? Why did you make that decision? Is it based on something you've got to have a core foundation? And that foundation is the policy >>Really great insight. Great to have you on the cube. You've got great success and working knowledge and you're in the right place. And you're skating to where the puck is and will be, as they say, congratulations on your success. Thank >>You very much. Thanks for having >>Me. Okay. Keep coming here. The Fortinet championship summit day, cybersecurity summit, 40 minutes golf tournament here in Napa valley. I'm John Firmicute. Thanks for watching.

>>from around the >>globe it's the cube with >>coverage of Kublai >>Khan and Cloud Native Con Europe 2020 >>one virtual >>brought to you by red hat. The cloud native computing foundation and ecosystem partners. Welcome back to the cubes coverage of Kublai khan 21 cloud native gone 21 virtual. I'm john for your host of the cube. We're here with a great segment of an entrepreneur also the creator and maintainer of fluent bit Eduardo Silva who's now the founder of Palihapitiya was a startup. Going to commercialize and have an enterprise grade fluent D influence bit Eduardo. Great to have you on. Thanks for coming on the cube >>during the place for having me here. So I'm pretty happy to share the news about the crew and whenever you want, >>exciting trends, exciting trends happening with C N C f koo Kahne cloud native cloud native a lot of data, a lot of management, a lot of logging, a lot of observe ability, a lot of end user um contributions and enterprise adoption. So let's get into it first by give us a quick update on fluent D anything upcoming to highlight. >>Yeah, well fluent is actually turning two years old right now. So it's the more metric project that we have a lot of management and processing in the market. And we're really happy to see that the sides are project that was started 10 years ago, its adoption. You can see continues growing ecosystem from a planning perspective and companies adopting the technology that that is really great. So it's very overwhelming and actually really happy to take this project and continue working with companies, individuals and and right now what is the position where we are now with through And these are part of the Roma is like one of the things that people is facing not because of the tool because people have every time there has more data, more Metro services the system are scaling up is like about performance, right? And performance is critical if you're slowing down data processing actually you're not getting the data at the right time where you need it right. Nobody's people needs real time query is real time analysis. So from a security perspective we're going to focus a lot on everything that is about performance I would say for this year and maybe the other one, I would say that we won't see many new futures around fluently itself as as a project so we'll be mostly about back texting and performance improvements. >>Yeah, I definitely want to dig in with you on the data and logging challenges around kubernetes especially with and to end workflows and there's the different environments that sits in the middle of. But first before we get there, just take a minute to explain for the folks um not that savvy with fluent bit. What is fluent bit real quick, explain what it is. >>Okay, so I will start with a quick story about this, so when we started flowing the, we envision that at some point I'm talking about six years ago, right, all this IOT train or embedded or h will be available and for that you we got back to heavy right? If you have a constraint environment or you want to process data in a more faster way without all the capabilities at that time we say that he might not be suitable for that. So the thing is okay and it was not longer like a single software piece right? We want to say through in this an ecosystem, right? And as part of the ecosystem we have sck where people can connect applications fluid the but also we say we need like a flu Indie but that could be lightweight and faster. Burundi is reading ruby right? And the critical part in C. But since it's written ruby of course there's some process calls on how do you process the data and how much you can scale? Right. So we said if you're going to dig into embedded or small constrained environment, let's write a similar solution. But in C language so we can optimize a memory, can optimize scenario and all this kind of um needs will be will will be effective, right? And we started to spread called fluent bed and through a bit it's like a nowadays like a lightweight version of Wendy, it has started for the Marilyn knows, but after a few years people from the cloud space, I'm talking about containers, kubernetes, they started to ask for more futures for flowing it because they wanted they have influence, but also they wanted to have flowing better than because of it was lively and nowadays we can see that what fluent established the market and true indeed, we're getting around $2 million dollars every single day. So nowadays the attraction of the break is incredible. And it's mostly used to um want to collect logs from the files from system be and for most of coordinated environment disabled, process all this information on a pen, meta data and solve all the problem of how do I collect my data? How do I make sure that the data has the right context meta data and I'm able to deliver this data. So a central place like a job provider or any kind of storage. >>That's great. And I love the fact that's written C, which kind of gives the, I'll say it more performance on the code. Less overhead, get deeper closer um and people No, no, see it's high performance, quick, quick stats. So how old is the project through a bit, What version are you on? >>Uh, a little bit. It's, I'm not sure it is turning six or seven this year, 96. It's been around >>for a while. >>Yeah, yeah. We just released this this week, one at 73 right. We have done more than 100 releases actually really settled two and it's pretty past sometimes we have releases every 23 weeks. So the operation, the club medical system is quite fast. People once and more future more fixes and they don't want to wait for a couple of months for the next release. They wanted to have the continue image right away to test it out and actually sends away as a project. We worked with most of providers like AWS Microsoft actor google cloud platform, the demon for this fixes and improvements are in a weekly basis. >>You guys got a lot of props, I was checking around on the internet, you guys are getting strong um, reviews on logging for kubernetes with the couple releases ago, you had higher performance improvements for google AWS logged in postgres equal and other environments. Um but the question that I'm getting and I'm hearing from folks is, you know, I have end to end workflows and they've been steady. They've been strong. But as more data comes in and more services are connecting to it from network protocols, two Other cloud services, the complexity of what was once a straight straightforward workflow and to end is impacted by this new data. How do you guys address that? How would you speak to that use case? >>Well, for for us data we have taken approaches. Data for us is agnostic on the way that it comes from but that it comes from and the format that comes from for for example, if you talk about the common uses case that we have now is like data come from different formats. Every single developer use the all looking format come from different channels, TCP file system or another services. So it is very, very different. How do we get this data? And that is a big challenge. Right? How do we take data from different sources, different format and you try to unify this internal and then if you're going to talk for example to less exert let's say you Jason you're going to talk to africa, they have their own binary protocol. So we are kind of the backbone that takes all the data transfer data and try to adapt to the destination expected payload from a technical perspective. Yeah, is really challenging. Is really challenging also that Nowadays, so two years ago people was finding processing, I don't know 500,000 messages per second, But nowadays they won 10, 20 40,000. So prime architecture perspective Yeah, there are many challenges and and I think that the teamwork from the maintaining this and with companies has provided a lot of value, a lot of value. And I think that the biggest proof here is that the adoption like adoption and big adoption, you have more banks reported more enhancement requests. All right. So if I get >>this right, you got different sources of data collection issues. If you look on the front end and then you got some secret sauce with bit fluent, I mean uh inside the kubernetes clusters um and then you deliver it to multiple services and databases and cloud services. That that right. Is that the key? The key value is that is that the key value proposition? Did I get that right with fluent bit? >>Mhm. Yeah, I would say most of the technical implementation when the of the value of the technical implementation, I would say that is towards being the vendor neutral. Right? So when you come, when you go to the market and you go to the talk to bank institution hospital form and if the company right, most of them are facing this concept of bender looking right, they use a Bender database but you have to get married. So they're tooling, right? And I'm not going to mention any inventor name. Right? Actually it's very fun. Well for example, the business model, this company that start with S and ends with swung right? For example is you pay as much money so you pay as much money compared to the data that you ingested. But the default tools in just the whole data. But in reality if you go to the enterprise they say yeah. I mean just in all my data into Splunk or X provider right? But from 100 that I'm interesting, which I'm paying for, I'm just using this service to query at least 20 of the data. So why I mean just in this 80 extra I didn't get it right. That's why I want to send and this is real use case there's this language is really good for where is analyzed the data But they said yeah, 80 of my data is just a five data. I will need it maybe in a couple of months just I want to send it to Amazon history or any kind of other a archive service. So users, the value that says is that I want to have a mentor neutral pipeline which me as a user, I went to this side work went to send data, went to send it and also I can come to my bills. Right? And I think that is the biggest value. So you can go to the market. They will find maybe other tools for logging or tools for Matrix because there's a ton of them. But I think that none of them can say we are gender neutral. Not all of them can offer this flexibility to the use, right? So from a technical language performance but from an end user is being the neutrality. >>Okay. So I have to ask you then here in the C n C F projects that are going on and the community around um um fluent bit, you have to have those kinds of enhancements integrations, for instance, for not only performance improvement, but extensive bility. So enterprises there, they want everything right. They make things very >>complicated. They're very >>complicated infrastructure. So if they want some policy they want to have data ingestion policies or take advantage of no vendor lock in, how is the community responding? How did what's your vision for helping companies now? You've got your new venture and you got the open source project, How does this evolve? How do you see this evolving eduardo? Because there is a need for use cases that don't need all the data, but you need all the data to get some of the data. Right. So it's a you have a new new >>paradigm of >>coding and you want to be dynamic and relevant. What's the how do you see this evolving? >>Yeah. Actually going to give you some spoilers. Right. So some years before report. Yeah. So users has this a lot of they have a lot of problems how to collect the data processing data and send the data. We just told them right, Performance is a continuous improvement, Right? Because you have always more data, more formats, that's fine. But one critical thing that people say, hey, you say, hey, I want to put my business logic in the pipeline. So think about this if you have to embed we are the platform for data. Right? But we also provide capabilities to do data processing because you can grab the data or you can do custom modifications over the data. One thing that we did like a year two years ago is we added this kind of stream processing capabilities, can you taste equal for Kaka? But we have our own sequel engine influence them. So when the data is flowing without having any data banks, any index or anything, we can do data aggregation. You can, you can put some business logic on it and says for all the data that matches this pattern, stand it to a different destination, otherwise send it to caracas plan or elastic. So we have, this is what we have now. Extreme processing capabilities. Now what is the spoiler and what we're going next. Right now there are two major areas. One of them is distributed. Extreme processing right? The capabilities to put this intelligence on the age, on the age I'm referring to for example, a cooper needs note right or constrained environment, right? Communities on the age is something that is going on. There are many companies using that approach but they want to put some intelligence and data processing where the data is being generated. Because there is one problem when you have more data and you want to create the data, you have to wait and to centralize all the data in the database for your service. And there's a legend see right, millions sometimes hours because data needs to be in Mexico. But what about it? To have 100 of notes, but each one is already right, influenced it. Why you don't run the queries there. That is one of the features that we have. And well now talking from the challenges from spoil perspectives, people says, okay, I love this pipeline. I noticed Lambert has a political architecture but the language see it's not my thing, right? I don't want to go and see. Nobody likes see that we are honest about that. And there are many mass words about security or not just nothing, which is true, right? It's really easy to mess up things and see. Right? So, and we said, okay, so now our next level, it's like we're going to provide this year the ability to write your own plug ins in Western webassembly. So with the web is simply interface. You can run your own pregnancy goal, rust or any kind of weapon sending support language and translate that implementation to native. Wasn't that fluent that will understand. So C as a language won't be with one being longer uploaded for you as a developer. As a company that wants to put more business logic into the bike. Well that is one of the things that are coming up and really we already have some docs but they're not ready to show. So maybe we can expect something for us at the end of this year. >>Great stuff by the way, from a c standpoint us, old timers like me used to program and see, and not a lot of C courses being taught, but if you do know see it's very valuable. But again, to your point, the developers are are focused on coding the apps, not so much the underlying. So I think that's that's key. I will like to ask you one final question of water before we wrap up, how do you deploy fluid bid? What's the is it is that you're putting it inside the cluster? Is there is that scripts, What's the what's the architecture real quick? Give us a quick overview of the architecture. >>Okay, so that it's not just for a classroom, you can run it on any machine. Windows, Linux, IBM Yeah, and that doesn't need to be a kubernetes. Classic. Right? When we created to invade Copernicus was quite new at the same time. So if you talk about kubernetes deploys as a demon set at the moment is pretty much a part that runs on every note like an agent. Right? Uh, all you can run necessarily on any kind of machine. Oh and one thing before we were, I just need to mention something that from the spoil it. But because it's just getting, we're having many news these days. Is that fluently used to be mostly for logging right? And influence the specifically project. We've got many people from years ago saying, you know what? I'm losing my agent for logging to a bed but I have my agents for metrics and sometimes this is quite heavy to have multiple agents on your age. So now flowing bed is extending the capabilities to deal with native metrics. Right. The first version will be available about this week in cuba come right. We will be able to process host matrix for application metrics and send them to permit use with open matrix format in a native way. So we extended the political system to be a better citizen with open metrics and in the future also with open telemetry, which is a hot thing that is coming up on this month. >>Everyone loves metrics. That's super important. Having the data Is really, really important as day two operations and get all this stuff is happening. I wanna thank you for coming on and sharing the update and congratulations on. The new venture will keep following you and look good for the big launch but fluent bit looking good. Congratulations. Thanks for coming on. >>Thank you so much help governments. >>Okay this is the cubes coverage of Kublai khan 21 cloud Native Con 21 virtual soon we'll be back in real life at the events extracting the signal from the noise. Thanks for watching. Yeah.

(bright upbeat music) >> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders around the globe, these are Cloud Native Insights. >> Hi, I'm Stu Miniman, the host of Cloud Native Insights. We talk about cloud native, we're talking about how customers can take advantage of the innovation and agility that's out there in the clouds, one of the undercurrents, not so hidden if you've been watching the program so far. We've talked a bit about serverless, say something that's helping remove the friction, allowed developers to take advantage of technology and definitely move really fast. So I'm really happy to welcome to the program, for coming from Fauna. First of all, I have the CTO and Co-founder, who's Evan Weaver. And also joining him is the new CEO Eric Berg. They said, both from Fauna, talking serverless, talking data as an API and talking the modern database. So first of all, thank you both for joining us. >> Thanks for having us Stu. >> Hi, good to be here. >> All right, so Evan, we're going to start with you. I love talking to founders always. If you could take us back a little bit, Fauna as a project first before it was a company, you of course were an early employee at Twitter. So if you could just bring us back a little bit, what created the Fauna project and bring us through a brief history if you would. >> So I was employee 15 and Twitter, I joined in 2008. And I had a database background, I was sort of a performance analyst and worked on Ruby on Rails sites at CNET networks with the team that went on to found GitHub actually. Now I went to Twitter 'cause I wanted Twitter the product to stay alive. And for no greater ambition than that. And I ended up running the back end engineering team there and building out all the distributed storage for the core business objects, tweets, timelines, the social graph, image storage, the cache, that kind of thing. And this was early in the cloud era. API's were new and weird. You couldn't get Amazon EC2 off the shelf easily. We were racking hardware and code ancient center. And there were no databases or platforms for data of any kind. They really let us the Twitter engineering team focus on building the product. And we did a lot of open source work there. Some of which has influenced Fauna, originally, Twitter's open source was hosted on the Fauna GitHub account, which predated Twitter like you mentioned. And I was there for four years build out the team, basically scaled the site, especially scaled the Twitter.com API. And we just never found a platform which was suitable for what we were trying to accomplish. Like a lot of what Twitter did was itself a platform. We had developers all over the world using the Twitter API to interact with tweets. And we're frustrated that we basically had to become specialists in data systems because there wasn't a data API, we can just build the product on. And ultimately, then data API that we wished we had, is now Fauna. >> Well, it's a story we've loved hearing. And it's fascinating one, is that the marketplace wasn't doing what we needed. Often open source is a piece of that, how do we scale that out? How do we build that? Realized that the problem that you have is what others have. And hey, maybe there's a company. So could you give us that transition, Fauna as a product, as a company, where was it understood that, hey, there's a lot of other people that can take advantage from some of the same tools that you needed before. >> I mean, we saw it in the developers working with the Twitter platform. We weren't like, your traditional database experiences, either manage cloud or on-prem, you have to administrate the machine, and you're responsible for its security and its availability and its location and backups and all that kind of thing. People building against Twitter's API weren't doing that. They're just using the web interface that we provided to them. It was our responsibility as a platform provider. We saw lots of successful companies being built on the API, but obviously, it was limited specifically to interacting with tweets. And we also saw peers from Twitter who went on to found companies, other people we knew in the startup scene, struggling to just get something out the door, because they had to do all this undifferentiated heavy lifting, which didn't contribute to their product at all, if they did succeed and they struggled with scalability problems and security problems and that kind of thing. And I think it's been a drag on the market overall, we're essentially, in cloud services. We're more or less built for the enterprise for mature and mid market and enterprise companies that already had resources to put behind these things, then wasn't sort of the cloud equivalent of the web, where individuals, people with fewer resources, people starting new projects, people doing more speculative work, which is what we originally and Jack was doing at Twitter, it just get going and build dynamic web applications. So I think the move to cloud kind of left this gap, which ultimately was starting to be filled with serverless, in particular, that we sort of backtracked from the productivity of the '90s with the lamp era, you can do everything on a single machine, nobody bothered you, you didn't have to pay anyone, just RPM install and you're good to go. To this Kubernetes, containers, cloud, multi site, multi region world where it's just too hard to get a basic product out the door and now serverless is sort of brought that around full circle, we see people building those products again, because the tools have probably matured. >> Well, Evan, I really appreciate you helping set the table. I think you've clearly articulated some of the big challenges we're seeing in the industry right now. Eric, I want to bring you into the conversation. So you relatively recently brought in as CEO, came from Okta a company that is also doing quite well. So give us if you could really the business opportunity here, serverless is not exactly the most mature market, there's a lot of interest excitement, we've been tracking it for years and see some good growth. But what brought you in and what do you see is that big opportunity. >> Yeah, absolutely, so the first thing I'll comment on is what, when I was looking for my next opportunity, what was really important is to, I think you can build some of the most interesting businesses and companies when there are significant technological shifts happening. Okta, which you mentioned, took advantage of the fact of SaaS application, really being adopted by enterprise, which back in 2009, wasn't an exactly a known thing. And similarly, when I look at Fauna, the move that Evan talked about, which is really the maturation of serverless. And therefore, that as an underpinning for a new type of applications is really just starting to take hold. And so then there creates opportunities that for a variety of different people in that stack that to build interesting businesses and obviously, the databases is an incredibly important part of that. And the other thing I've mentioned is that, a lot of people don't know this but there's a very good chunk of Okta's business, which is what they call their customer identity business, which is basically, servicing of identity is a set of API's that people can integrate into their applications. And you see a lot of enterprises using this as a part of their digital transformation effort. And so I was very familiar with that model and how prevalent, how much investment, how much aid was out there for customers, as every company becoming a software company and needing to rethink their business and build applications. And so you put those two trends together and you just see that serverless is going to be able to meet the needs of a lot of those companies. And as Evan mentioned, databases in general and traditionally have come with a lot of complexity from an operational perspective. And so when you look at the technology and some of the problems that Fauna has solved, in terms of really removing all of that operational burden when it comes to starting with and scaling a database, not only locally but globally. It's sort of a new, no brainer, everybody would love to have a database that scales, that is reliable and secure that they don't have to manage. >> Yeah, Eric, one follow up question for you. I think back a few years ago, you talked to companies and it's like, okay, database is the center of my business. It's a big expense. I have a team that works on it. There have been dealt so much change in the database market than most customers I talked to, is I have lots of solutions out there. I'm using Mongo, I've got Snowflake, Amazon has flavors of things I'm looking at. Snowflake just filed for their IPO, so we see the growth in the space. So maybe if you could just obviously serverless is a differentiation. There's a couple of solutions out there, like from Amazon or whether Aurora serverless solution but how does Fauna look to differentiate. Could you give us a little bit of kind of compared to the market out there? >> Sure, yeah, so at the high level, just to clarify, at the super high level for databases, there tends to be two types operational databases and then data warehouse which Snowflake is an example of a data warehouse. And as you probably already know, the former CEO of Snowflake is actually a chairman of Fauna. So Bob Muglia. So we have a lot of good insight into that business. But Fauna is very much on the operational database side. So the other half of that market, if you will, so really focused on being the core operational store for your application. And I think Evan mentioned it a little bit, there's been a lot of the transformation that's happened if we rewind all the way back to the early '90s, when it was Oracle, and Microsoft SQL Server were kind of the big players there. And then as those architectures basically hit limits, when it came to applications moving to the web, you had this whole rise in a lot of different no SQL solutions, but those solutions sort of gave up on some of the promises of a relational database in order to achieve some of the ability to scale in the performance required at the web. But we required then a little bit more sophistication, intelligence, in order to be able to basically create logic in your application that could make up for the fact that those databases didn't actually deliver on the promises of traditional relational databases. And so, enter Fauna and it's really sort of a combination of those two things, which is providing the trust, the security and reliability of a traditional relational database, but offering it as serverless, as we talked about, at the scale that you need it for a web application. And so it's a very interesting combination of those capabilities that we think, as Evan was talking about, allows people who don't have large DevOps teams or very sophisticated developers who can code around some of the limitations of these other databases, to really be able to use a database for what they're looking for. What I write to it is what I'm going to read from it and that we maintain that commitment and make that super easy. >> Yeah, it's important to know that the part of the reason that operational database, the database for mission critical business data has remained a cost center is because the conventional wisdom was that something like Fauna was impossible to build. People said, you literally cannot in information science create a global API for data which is transactional and consistent and suitable for relying on, for mission critical, user login, banking payments, user generated content, social graphs, internal IT data, anything that's irreplaceable. People said, there can be no general service that can do this ubiquitously a global internet scale, you have to do it specifically. So it's sort of like, we had no power company. Instead, you could call up Amazon, they drive a truck with a generator to your house and hook you up. And you're like, right on, I didn't have to like, install the generator myself. But like, it's not a good experience. It's still a pain in the neck, it's still specific to the location you're at. It's not getting utility computing from the cloud the way, it's been a dream for many decades that we get all our services through brokers and API's and the web and it's finally real with serverless. I want to emphasize that the Fauna it technology is new and novel. And based on and inspired by our experience at Twitter and also academic research with some of our advisors like Dr. Daniel Abadi. It's one of the things that attracted us, Snowflake chairman to our company that we'd solve groundbreaking problems in information science in the cloud, just the way Snowflakes had. >> Yeah, well and Evan, yeah please go on Eric. >> Yeah, I'm just going to have one thing to that, which is, in addition, I think when you think about Fauna and you mentioned MongoDB, I think they're one of a great examples of database companies over the last decade, who's been able to build a standalone business. And if you look at it from a business model perspective, the thing that was really successful for them is they didn't go into try to necessarily like, rip and replace in big database migrations, they started evolving with a new class of developers and new applications that were being developed and then rode that obviously into sort of a land and expand model into enterprises over time. And so when you think about Fauna from your business value proposition is harnessing the technological innovation that Evan talked about. And then combining this with a product that bottoms up developer first business motion that kind of rides this technological shift into you creating a presence in the database market over time. >> Well, Evan, I just want to go back to that, it's impossible comment that you made, a lot of people they learn about a technology and they feel that that's the way the technology works. Serverless is obviously often misunderstood from the name itself, too. We had a conversation with Andy Jassy, the CEO of AWS a couple years ago, and he said, "If I could rebuild AWS from the ground up today, "it would be using all serverless," that doesn't mean only lambda, but they're rebuilding a lot of their pieces underneath it. So I've looked at the container world and we're only starting the last year or so, talking about people using databases with Kubernetes and containers, so what is it that allows you to be able to have as you said, there's the consistency. So we're talking about acid there, not worry about things like cold starts, which are thing lots of people are concerned about when it comes to serverless and help us understand a little bit that what you do and the underlying technologies that you leverage. >> Yeah, databases are always the last to evolve because they're the riskiest to change and the hardest to build. And basically, through the cloud era, we've done this lift and shift of existing on premises solutions, especially with databases into cloud machines, but it's still the metaphor of the physical computer, which is the overriding unit of granularity mental concept, everything like you mentioned, containers, like we had machines then we had Vms, now we have containers, it's still a computer. And the database goes in that one computer, in one spot and it sits there and you got to talk to it. Wherever that is in the world, no matter how far away it is from you. And people said, well, the relational database is great. You can use locks within a single machine to make sure that you're not conflicting your data when you update it, you going to have transactionality, you can have serialize ability. What do you do, if you want to make that experience highly available at global scale? We went through a series of evolutions as an industry. From initially that the on-prem RDBMS to things like Google's percolator scheme, which essentially scales that up to data center scale and puts different parts of the traditional database on different physical machines on low latency links, but otherwise doesn't change the consistency properties, then to things like Google Spanner, which rely on synchronized atomic clocks to guarantee consistency. Well, not everyone has synchronized atomic clocks just lying around. And they're also, their issues with noisy neighbors and tenancy and things because you have to make sure that you can always read the clock in a consistent amount of time, not just have the time accurate in the first place. And Fauna is based on and inspired and evolved from an algorithm called Calvin, which came out of a buddy's lab at Yale. And what Calvin does is invert the traditional database relationship and say, instead of doing a bunch of work on the disk and then figuring out which transactions won by seeing what time it is, we will create a global pre determined order of transactions which is arbitrary by journaling them and replicating them. And then we will use that to essentially derive the time from the transactions which have already been committed to disk. And then once we know the order, we can say which one's won and didn't win and which happened before, happen after and present the appearance of consistency to all possible observers. And when this paper came out, it came out about a decade ago now I think, it was very opaque. There's a lot of kind of hand waving exercises left to the reader. Some scary statements about how wasn't suitable for things that in particular SQL requires. We met, my co-founder and I met as Fauna chief architect, he worked on my team at Twitter, at one of the database groups. We were building Fauna we were doing our market discovery or prototyping and we knew we needed to be a global API. We knew we needed low latency, high performance at global scale. We looked at Spanner and Spanner couldn't do it. But we found that this paper proposed a way that could and we can see based on our experience at Twitter that you could overcome all these obstacles which had made the paper overall being neglected by industry and it took us quite a while to implement it at industrial quality and scale, to qualify it with analysts and others, prove to the world that it was real. And Eric mentioned Mongo, we did a lot of work with Cassandra as well at Twitter, we're early in the Cassandra community. Like I wrote, the first tutorial for Cassandra where data stacks was founded. These vendors were telling people that you could not have transactionality and scale at the same time, and it was literally impossible. Then we had this incrementalism like things with Spanner. And it wasn't till Fauna that anyone had proved to the world that that just wasn't true. There was more marketing around their failure to solve the information science problem, than something fundamental. >> Eric, I'm wondering if you're able to share just order of magnitude, how many customers you have out there from a partnership standpoint, we'd like to understand a little bit how you work or fit into the public cloud ecosystems out there. I noticed that Alphabets General Venture Fund was one of the contributors to the last raise. And obviously, there's some underlying Google technology there. So if you could just customers and ecosystem. >> Yeah, so as I mentioned, we've had a very aggressive product lead developer go to market. And so we have 10s of thousands of people now on the service, using Fauna at different levels. And now we're focused on, how do we continue to build that momentum, again, going back to the model of focus on a developer lead model, really what we're focused on there is taking everything that Evan just talked about, which is real and very differentiated in terms of the real core tech in the back end and then combining that with a developer experience that makes it extremely easy to use and really, we think that's the magic in terms of what Fauna is bringing, so we got 10s of thousands of users and we got more signing up every day, coming to the service, we have an aggressive free plan there and then they can migrate up to higher paying plans as they consume over time. And the ecosystem, we're aggressively playing in the broader serverless ecosystem. So what we're looking at is as Evan mentioned, sometimes the databases is the last thing to change, it's also not necessarily the first thing that a developer starts from when they think about building their application or their website. And so we're plugging into the larger serverless ecosystem where people are making their choices about potentially their compute platform or maybe a development platform like I know you've talked to the folks over at JAMstack, sorry at Netlify and Purcell, who are big in the JAMstack community and providing really great workflows for new web and application developers on these platforms. And then at the compute layer, obviously, our Amazon, Google, Microsoft all have a serverless compute solution. CloudFlare is doing some really interesting things out at the edge. And so there's a variety of people up and down that stack, if you will, when people are thinking about this new generation of applications that we're plugging into to make sure that the Fauna is that the default database of choice. >> Wonderful, last question, Evan if I could, I love what I got somebody with your background. Talk about just so many different technologies maturing, give us a little bit as to some of the challenges you see serverless ecosystem, what's being attacked, what do we still need to work on? >> I mean, serverless is in the same place that Lamp was in the in the early '90s. We have the old conservatives ecosystem with the JAMstack players that Eric mentioned. We have closed proprietary ecosystems like the AWS stack or the Google Firebase stack. As to your point, Google has also invested in us so they're placing their bets widely. But it's seeing the same kind of criticism. That Lamp, the Linux, Apache, MySQL, PHP, Perl, it's not mature, it's a toy, no one will ever use this for real business. We can't switch from like DV2 or mumps to MySQL, like no one is doing that. The movement and the momentum in serverless is real. And the challenge now is for all the vendors in collaboration with the community of developers to mature the tools as those the products and applications being built on the new more productive stack also mature, so we have to keep ahead of our audience and make sure we start delivering and this is partly why Eric is here. Those those mid market and ultimately enterprise requirements so that business is built on top of Fauna today, can grow like Twitter did from small to giant. >> Yeah, I'd add on to that, this is reminiscent for me, back in 2009 at Okta, we were one of the early ISVs that built on in relied 100% on AWS. At that time there was still, it was very commonplace for people racking and stacking their own boxes and using Colo and we used to have conversations about I wonder how long it's going to be before we exceed the cost of this AWS thing and we go and run our own data centers. And that would be laughable to even consider today, right, no one would ever even think about that. And I think serverless is in a similar situation where the consumption model is very attractive to get started, some people sitting there, is it going to be too expensive as I scale. And as Evan mentioned, when we think about if you fast forward to kind of what the innovation that we can anticipate both technologically and economically it's just going to be the default model that people are going to wonder why they used to spend all these time managing these machines, if they don't have to. >> Evan and Eric, thank you so much, is great to hear the progress that you've made and big supporters, the serverless ecosystem, so excited to watch the progress there. Thanks so much. >> Thanks Stu. >> Thanks for having us Stu. >> All right and I'm Stu Miniman. Stay tuned. Every week we are putting out the Cloud Native Insights. Appreciate. Thank you for watching. (bright upbeat music)

>> Presenter: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders around the globe, these are cloud native insights. >> Hi, I'm Stu Miniman, the host of Cloud Native Insights. When we launched this program, we talked about, how do we take advantage of the innovation and agility that's in the cloud? And of course, one of the big components that we've talked about for many years on theCUBE is, how do we empower developers? and developers are helping change things, and I'm really happy to welcome to the program first time guests that helped build many of the tools that developers are very well familiar. So Tom Preston Werner, he is the co-founder of Chatterbug, he is the creator of redwoodjs, we had an early episode, the JAMstack Netlify team, he's also on the board for that, and we'll talk about those pieces. People might know him, if you check him out on Wikipedia, you know, GitHub, he was one of the co-founders as well as held both CTO and CEO roles there. I could go on but Tom, thank you so much for joining us. >> Thank you for having me. >> All right, so let's start there, Tom, you know, when I live in the enterprise space, how do you take advantage of new things? One of the biggest challenges out there is, let's go to something new, but let's do it the old way. And we know that that really doesn't take advantage of it you know, I think back to the oldest, some of the older technologies, it's like, well, you know, if I talk to people that are riding horses, what do they want? You know, well, I want faster horses, not the, you know, let's completely change things. I was hearing a stat that, you know, back in the early days of cars, we had like, 30% of them were electric cars, and now it's one. So what's old is new again, but I digress. One, as I mentioned, you know, GitHub, of course, is, you know, such a fundamental piece when we look at in the technology space over the last decade, you know, get in general, GitHub, specifically, of course, has created so much value engaged, you know, just millions and millions of developers and transform businesses. Take us back a little bit and you know, like to get your philosophy on, you know, building tools, how do you do it? How do you think about it? And what's inspired you? >> Yeah, I think it goes a long way back to just wanting to build things for the community. One of the first big projects I worked on was called Gravatar, and I remember laying in bed staring at the ceiling, just trying to think up some idea that that would contribute to what we then called The Blogosphere, and I came up with an idea for avatars that would follow you around and I coded it up and I got it out to a few bloggers and they started using it, and it caught on and it was really, it really introduced me to this idea that no matter who you are, where you come from, or what your background is, you know, I grew up in Iowa, things are very different there. And with with the Internet, and the ability to code, you can impact the world in really significant ways. And so it follows on from there, and I think GitHub is an extension of that desire to really put things into the world that will be useful for people, and knowing that, if you have the ability to code and especially with the advent of web applications as a common tool, there's such power in that you have global reach, you just need a computer and the ability to code and you can create these things, and GitHub kind of became that. It was just, it started out really as a side project, and I hoped that someday it would be able to support me to work on it full time. But I, we started building it just because we wanted it to exist. And that's most of what I work on is, is just ideas that I want to exist in the world. >> Yeah, it's been one of those great trends to watch at, you know, there were certain technologies that used to have to be a nation state, or, you know, one of the one of the global 50 companies to take advantage of it. Now, tools like GitHub, making it so that, you know, the smallest company or even the individuals can participate in communities, can create and build you know, the building is such an important theme. So Maybe, let's fast forward a little bit if we would, I mentioned Netlify and JAMstack, you talked about the blogosphere, that team is helping to really reinvent how we think about the web, you know, it's real time, It's high performance, and you know, we need to be able to get that to where everybody is. So, you know, back in the early days, web pages, you know, relatively static and, you know, had certain criteria, and now, of course, you know, edge devices and the global population change things. So, you know, you, you've been engaged in a, you know, huge supporter of that project, and that'll lead us towards the redwoods discussion, but maybe bring us as to how you got involved there, and what got you excited? >> Well, like you said, Everything old is new again and I think that's true in fashion. It's also true in technology, in a lot of ways, and the JAMstack really is taking these old ideas where the web started, taking files and just serving them as static files and it's super fast, and it's extremely secure. This is how the internet started, and now we've sort of come full circle. But we've added a lot of really nice things and workflows on top of that. And so my journey into the JAMstack, I suppose, started more than a decade ago, when I started working on a project called Jekyll, that's a, I called it at the time, A Blog Aware Static Site Generator. So you would write your blog articles, and you would run it through Jekyll, and that would take your markdown, you'd write your articles in markdown, and it would combine them with a, some kind of a theme that you would have, and that would output static pages that represented your blog, and then you could serve those from any kind of static blog serving system. GitHub had has one built in called GitHub Pages, and so we ended up adopting Jekyll for GitHub Pages. So everything that you put up on GitHub Pages. would be run through Jekyll, and so it was a really natural place to put your blog. And so I had a blog post, one of my blog posts using Jekyll was called Blogging Like A Hacker. And it was this idea that you don't need WordPress, you don't need to have a database somewhere that's, that's hackable, that's going to cause you security problems, all the WordPress admin stuff that constantly is being attacked. You don't need all that, like you can just write articles in flat files, and then turn them into a blog statically and then put those up to serve them somewhere, right? And so when I say it like that, it sounds a little bit like the JAMstack, right? That's not how we thought about it at the time, because it was really hard to do dynamic things. So if you wanted to have comments on your blog for instance, then you needed to have some third party service that you would embed a component onto your blog, so you could receive comments. And so you had to start gluing things together, but even then, again, that sounds a little bit like the JAMstack. So it's all of these ideas that have been, evolving over the last decade to 15 years, that now we finally have an entire tool chain and adding Git on top of that and Git based workflows, and being able to push to GitHub and someone like Netlify can pick those up and publish them, and you have all these third party services that you can glue together without having to build them yourself. All of the billing things, like there's just the ecosystem is so much more advanced now, so many more bits are available for you to piece together that in a very short amount of time, you can have an extremely performant site capable of taking payments, and doing all of the dynamic things that we want to do. Well, many, I should say many of the dynamic things that we want to do, and it's fast and secure. So it's like the web used to be when the web started, but, now you can do all the modern things that you want to do. >> You're giving me flashbacks remembering how I glued discus into my Tumblr instance when that was rolling out. (laughing) >> That's what I was referring to, discuss. >> Yeah, so absolutely, you talk about there's just such a robust ecosystem out there, and one of the real challenges we have out there is, people will come in and they say, "Oh my gosh, where do I start?" And it's like, well, where do you want to go? There's the Paradox of Choice, and that I believe is one of the things that led you to create Redwoods. So help explain to our audience you know, you created this project Redwood, it related to JAMstack, but, but I'll let you explain you know, what it is in life needed? >> Yeah, Redwood is a response to a couple of things. One of those things, is the JavaScript world has, as everything has evolved in tremendous way, in all kinds of ways and almost entirely positive I think. The language itself has been improved so much from when I was a teenager using view source and copy pasting stuff into you know, some random X Files fan site. To now it's a first class language I can compete with with everything, from a ergonomics perspective. I really enjoy programming in it and I come from a Ruby, Ruby on Rails background and now I'm very happy in JavaScript that was not true even five, seven years ago, right? So JavaScript itself has changed a lot. Along with that comes NPM in the whole packaging universe, of availability of modules, right? So most of the things that you want to do, you can go and you can search and find code that's going to do those things for you, and so being able to, to just pull those into your projects so easily. That is amazing, right? The power that that gives you is tremendous. The problem comes in when, like you said, you have the Paradox of Choice. Now you have, not just one way to do something, but you have 100 ways to do something, right? And now as a as a developer, and especially as a new developer, someone who's just learning how to build web applications, you come into this and you say, all you see is the complexity, just overwhelming complexity, and every language goes through this. They go through a phase of sort of this Cambrian explosion of possibilities as people get excited, and you see that the web is embracing these technologies, and you see what's possible. Everyone gets excited and involved and starts creating solution after solution after solution, often times to the same problems. And that's a good thing, right, like exploring the territory is a good and necessary part of the evolution of programming languages and programming ecosystems. But there's comes a time where that becomes overwhelming and starts to trend towards being a negative. And so at Chatterbug, which is a foreign language learning service, if you want to learn how to speak French or Spanish or German, we'll help you do that, as part of that work, we started using react on the front end, because I really love what react brings you from a JavaScript and interactivity perspective. But along with react, you have to make about 50 other choices of technologies to use to actually create a fully capable website, something for state management, you got to choose a way to do JavaScript or sorry, CSS. There's 100 things that you have to choose, and it's, it seems very arbitrary and you go through a lot of churn, you choose one, and then the next day an article comes out and then people raving about another one, and then you choose, you're like, Oh, that one looks really nice. You know, grass is always greener, and so Redwood is a bit of a, an answer to that, or a response to that, which is to say, we've learned a lot of things now about what works in building with react, especially on the front end. And what I really want to do is have a tool that's more like Ruby on Rails, where I come from, having done years and years of Ruby on Rails, what GitHub was built with. And Ruby on Rails presents to you a fully capable web application framework that has made all the choices or most of the choices, many of the important choices. And the same is kind of missing in the JavaScript TypeScript world and so, when I saw Netlify come out with their feature where you could commit the code for a lambda function to your repository, and if you push that up to GitHub, Netlify will grab it, and they will orchestrate deploying that code to an AWS lambda so that you can run business logic in a lambda but without having to touch AWS, because touching AWS is another gigantic piece of complexity, and their user interfaces are sometimes challenging, I'll say. That, that then made me think that, here finally is the ability to combine everything that's awesome about the JAMstack and static files, and security, and this workflow, with the ability to do business logic, and that sounded to me like the makings of a full stack web application framework, and I kept waiting for someone to come out and be like, hey, tada, like we glued this all together, and here's your thing, that's rails, but for the JAMstack, JavaScript, TypeScript world and nobody was doing it. And so I started working on it myself, and that has become Redwoodjs. >> It's one of the things that excited me the early days when I looked into Serverless was that, that low bar to entry, you know, I didn't have to have, you know, a CS degree or five years of understanding a certain code base to be able to take advantage of it. Feels like you're hoping to extend that, it believe it's one of your passions, you know, helping with with Chatterbug and like, you know, helping people with that learning. What do you feel is the state out there? What's your thoughts about kind of the future of jobs, when it when it comes to this space? >> I think the future of jobs in technology and especially software development is, I mean, there is no, there is no better outlook for any profession than that. I mean, this is the, this is where the world is going, more and more of what we want to accomplish, we do in software and it happens across every industry. I mean, just look at Tesla's for instance, right? You think about automobiles and the car that you owned, you know, 10 years ago, and you're like, I don't know, I know there's a computer in here somewhere, but like, I don't really, you know, either the software for it is terrible, and you're like, who, when was the last time you actually use the navigation system in your car, right? You just like get like just turn that off because it's, it's so horrible. And then Tesla comes along and says, hey, what if we actually made all this stuff useful, and had a thoughtful interface and essentially built a car that where everything was controlled with software, and so now cars are are basically software wrapped in hardware, and the experience is amazing. And the same is true of everything, look at your, look at how many things that your phone has replaced that used to be physical devices. Look at manufacturing processes, look at any any element of bureaucracy, all of this stuff is mediated by computers, and oftentimes it's done badly. But this just shows how much opportunity there is speaking of like governmental websites, right, you go to the DMV, and you try to schedule an appointment, and you just have no confidence that that's going to work out because the interfaces feel like they were written 15 years ago, and sometimes I think they were, written that long ago. But there's so much, there's still so much improvement to be had and all of that is going to take developers to do it. Unless, you know, we figure out how to get AI to do it for us, and there's been some very interesting things lately around that angle, but to me, it's, humans will always be involved. And so, at some level, humans are telling machines what to do, whether you're doing it more or less directly, and having the ability to tell machines what to do gives you tremendous leverage. >> Yeah, we're big fans, if you know Erik Bryjolfsson and Andy McAfee from MIT, they've, you know, are very adamant that it's the combination of people plus machines that always will win against either people alone or machines alone. Tom, what, you know, right now we're in the middle of a global pandemic, there're financially, there's a lot of bad news around the globe right now. I've talked to many entrepreneurs that said, well, a downturn market is actually a great time to start something new. You're an investor, you've helped build lots of things. We talked a lot about lowering the bar for people to create and build new things. What do you see are some of the opportunities out there, if you know, you had to recommend for the entrepreneurs out there? Where should they be looking? >> I'd say look at all of the things in your life that have become challenging, because where there's challenge, where there's pain, there's opportunity for solutions. And especially when there's a big environmental change, which we see right now, with COVID-19, obviously has changed a lot of our behaviors and made some of the things that used to be easy. It's made those a lot harder, and so you see, certain segments of the economy are doing extremely well, namely technology and things that allow us to do interviews like this instead of in person, and so those industries are doing extremely well. So you look at the you look at the stock market in the United States, and it's it's very interesting, because while much of the country is suffering, the people that are already wealthy are doing very well, and technology companies are doing very well. And so the question for me is, what are the opportunities that we have, leveraging technology in the internet, to where we can create more opportunities for more people, to get people back to work, right? I think there's so much opportunity there. Just look at education, like the entire concept of educating kids right now and I have three. So we feel this very much, it has been turned on its head. And so we so you see many people looking for solutions in that space, and that's, I think that's as it should be. When things get, when things get challenged when our, our normal daily experience is so radically changed, there's opportunity there, because people are willing to change more quickly in a crisis, right? Because you need, you need something like any solution. And so some choice is going to be made, and where that's happening, then you can find early adopters more easily, than you can under other circumstances, and so in economic downturns, you often see that kind of behavior where these are crisis moments for people, you have an opportunity to come in and if you have something that could solve a problem for them, then you can get a user where that may have not been a problem for a person before. So where there is, where there is a crisis, there is always opportunity to help people solve their problems in different and better ways to address that crisis. So again, it goes back to pain, you know, and it doesn't have to be the pain from a crisis. It could be a pain from from anything. Just like with GitHub, it was, it was hard to share code as developers like it was, there was too much pain, and this was, we started it in 2008, right after the housing crisis. It was unrelated to that, but it turns out that when you start a company, when the economy is depressed in a certain way, then at least you can look forward to the economy getting better as you are building your company. >> Oh, Tom, Preston Werner, thank you so much for joining pleasure talking with you. I appreciate all of your input. >> Absolutely, thanks for having me. >> I'm Stu Miniman, thank you for joining this Episode of cloud native insights. Thank you for watching the theCUBE. (light music)

>> Narrator: From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe 2020 Virtual brought to you by Red Hat, the Cloud Native Computing Foundation and ecosystem partners. >> Hi I'm Stu Miniman and this is theCUBE's coverage of KubeCon, CloudNativeCon the 2020 European show of course happening virtually and that has put some unique challenges for the people running the show, really happy to welcome to the program she is one of the co-chairs of this event, and she is also a Principal Software Engineer at Splunk, Constance Caramanolis thank you so much for joining us. >> Hi, thank you for having me, I'm really excited to be here, it's definitely an interesting time. >> Alright, so Constance we know KubeCon it's a great community, robust everybody loves to get together there's some really interesting hallway conversations and so much going on, we've been watching, the four or five years we've been doing theCUBE at this show, just huge explosion of the breadth and depth of the content and of course, great people there. Just, if we could start with a little bit, your background, as I mentioned you're the co-chair, you work for Splunk by way of an acquisition, of Omnition try saying that three times fast, and Omnition you were telling me is a company that was bought really before it came out of stealth, but when it comes to the community itself, how long have you been involved in this community? What kind of led you to being co-chair? >> Yeah, I guess I've been involved with the community since 2017, so, I was at Lyft before Omnition Splunk, and I was lucky enough to be one of the first engineers, on Envoy you might've heard of Envoy, sorry I laugh at my own jokes. (laughing) Like my first exposure to KubeCon and seeing the CNCF community was KubeCon Austin and the thing that I was amazed by was actually you said it the hallway tracks, right? I would just see someone and be like, "Hey, like, I think I've seen your code review can I say hi?" And that started back on me at least a little bit involved in terms of talking to more people then they needed people I would work on a PR or in some of the community meetings and that was my first exposure to the community. And so I was involved in Envoy pretty actively involved in Envoy all the way until from 2016 until mid 2018 and then I switched projects and turning it left and did some other stuff and I came back into CNCF community, in OpenTelemetry as of last year, actually almost exactly a year ago now to work on making tracing, I'm going to say useful and the reason why I say useful is that usually people think of tracing as, not as important as metrics and logs, but there is so much to tracing that we tend to undervalue and that's why I got involved with OpenTelemetry and Omnition, because there's some really interesting ways that you could view tracing, use tracing, and you could answer a lot of questions that we have in our day-to-day and so that's kind of that's how I got involved in the second-round community and then ended up getting nominated to be on the co-chair and I obviously said yes, because this is an amazing opportunity to meet more people and have more of that hallway track. >> Alright, so definitely want to talk about OpenTracing, but let's talk about the event first, as we were talking about. >> Yeah. >> That community you always love the speakers, when they finish a session, they get mobbed by people doing questions. When you walk through the expo hall, you go see people so give us a little bit of insight as to how we're trying to replicate that experience, make sure that there's I don't know office hours for the speakers and just places and spaces for people to connect and meet people. >> Yeah, so I will say that like, part of the challenge with KubeCone EU was that it had already been meant to be an in person event and so we're changing it to virtual, isn't going to be as smooth as a KubeCon or we have the China event that's happening in a few weeks or at Boston, right that's still going on, like, those ones are being thought out a lot more as a proper virtual event. So a little bit of the awkwardness of, now everything is going to be online, right? It's like you can't actually shake someone's hand in a hallway but we are definitely trying to be cognizant of when I'm in terms of future load, like probably less content, right. It's harder to sit in front of a screen and listen to everything and so we know that we know we have enough bandwidth we're trying to find, different pieces of software that allow for better Q and A, right? Exactly, like the mobbing after session is go in as a speaker and one as attendee is sometimes like the best part about conferences is you get to like someone might've said something like, "Hey, like this little tidbit "I need to ask you more questions about this." So we're providing software to at least make that as smooth, and I'm putting this in quotation and as you'll be able to tell anyone who's watching as I speak with my hands. Right, so we're definitely trying to provide software to at least make that initial interaction as smooth as possible, maybe as easy as possible we know it's probably going to be a little bit bumpy just because I think it's also our first time, like everyone, every conference is facing this issue so it's going to be really interesting to see how the conference software evolves. It is things that we've talked about in terms of maybe offering their office hours, for that it's still something that like, I think it's going to be really just an open question for all of us, is that how do we maintain that community? And I think maybe we were talking or kind of when I was like planting the seed of a topic beforehand, it's like it's something I think that matters like, how do we actually define community? 'Cause so much of it has been defined off that hallway track or bumping into someone, right? And going into someone's booth and be like, like asking that question there, because it is a lot more less intimidating to ask something in person than is to ask it online when everyone gets to hear your question, right. I know I ask less questions online, I guess maybe one thing I want to say is that for now that am thinking about it is like, if you have a question please ask questions, right? If recording is done, if there's a recording for a talk, the speakers are usually made available online during the session or a bit afterwards, so please ask your questions when things come up, because that's going to be a really good way to, at least have a bit of that question there. And also don't be shy, please, even when I say like in terms of like, when it comes to review, code reviews, but if something's unintuitive or let's say, think about something else, like interact with it, say it or even ask that question on Twitter, if you're brave enough, I wouldn't but I also barely use Twitter, yeah I don't know it's a big open question I don't know what the community is going to look like and if it's going to be harder. >> Yeah, well, one of the things I know every, every time I go to the show conferences, when the keynote when it's always like, okay, "How many people is this your first time at the show?" And you look around and it's somewhere, third or half people attending for the first time. >> Yeah. I know I'm trying to remember if it was year and a half ago, or so there was created a kind of one-on-one track at the show to really help onboard and give people into the show because when the show started out, it was like okay, it was Kubernetes and a couple of other things now you've got the graduated, the incubated, the dozens of sandbox projects out there and then even more projects out there so, cloud-native is quite a broad topic, there is no wrong way where you can start and there's so many paths that you can go on. So any tips or things that we're doing this time, to kind of help broaden and welcome in those new participants? >> Yeah so there's two things, one is actually the one to attract is official for a KubeCon EU so we do have like, there's a few good talks in terms of like, how to approach KubeCon it was meant to originally be for a person but at least helping people in terms of general terms, right? 'Cause sometimes there's so much terminology that it feels like you need to carry, cloud-native dictionary around with you, doing that and giving suggestions there, so that's one of the first talks that's going to be able to watch on KubeCon so I highly suggest that, This is actually a really tough question because a lot of it would have been like, I guess it would have been for me, would have been in person be like, don't be afraid to like, if you see someone that, said something really interesting in a talk you attended, like, even if it's not after the question, just be like, "Hey, I thought what you said was really cool "and I just want to say I appreciate your work." Like expressing that appreciation and just even if it isn't like the most thoughtful question in the world just saying thank you or I appreciate you as a really good way to open things up because the people who are speaking are just as well most people are probably just as scared of going up there and sharing their knowledge as probably or of asking a question. So I think the main takeaway from that is don't be shy, like maybe do a nervous dance to get those jitters out and then after (laughing) and then ask that question or say like, thank you it's really nice to meet you. It's harder to have a virtual coffee, so hopefully they have their own teapot or coffee maker beside them, but offered you that, send an email I think, one thing that is very common and I have a hard time with this is that it's easy to get overwhelmed with how much content there is or you said it's just like, I first feel small and at least if everyone is focusing on Kubernetes, especially like a few years ago, at least and you're like, maybe that there are a lot of people who are really advanced but now that there's so many different people like so many people from all range of expertise in this subject matter experts, and interests that it's okay to be overwhelmed just be like, I need to take a step back because mentally attending like a few talks a day is like, I feel like it's taking like several exams 'cause there's so much information being bombarded on you and you're trying to process it so understand that you can't process it all in one day and that's okay, come back to it, right. It's a great thing is that all of these talks are recorded and so you can watch it another time, and I would say probably just choose like three or four talks that you're really excited about and listen to those, don't need to watch everything because as I said we can't process it all and that's okay and ask questions. >> Some great advice there because right, if we were there in person it was always, attend what you really want to see, are there speakers you want to engage with? Because you can go back and watch on demand that's been one of the great opportunities with the virtual events is you can have access on demand, you can poke and prod, personally I love that a lot of them you can adjust the speed of them so, if it's something that it's kind of an intro talk, I can crank it up to one and a half or 2X speed and get through more content or I can pause it, rewind if I'm not getting it. And the other opportunity is I tell you the last two or three years, when I'm at an event, I try to just spend my time, not looking at my phone, talking to people, but now there's the opportunity, hey, if I can be of help, if anybody in the community has a question or wants to get connected to somebody, we know a lot of people I'm easily reachable on Twitter and I'm not sitting on a plane or in the middle of something that being like, so there is just a great robust community out there, online, and it were great be a part of it. So speaking of projects, you mentioned OpenTelemetry, which is what, your day job works on it's been a really, interesting topic of course for those that don't know the history, there were actually two projects that merged, it was a OpenTracing and OpenCensus created OpenTelemetry, so why don't you bring us up to speed as to where we are with the project, and what people should be looking at at the show and throughout the rest of 2020? >> OpenTelemetry is very exciting, we just did our first beta release so for anyone who's been on the fence of, is OpenTelemetry getting traction, or is it something that you're like at, this is a really great time to want to get involved in OpenTelemetry and start looking into it, if it's as a viable project, but I guess should probably take a step back of what is OpenTelemetry, OpenTelemetry as you mentioned was the merging or the marriage of OpenTracing-OpenCensus, right? It was an acknowledgement that so many engineers were trying to solve the same problem, but as most of us knows, right, we are trying to solve the same problem, but we had two different implementations and we actually ended up having essentially a lot of waste of resources because we're all trying to solve the same problem, but then we're working on two different implementations. So that marriage was to address that because, right it's like if you look at all of the major players, all of the players on OpenTelemetry, right? They have a wide variety of vendor experience, right even as of speaking from the vendor hat, right vendors are really lucky that they get to work with so many customers and they get to see all these different use cases. Then there's also just so many actually end users who are using it and they have very peculiar use cases, too, even with a wide set of other people, they're not going to obviously have that, so OpenTelemetry gets to merge all of those different use cases into one, or I guess not into one, but like into a wide set of implementations, but at least it's maintained by a larger group instead of having two separate. And so the first goal was to unify tracing tracing is really far ahead in terms of implementation,, or several implementations of libraries, like Go, Java, Python, Ruby, like on other languages right now but quite a bit of lists there and there's even a collector too which some people might refer to as an agent, depending on what background they have. And so there's a lot of ways to one, implement tracing and also metrics for your services and also gather that data and manipulate it, right? 'Cause for example, tracings so tracing where it's like you can generate a lot of traces, but sometimes missing data and like the collector is a really great place to add data to that, so going back to the state of OpenTelemetry, OpenTelemetry since we just did a beta release, right, we're getting closer to GA. GA is something that we're tracking for at some point this year, no dates yet but it's something that we're really pushing towards, but we're starting to have a very stable API in terms of tracing a metric was on its way, log was all something we're wrapping up on. It is a really great opportunity to, all the different ways that we are that, we even say like service owners, applications, even business rate that we're trying to collect data and have visibility into our applications, this is a really great way to provide one common framework to generate all that data, to gather all that data and generate all that data. So it was really exciting and I don't know, we just want more users and why we say that is to the earlier point is that the more users that we have who are engaged with community, right if you want to open an issue, have a question if you want to set up a PR please do, like we really want more community engagement. It is a great time to do that because we are just starting to get traction, right? Like hopefully, hopefully in a year or two, like we are one of those really big, big projects right up on a CNCF KubeCon and it's like, let's see how much has grown. And it's a great time to join and help influence a project and so many chances for ownership, I know it's really exciting, the company-- >> Excellent well Constance, it's really exciting >> Yeah. >> Congratulations on the progress there, I'm sure everybody's looking forward to as you said GA later this year, want to give you the final word, yourself and Vicky Cheung as the co-chairs for the event, what's your real goal? What do you hope the takeaway is from this instance of the 2020 European show? Of course, virtual now instead of Amsterdam. I guess like two parts one for the takeaway is that it's probably going to be awkward, right? Especially again going back to the community is that we don't have a lot of that in person things so this will be an awkward interaction, but it's a really great place for us to want to assess what a community means to us and how we interact with the community. So I think it's going to be going into it with an open mindset of just knowing like, don't set the expectations, like any other KubeCon because we just know it won't be right, we can't even have like the after hours, like going out for coffee or drinks and other stuff there so having that there and being open to that being different and then also if you have ideas share it with us, 'cause we want to know how we can make it better, so expect that it's different, but it's still going to provide you with a lot of that content that you've been looking for and we still want to make that as much of a welcoming experience for you, so know that we're doing our best and we're open to feedback and we're here for you. >> Excellent, well Constance thank you so much for the work that you and the team have been doing on. absolutely, one of the events that we always look forward to, thanks so much for joining us. >> Thank you for having me. >> Alright, lots more coverage of theCUBE at KubeCon-Cloud Native on Europe 2020, I'm Stu Miniman and thanks for watching. (soft music)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Hi, I'm Stu Miniman, the host of Cloud Native Insights. And when we kicked off this program, Cloud Native Insights, we wanted to talk about the innovation and agility that's happening, not just Cloud as a location. We're going to draw down a little bit into one of the very important pieces of a company and that's their websites and their applications, that live in that environment. And of course, that comes from a lot of changes over the years. Any of us that have been in tech for a couple of decades have worked from the early days, to of course today's multimedia globally distributed environment and everyone during the global pandemic, of course, has been (indistinct) straining their use of the internet. So really excited to welcome to the program the two co-founders of Netlify. I have Matt Biilmann, who is the CEO, and his co-founder Christian Bach, who is the president both of Netlify really the company behind Jamstack, which we're going to explain and talk about a bit. Matt and Chris, thank you so much for joining us. >> Thanks for having us. >> Thank you for having us >> All right so, let's start with just some of the basics. I expect that some of our audience is not familiar with Jamstack. You do a quick Google search and it's JavaScript, its APIs, its markup. And you say, okay, I understand what a bunch of that means. But, yeah, if you could give us kind of a compare contrast to what web development was before and how Jamstack's really helping to revolutionize what's happening in this space. >> Yes, so for many years, we built websites and web applications with an application based architecture, where every website or every application would be this monolithic application with typically like a load balancer, a set of web servers, application servers, and that database and every request through a page would go through this whole stack it would pass through the application layer, talk to the database, fetch template, merge data and template, build HTML on the fly and send it back to the user. And basically what we saw happening and what's been happening with the Jamstack is this decoupling of the actual front-end presentation layer of the websites and web applications and then the back-end layer. And the advantages there is that if you can really pre-build the front-end application layer, you can take the actual HTML, or an application shell and distribute it across a globally distributed network, you can get it into the hands of the user's browser very quickly. And then the back end, what we've seen happening there is that it's split up to all these different APIs and services you no longer have your one monolithic back end you have all these different services. Where some of your own but a lot of them are other people's services like Stripe or Twilio or Algolia or Contentful. So we've seen this shift to this architecture, where we're considered in a way that the stack has moved up a little from the old tooling where something like the LAMP stack would be common in really naming the programming language, the specific web server, the Linux server, the operating system, and so on right? And then up to a level where it's really about getting an application into the browser, using JavaScript as the runtime and talking to this whole new economy of APIs and services. >> Yeah, Chris I wonder if you could bring us inside your customers and the companies that you talk to. I think about for the longest time it was, maybe I just outsource my web development, but website is one of those key components that I share my value, I share what's going on, I want to be able to change it pretty often and there's so much more that I can do today than I could have done 10 years ago. We've watched that mark. So, help us understand, what skill sets do people need to have? what type of companies are using Jamstack? And, bring in if you can, Netlify. How is this a business and not just, an open source standards movement, that's helping to revolutionize what's happening? >> Absolutely, I mean, First of all, people using this and companies use this is extremely wide. Wide vertical, right? Its very horizontal. This is anyone with a digital property basically, right? I think what we've seen all the time is that, that we have a lot more channels than we used to have, right? So we started off just maybe having the one dot com, right? With limited functionality. And today, you have a multiple channels, right? You have the landing pages, you have the domains, you have lots of activities online. You have mobile apps and commerce is often a big part of it, and I would say especially the last few months, there's a lot of people that had the digital convergence points as one of many. And now it's the only ones, right? So I think it's become extremely important. I also think that when you look at your web infrastructure in general, it has been very complex, right? And you need a lot of different people, right? And you need to maintain staging environments, production lines, development environments. You need to, have a wide set of skills to maintain these things, right? And if a web developer wanted to do a lot of things, right? They have to go and tap DevOps and so on on the shoulder, right? And I think what the Jamstack is about saying, hey, you can get so much further as a web developer. Now, if you take the modern built tools, you can take the Git workflows, and you wrap around the browser that has become a full-fledged operating system and the API economy as Matt was just talking about. You have these workflows, or you potentially have these workflows, where you can get so much further, right? And that's very much Netlify submission. So Netlify saw this opportunity of decoupling the front end from the back end of the building from the hosting of creating an approach to making websites that would be many times faster, 'cause you have multiple points of origin and you don't feel fredurous. It's many times safer. There's not that huge surface area of attack. It's much more scalable, and so on. It was sort of a win-win-win. But the problem was, there was no viable workflow. If you take a traditional CDN, and you put it in, it doesn't matter really, if it's one or the other. As good as they (indistinct) services, they're all meant to sit in front of an origin, right? They're meant to buffer something. And if you have the gems, there's no origin in that way, right? The network in itself has to be an origin so it has to be architectured quite differently. And then there's a lot of things around CDCI and how you server lists and so on. That all had to be sort of re-merged . And Netlify is that glue, it is that platform that takes you from local development all the way out to edge nodes. But allows you to mix and match any tool. So it's not program independent. So you can say, well, we use a build tool, and that's PHP or Ruby or JavaScript, the react or Next or whatever it might be, right? And we use these APIs for this server, for this property. Over here we have a commerce site. Over here, we have a dotcom, that needs a huge enterprise CMS with tons of stakeholders. But the thing is that all of those now becomes something that plugs into your website. Rather than have to drive the website itself. And that's sort of frees up the silos. So when we see people using Netlify, we have companies using Netlify. Big Fitness Company, for example, that own fitness company that uses us for developer documentation, or their marketing sites, but also for their dotcom. But even if you go to the equipment that people have at home, and you log in, that's actually using some very nifty identity and remote based access control for Netlify and if you watch the video there, it's also going through a Netlify player, all right? We have fast food chains that has their dotcom and their marketing sites, but also the kiosks down in the store like the menus, the screens there. Rather than being an old Windows NT server running some .NET application in a dusty corner, why not have it like that? And so, both the category but also Netlify sort of brings in a solution and because it's decoupled from all those architectural choices, that means that you can now use the solution in a much, much wider setting. And we were sort of first to market doing this. They get serverless approach where you just push your serverless functions to get better Netlify. First Feature Deploy Previews Were invented by us and so on. So the Jamstack is an extremely wide fundamental architectural approach that matches basically anyone that wants to build web properties. Netlify is the segnostic wide platform that just makes it possible. >> Yeah, good Chris actually, I saw the Peloton use case up on the website and you're right, a very different experience rather than I bring my device, is it synced? Does it work with it? Really integrates those solutions. And you just brought up serverless, which is actually how I got connected to talk in Netlify. So, Matt, sorry, I think you wanted to jump in there but I was wondering if you could help us. I've looked at serverless and what the promise of serverless of course, is that I don't need to think about that underlying infrastructure. I just like developers build our applications. Well, feels like that's really the same mission that you have. And they're serverless is a piece of your story. So, maybe explain (indistinct) that out a little for us. >> Absolutely, I think it ties in, right? Basically, what we saw just from a architectural perspective was this approach of really decoupling front end and back end and so on and working in a new way that gave a lot of benefits to the inducers in performance and security and so on right? But on the other hand, early on, what we saw was that to adopt that approach, like developers had to deal with lot of different moving pieces like CICD, CDN. What to do about the API endpoints that didn't need to be dynamic, and so on. And as Netlify, what we saw was that we could give one intro and workflow for all of this and make it extremely easy for developers to work with this thing. And serverless plays a really important piece there, right? Because when Amazon pioneered AWS Lambda and took it to the world, right? I think the promise also for the front-end web developers of being able to simply write code and then not have to worry at all about where is it actually running? How are we scaling it? How are we operating it and so on, right? That's a really powerful promise, right? But at the same time, in the same way, what we saw earlier on was that for a front-end team to actually adopt serverless functions as part of the Jamstack, it introduced another level of complexity of now having to manage your serverless functions independent from your front end figuring out API Gateway endpoints for every one of them. And how about deployment pipeline for your functions layer versus deployment pipelines for the actual front end layer that's supposed to talk to those front ends. How about staging environments versus to production environments? How do you manage all that, right? So we saw that there was this inherent incredible potential, but also a lot of complexity, right? And as Netlify we saw that if we could give front end developers a web developers in general, an ene-to-end workflow, where they can work both with the front-end framework, write the code that will get deployed into the browser, but also just have a folder where they can write this serverless functions and then know that Netlify will take care of all of the wiring, right? When you open a pull request and get with new function we'll give you a URL on our globally distributed CDN where you can view both the whole front end, but also the function and sidestep sort of all of the complexities of linking together API Gateways, to functions of managing CICD pipelines and test environments and so on. And in the end, the serverless functions starts becoming a really important part of this Jamstack approach, right? Because you have this world where you have a front end that's often talking to many different APIs and services where again, some of your own and some other people's services. But really often you need some place to glue those together or to build your own custom API endpoint that talks to a couple of them and it has access to server site secrets and so on, right? And this idea of not having to suddenly operate and manage a whole set of servers and infrastructure just for that part of it, but simply just writing the code and then knowing, that you don't have to worry about the operation scalability or anything around that code. That's a really powerful paradigm. >> Yeah, that's one of the real challenges of the Cloud as you talk about the Paradox of Choice. There's so many ways to do things. Not necessarily... It's simple anybody... I was a blogger for many years and it was like, well, I'll just use the self-hosted WordPress, because I don't want to have to worry about that piece of it. Matt, I watched it you did a presentation talking about if I wanted to do WordPress hosted in a AWS that absolutely is not simple. I heard a podcast from one of your board members, Tom Preston Werner, talking about we need to be more opinionated. We need to be able to give more guidance to developers, maybe Chris if you could, how are we when the proliferation of choice, keeps increasing, making sure that people can... How do I make that decision tree? And how do we try to keep it simple? >> Absolutely, I mean, and I actually think that, that's a super relevant question, because you have a lot of choice as a web developer today. Front-end developers used to cut out Photoshop files and turn them into HTML, right? Now with the new advanced markup, and they have all these frameworks and flavors of JavaScript to choose between and there's these powerful build tools, And all those workflows and the browser can do everything you can imagine, right? And so yeah, there is a lot of choice out there, right? And I think, for Netlify what's extremely important is that we are opinionated in the right places. And so when it comes to, for example, a front-end tool and built tools and these things that web developers often face with having to choose between. Our role is to make it as simple as possible to use any of them. But also give you the opportunity of saying, well, this new paradigm allows you to actually mix and match, right? It allows you to use this tool for this property and this tool for this property and gives you a ton of flexibility. But still, come under one roof of a platform like Netlify. And I think that is very powerful. And so we also don't want to choose for you, we want to inform your choices and we want to make it as easy as possible to go and say, hey, these are my needs, what direction should I be going? And of course, we work with enterprise clients, so on migration services, and so on, right? And where we help them a lot with that. But if we locked down on a single flavor, or a single bill tool or a single front end framework, then we also limit the application of what we bring to market and we want to remain a little more open-ended there. But I think there's a lot complexity, a platform like Netlify is all about simplification. So all that wiring that Matt just mentioned, that at least goes, right? You don't spend hours configuring bondage caching and trying to find those edge cases, it just works. And that's a huge game changer for a lot of people, right? But there's definitely parts of the ecosystem that has a lot of choice. And we do our best to inform. And I think, under hand holding part, adjacent to that is the story of, well, do we then start using content management systems? Is this a whole new? Is it out with the old and in with the new? And I would say, you still have a lot of those needs, right? You still have non-technical people, for example, that needs to be able to update and create moves and content, and so on, right? And create content. And so you very often will need and an E-commerce solution or content management systems and so on. But what we're seeing there, is that we're speaking basically with every single major CMS out there. That are saying we're working on a headless system, or we already have a headless version, or we just gone full headless, that means that we work decoupled. So we don't no longer need to build the site. But we just provide like an independent source of content. And then it plugs into a platform like Netlify. So that can bring a lot of simplicity. And now you just have to maintain your content, but you don't have to worry about all the different environments and what is up to date and how does some of the infrastructure look like you press a button that commits to get a default preview, and it looks the same everywhere. >> I'm curious, what impact the current global pandemic has had on Netlify, and your customers. I saw you've got a COVID tracking project that you've done. But also now just there's different considerations when I think about what services I need to access from the web and what kind of connectivity the ultimate end user would have. So, what learnings have you had? What's involved there? >> In, obviously we, it depends a lot on, as Chris mentioned, right? The game circus is adopted horizontally across all kinds of areas and businesses and so on, right? So, we've of course seen businesses in sectors that are having a hard time and on the other hand, we've seen businesses and sectors that are exploding, right? We did immediately when the lockdown started happening and the pandemic started happening we set aside like a free plan for projects working in the space of tackling the information sharing around COVID and finding solutions and so on. And that was really interesting to see you mention the COVID tracking project, right? Which was a project like built a short time by small group of distributed incredibly talented front end developers and scientists and so on, right? And I think it was interesting to see that, how the Jamstack and our tooling and so on also really made it possible for them to build as a small distributed team the set of data information and tooling to a global audience, right? Seeing huge traffic peaks at time and just knowing that their architecture and our infrastructure could handle it for them. >> All right. Chris, I've got one, a little bit off to the side here. When I look at what Netlify is doing, you talk about having an open and independent web. And while we are fully supportive of that, we're a little concerned sometimes. If you look at what's happening across the globe, there's a lot of discussions. Will the internet actually fragment? Will certain countries wall off certain environments? Any concerns there? What do you look at? What are you hearing from your customers when you talk about that mission? >> It's one of the big challenges of all time, right? I think we all maybe took for given the Internet as the standard it became right? The way that you can publish without permission is pretty magnificent, right? And it would be indescribably painful for civilization if we lost that, right? And I think fragmentation is something that we all have to sort of worry around. From the way we see it, is that the web, the traditional monolithic approach, right? To which led to as a web that wasn't secure enough and wasn't scalable enough and wasn't performing enough and that's, for example, what opened the door for mobile applications, right? Where it just didn't make sense to pull in the UI every time you turn the page. So we ended up with a form that's it. We prebuilt the application, you download it, and then you speak to service for anything then atmosphere come up with it, right. And that makes perfect sense. That's basically the same architecture that we're bringing to the web a very large scale. Of course, the problem is that now there are gatekeepers there, right? There people, you have to ask for permission to publish and so on. And, and there are other attempts to say, "Hey, we need a performing web." And there's a very big players out there that say, "Let's come over and just..." Do we even need to call it the Internet? Can we just call it our company website? I'm not going to name any names here, right? But leading down, it's what we've called walled gardens, that are great for absolutely no one except for the company. And what we believe is that if you have a web that is secure and is scalable, and it's performant enough to justify at least the architecture maintaining and not having to run into any walled gardens and still say no, you don't need to use a handful of commercial platforms if you want to be heard rather than have your own web properties on your own custom domains, right? I think that's the part of the open independent viable web that we're fighting for. Basically, one that adopts and keeps adopting an architecture that is something that levels the playing field. And then they would also say, why Netlify? I mean, a few years before we started, like, try configuring your own CDN. And like that was reserved for the very, very large tech players. Now you can comment, you can literally click a button on Netlify, you get custom domain and ACS post process site that's globally distributed, automatically integrated into get. And that's on the premium plan. And so as a startup, you can level set together with everyone else and be available widely across the globe without performance issues, immediately. And so in that way, I'm also seeing that's a democrat sensation of performance, right? That means that, that's great. And for places where you see developing economies, where you often have brownouts, where you often can't depend on having viable services and is locally and so on, this idea of having he cover that and having something that's just automatically, you know what, don't even worry about it, because it's already ready to go in all these packets all around the world. That's a huge game changer. That's actually what we see a lot of adoption of the gems they can never find in those places as well. Guess that's just such a promise to the architecture. So, I hear what you're saying and I'm also very concerned about a fragmented web for political reasons as well across the globe. And from our angle, the way we fight for this is to make sure that it retains using an architecture that makes it accessible for me. >> Yeah, I heard many years ago, a friend of mine said, if you're a technologist it means that in general you are a technology optimist, which I definitely try to be. So, I love Chris how you've just brought in some of the potential opportunity Matt, I want to give you just... People out there they hear like oh, 5G is coming, it's going to completely change the world. Anything that you're seeing on your side as to real opportunities that we will see, just a step function in what your company is using. Jamstack, partnering with Netlify in your ecosystem. What are some of the early things that you see that are exciting you down the line for this? >> Part of it is simply like the whole ecosystem around the gem stalk growing up and the tooling, the APIs, the frameworks available around it, and the level of innovation that's triggered. And especially how it's triggering in... Especially how we're seeing like the potential for small, distributed teams to work together and build things with a global impact in a short time. And I remember a couple of years ago, we did a hackathon with together with freeCodeCamp. And of course, like since it was with freeCodeCamp, it was mostly like teams were mostly fairly new to programming and so on, right? It was pretty amazing to see what over a weekend with this architecture and with this tooling, with the vendors that were present there and helping out and so on, what the small teams could actually get done in a weekend, right? Like I remember the winning team had an app where the whole room would see an image on the main stage screen and then on their phone, try to place that image on the map and you would real time see how people ranked, how close they got and get a winner and so on, right? And that was all just from combining APIs and tooling, like history, like Netlify, like Honor Bee, like Google Maps, and so on, right? And I think, in some way we shouldn't forget just how much this kind of ecosystem of readily available APIs and services around this front end stake. It's allowing people to build things that years ago would have taken a very big team probably like a year to build, and suddenly you can have a relatively small group of relatively new programmers built something really impressive, right? So I think that's a trend we'll see continue accelerating And me and Chris are personally involved in advising and helping out a lot of these new startups in the space that are trying to bring new tooling to the world that makes more and more of these things possible and accessible. >> Well, Chris and Matt, I really appreciate you both joining such an exciting space. Talk about the cloud, agility and innovation, such a robust ecosystem. Thank you so much for joining. >> Thanks for having us. >> Thanks for having us. >> And I'm Stu Miniman. Thank you for joining and look forward to hearing more about your CUBE insight. (soft music)

(upbeat music) >> Hi, and welcome to another CUBEConversation where we go in-depth into the topics that are most important to the technology industry with the thought leaders who are actually getting the work done. I'm Peter Burris, and we've got a great conversation today, and it all starts with the idea of how do you get smart people outside of your organization, in-service organizations to help you achieve your outcomes? It's a challenge because as we become more dependent upon services, we discover that service companies are often trying to sell us bills of goods or visions that aren't solving our exact problem. There's a new breed of service company that's really fascinated by your problem, and wants to sell it. Starts with engineering, starts with value add, and then leads to other types of potential relationships and activities. So what do those service companies look like? Well, to have that conversation, we've got Greg Tinker, who is the CTO and founder of Serene IT. Greg, welcome back to theCUBE. >> Thank you very much Peter, glad to be here. >> So tell us a little bit about Serene IT. >> So Serene IT is a, well we call it a next generation bar. So what do I mean by that? We mean that we are an engineering-first firm, so our staff is big, we're across the U.S., we have multiple branches and we just went international into Canada, with Serene IT Canada. We have other international branches that we coming online next year. So with that being said though, the key to our growth, the key to our success is the fact that we're an engineering firm first. We have very few sales staff. Our sales staff are more of an account management style, more of a nurturer or a farmer, we would call it, versus a hunter that means someone going out, because the customers are coming to us with their problems because they need a smart engineering bench to help them. They're not looking for somebody else's to bring them askew, or resell them a product. That can be easily done by some of the large conglomerates that are already out there, not to mention, spend 30 seconds on Google, you can pretty much buy anything you want. >> Yeah, and you know Fred Brookes said a million years ago, when I was, even before I got into computer science, wrote "The Mythical Man Month", and made the observation that the solution to a hard problem typically, is not more people, >> Right. >> It's working smarter, and working more with the right people. So tell a little about how you're able to find the right people from the industry, and bring them together to turn them into the right team. >> It's a great question, Peter, so I've been very fortunate. I loved my career at Hewlett Packard. I left on good terms because I saw a problem in the industry that I wanted to go and tackle head-on. It's easy for people to sit back and talk about it, it's more difficult to actually go and try to solve the problem, and I'm trying to solve the problem. The problem is, there's a lot of orders out there that bring very low value today, they bring a lot of resale. And that's great for those clients that just know what they want. The vast majority of customers don't know what they want today because the technologies are so advanced, they need help to get from where they were, a legacy model, to a more modern software-defined ecosystem. >> And the business problems are so complex. >> Yes. >> It's that combination of complex business problems, 'cause your competitions and your customers are pushing you, and now advanced technologies that have to be marshaled to solve those problems. >> That's exactly right, so with that being said, I set out build an engineering firm and resale would be something later, but we sell through the engineering consulting firms to solve those business problems for our clients. And so our engineering bench is comprised of engineers from Cisco, from Dell, from HPE, from a lot of big conglomerates that everybody all knows. But when you work in this industry, in the labs of these big conglomerates, me coming from HPE, when you do that, you get a lot of friends across the pillars. >> Sure. >> You build networks. >> You build networks. And quite frankly, it's the Marvel lab guys that own today Q-Logic. We all know each other, and with that being said, some of these guys want to go out and try to solve these big problems with companies like myself, and so with that being said, that's how we're building Serene IT, is engineering-first, and we have a very large technical bench today. Just think about it, the company came online in 2017 with just two, so today, we are significantly bigger than that. We're approaching a 50-plus headcount, and we continue to expand with multiple branches, and our growth rate is almost double every six months. And it's something I'm having a great deal of fun doing. The key thing here though is solving business problems and helping customers. >> Well let's talk about that, because every IT organization faces the challenge that they've been so focused on the hardware assets for so long, or the application assets. Now they're trying to focus on the data assets, but they find themselves often in conflict with the business They're not doing a particularly good job of translating a business opportunity into a technology solution still. >> True. >> You've got these great engineers. How are you getting them to also speak business, so that you facilitate that domain expertise about the business so it can be turned into a technology-reliable solution? >> Like any good engineering firm, you have to have levels right? So we have a knock all the way to level four, and our level four engineers are our master technologists that are usually patent published or some varied nature thereof, with usually a multitude of master ASC certification structures to be able to state the fact that they are level four. We also have some college kids that are coming up that are wanting to learn with us, which is good. But I want to tell you on that same point though, is we only allow those elite, the level three, the level four guys, to be in front of our clients, because they've been in this industry a long time. Like myself, we can understand the business problems, as well as the technology problems, and help a client go from zero to hero. That's what we do well. >> So you're bringing in people who have been business people, but have strong engineering backgrounds >> Correct. >> In product domains, in service domains, in the industry, and you're bringing them together and saying, let's go back to being engineers, that can still talk business. >> That's exactly it, that's the key differentiator with us, is the fact that we're not talking just essays, a lot of ours, in our mindsets have essays they call engineers. We don't hire anyone that can't put fingers on a keyboard. If they can't make magic happen on a keyboard, they're of no value to us, they're of no value to our clients, which is what they need help with. So if we're not able to sit down and have a conversation and pull out a laptop and make some some magic happen with, name it, Ansible, Puppet, Shell, Saltstack, that's just in automation CodeLogics, C-code we've got all the cool stuff in that space. But if we can't sit down and write Python, Ruby on Rails and whatnot, and make something tangible to a client in very short order, we didn't do our job. >> So a lot of companies that I've experienced, a lot of customers I've talked to, have what I would call the "goldilocks" problem with their service providers. By that I mean, some of their service providers don't have the technical chops to just throw numbers at it, so they're too cold. Some of their service providers are too smart, or pushing too hard and they get suspicious of them. How do you be that just right, stay focused on the problem bringing the other team, the engineers or the IT folks that you're working with along with you, so you get that natural technology transfer so the business gets the capability that it can run and you can go do something else? >> So that's a good point, Peter. I mean, we're still working out some of those details, I'll tell you, to be honest with you on that stuff. >> Everybody is. >> Yeah. We're getting better at it, you know customers. If we get to aggressive, and tell the customers this is what's wrong with your problem, this is where you need to go, we call their baby ugly, it puts a lot of contention right on the onset, so it causes problems. So we have to be very cognitive of what they have, and where they want to go, and show them where we're going and why we're doing it, and not just focus on "You did it the wrong way". We don't want to focus on that. That's already done, that ship's already sailed, why bash it? I tell my engineers don't talk negative, there's no good going to come of it. Focus on what you have, and where you need to go with it, and how we're going to get there. Keep it a positive message, and you'll find it'd be more receptive, and it's working for our team. >> Well I'll tell you, one of the things I've heard about Serene IT is that you guys especially developed competencies in technologies that have worked in the past. >> You can say that. >> It seems as though one of the things you're able to do is you're able not to make something so new and so distinct that the client can't see how they can possibly operate it without you. You're taking a lot of open-source, a lot of established tried-and-true technologies and using your smarts to put them together in new and interesting ways so the customer says, "Oh that was smart, that was smart. "I can do that, oh yes, now I get it". Is that, am I mis-characterizing your guys? >> No, you're not, you're actually spot-on. We actually have one of the largest ZFS file systems on the planet right now with 142 million users hitting it and-- >> ZFS? >> Yeah, it's old school. >> With 142 million, okay. >> Yeah, it's old-school But if what's old is new again, we're just putting a new wrapper around it. It worked great in its day, but you put that old technology, the file system itself that's been around for a long time, one of the biggest file systems at 128 bit. You take that file system and you put that on today's Red Hat, Caldera, SUSE, name your favorite. You put that on a big machine, a Linux machine today, a large scale like an HPDL380 with NVME drives with a back-end data store, like a 3PAR or Primäre, or name whatever you want on the back end with a big fiber channel, you'd be surprised what we can do with that thing. So we're able to keep customers' costs down by showing them we can take a old-school technology and make it far bigger than you ever imagined, and give you more horsepower and at less cost, and customers are really receptive to that. Now is that perfect for every footprint? No, that was a unique situation. Not everybody's got 142 million users.(chuckles) >> Well, that's true. And so let me build on that, because the other thing that the CIOs I talk to and senior IT people and also business people, increasingly, is they want to make sure that the solution works now, but that it's not going to end-of-life options for them. >> Yeah. >> How do you do this using tried-and-true technologies combined into new and interesting ways, in a way that still nonetheless gives customers future growth options or future application options? >> I'm not a fan of vendor-locking, I'm not a fan of Franken-monsters. Our team of engineers, we have a mandate that they do not build anything like that, I won't approve it. Because I don't want to have a customer locked in to Serene IT. That was never the intent. We want them to choose us, we want them to come to our team and get our value, so we can show them how to grow their business, and do it in a nice, sustainable way, so we can show their staff how to support it. That takes us into our managed services component. Most of the big things we design and do, we're what we call an adaptive managed services, an AMS model. What do I mean by that statement? We're not a WITO. What's a WITO, you ask? It's a "Walk In, Take Over". That's the big boys, that's the DXEs of the world, that's the Assentras, that's what they do. And they do that well. We're not here to compete with that. But what we're here to do is say, to a company or business, whoever they might be, you probably don't need us to take over everything in your IT shop, and really, we're not going to be the best at that, nor are they in some cases, the other vendors. I'll tell you, you know your business the best. We know infrastructure the best, and we can show you where you can build your skillsets up and get better at it. We can automate a lot of it and show you how to manage the automation, and there'll be certain key points that maybe you guys don't want to own for various reasons, and we will manage just that key component, and we do that today with a lot of our big clients. >> Greg Tinker, CTO and founder of Serene IT, thanks very much for being on theCUBE. >> Thank you, Peter. >> And once again, I want to thank you for participating in this CUBEConversation. Until next time. (upbeat music)

>> Live, from Barcelona, Spain it's theCUBE covering Cisco Live! Europe. Brought to you by Cisco and it's ecosystem partners. >> Welcome back to Barcelona everybody, this is theCUBE, the leader in live tech coverage. I'm Dave Vellante with my co-hosts. Stu Miniman, John Furrier has been here all week. Day three coverage of Cisco Live!, Barcelona. Cisco Live EMEA, and R. We learned the other day, add R for Russia. Kaustubh Das is back. KD is the vice president of product management for data center at Cisco and he's joined by Kevin Egan who is the director of the computer systems group for data center. Also from Cisco, gents, good to see you, welcome to theCUBE. >> Thank you. >> Great to be here. >> Thanks for having us. >> KD, Data center was a real focus of the announcements this week. The data center is exploding to a lot of different places. What's going on in the group? >> It's been a terrific weekend, you're right. Data center was a core of a lot of the announcements this week, and as we kicked off the key note with this concept that the data center is no longer centered. It's really, the data moves to the edges, the data center is moving to the edges. We had a lot of announcements around Hyperflex, Hyperflex anywhere, this product that we've been innovating on like monsters. Within a very short time, gone from a brand-new product on the market to a magic quarter liter with Gartner, and really kind of doing a lot of industry firsts with that. That's been a big focus. We had a lot of announcements with our technology partners, because we not only innovate within Cisco, but we work with Pure and NetApp and Citrix and Intel Optane and Nvidia to bring products to the market that get the richness of their innovation and our innovation together. The other big focus has been all about programmability. As the world becomes much more programmable, focus devops automation, it's been around Intersight and programmability and taking that to the next level. >> Interesting. So of course we always talk about shipping five megabytes of code as opposed to shipping petabytes through a straw into the god box. But so Kevin, programmability's a key theme here, of course we're in the devnet zone. We had Susie Wee on yesterday and she was just talking about the evolution of Cisco infrastructure and how early on you guys made the decision. Let's make all this stuff programmable. And that was sort of a game changer, your thoughts. >> Yeah, no it's been amazing. The growth of just Cisco devnet right? We've got half a million developers now developing against our SDKs, our devops, our opportunities all across our Cisco platforms. We've got thousands of Cisco resources doing work on that, producing those libraries, producing that, those sample sets of code and contributing to the communities. And today our customers are using it in a way that they've never really done. Previously it was a sort of a fix because vendor tools weren't getting it done. And now they're using these automation tools to really do every day tasks out to the mass, to reduce the complexity for their teams and reduce the burden. And then of course to have that repeatability and that security and that compliance aspect and it's been amazing the explosion. >> Yeah. The simplicity reminds me back you know the earliest days of UCS, you know UCS was built for that wave of virtualization and as KD has talked with us this week already about some of the partnerships that you've built. The wave of converged infrastructure, UCS really dominated in that marketplace, but here now we talk about AI with some of your partners, you talk about programmability, it's like that's not the Cisco UCS that I remember launching. So maybe give us the updates specifically that was announced this week. Where the platform has gone in more recent days. >> So I can start maybe, >> Yeah, absolutely. >> UCS came up with this concept of everything needs to be programmable, everything needs to be an API. And maybe we were a little ahead of our time, we conceived of this in 2007, got the product out in 09 and really from the very genesis of the program, of the UCS program, it's been a programmable platform, it's been everything's an API. The UI makes calls to the API, our SDKs make calls to the APIs. So that's been the core platform and in some ways it feels like the industry is coming to where we thought it would come to a little bit earlier. So they, this whole concept of infrastructure's code, softly defined what do we want to call it, this was core and germane to the product itself. What we've done lately is, it's taken that policy that we're encapsulated and taken out all of the silver into the fabric for scalability, we've taken that now into the cloud. And what that does is it leads to that velocity of innovation becoming even higher, the ability to create new and unique use cases becomes higher, the ability to conceive it becomes higher. And all of that coupled with where IT is going, which is becoming much more devops, much more around automation. I think those forces are coupling together to create some really unique use cases. >> You said, you gestured take it into the cloud, which is interesting, pointing. What does that mean? Taking it into the cloud? >> So let's speed back a little bit. So what we start off with was listen, a silver's a box, we need to abstract the silver, the personality of the silver out of that box into policy, put it in the fabric. And that allows us to really scale that and give the box different personalities depending upon the workload. What we've done is, we've launched a product called Intersight. Intersight takes that policy and makes it a SAS service, management of the service we want to call it. So now as data moves everywhere, as data centers move everywhere, as our applications no longer become monolithic but become these combinations of little applications communicating across data centers, it allows us to have a centralized dashboard for our infrastructure that we can access, because it's in the cloud, from anywhere. And because it's in the cloud it can kind of get, get that innovation wheel turning much faster. It's just been game changing, and obviously there's other things that can happen once you do that. You can have proactive guidance coming down from the cloud, you can have golden images come down from the cloud, you can do workload specific settings. So there's a lot of new areas that it opens up once you, >> Analytics, right? >> Analytics. >> Machine intelligence. >> So we've got the takeover happening in the devnet zone right now, so focus on the data center, everybody's got t shirts and I think it says Hyperflex on them, big announcement this week about Hyperflex anywhere. Kevin you know I think that when people heard HCI, they often picture a box, or it's a group of boxes it's in a rack, it's all that and everything, and the thing is as an analyst I was poking at it, it's like "well we virtualized a lot of the stuff "and we put it in a new form factor." That's great to modernize the platform but how do we make it cloud native, how does it fit into a hybrid and multi cloud world, and it feels like we're reaching that point now. So help us connect the dots as to how, what HCI was fits into this hybrid and multi cloud world today. >> Absolutely. I mean, HCI when it came out was an alternative to SAN, I mean it was an alternative and it was touting simplicity, touting you know grow with your applications. But really now, with the multi cloud instances that our customers are looking at, they have to have a way to deploy those, a way to connect to those remotely, manage those, monitor those, actually connect that back to the core so that you can take advantage of the analytics that are running at the core and make real time recommendations, make real time adjustments for services and those type of, you know that connectivity is really what we mean by Hyperflex anywhere. It's the evolution of how you deploy, how you manage, and then of course that day two, day five, day one hundred where you're actually making that experience simple for the customers. >> Help us understand exactly, is this, do I just have the backup image in a public cloud, do I actually have similar software stacks, what's the expanse? >> Let me try to unpack that a little bit. I think it's three different vectors that we're doing. So we want as we modernize, and as our customers modernize, they're looking for a much more cloud-like limber, elastic platform. That's the first vector, that's what HCI has done, that's what we've done. And we've actually done it on steroids because we've taken that code-designed hardware and software much like the public cloud guys are doing, but we control that and we can give that to our enterprise customers and our enterprise grade resilient infrastructure. The first thing is that, the second piece of it is what our customers and really our developers and the customers are wanting to do, is to create in one place and deploy in another. So create on the private cloud, deploy in the public cloud, or create in the public cloud, deploy in the private cloud, or actually have an application that bridges the two. So having a homogenous development environment whether it's, and a lot of this is around the container frameworks, whether it's on the public cloud, private cloud. That's key, and what we've done with Hyperflex, and the integrations we've got with our container platform, with open shift, with cloud center, which was again a big announcement this week. That's that second vector, is being able to port applications, develop one place, deploy any place. And the third piece is what we've been talking about all through this segment, which is the ability to now have the cloud drive your infrastructure. Everything's connected, everything's analyzed in the cloud, there's telemetry, there's proactive guidance, there's a common dashboard there's centralized monitoring, there's the ability to deploy, like we did in the key note demonstrating in the key note, multiple different sides spread out across the world, from a cental location. I think that's game changing. >> I'd like to get your take on differentiation. Obviously you guys are biased. Cisco's different, it's better. But I want to hear why. So relative to other infrastructure players, are you, in your words, however you want to describe it more cloud like more programmable, where's the differentiation? >> Go ahead and I'll later on. >> Yeah sure. So basically we started with a foundation of UCS and that foundation, virtualize compute bare metal compute, and of course now hyper-converge, and the reason that it allows us to do things, allows us to Hyperflex anywhere, allows us to have that cloud-based model is because we built that infrastructure around the API from day one. When we started this, that programmatic infrastructure, we were talking to customers, it was stateless it was desired state config, they didn't know what we were talking about. I mean, they had no idea when this came out. But that's the foundation that really allows us to drive the API integrations to our app layers, which is what KD was talking about, and then of course from there to our multi cloud integrations and that's really the foundation that laid, that we laid early on. And that's why all of our UCS platform really enables this cloud integration. >> Yeah, I mean the way I look at it is nobody else has a fully API driven infrastructure. Everything's an API for us, we don't expose APIs after the fact, it is built around, it's an API first infrastructure. And everything is built around them. Whether it's our STKs, our integrations with you know Pop and then Ansible, and those kind of tool sets, our integration with other tool sets that people use. It's all driven through that. The second thing that is different is, we have an emulator, so we can allow our customers to really time travel through the whole process of deployment. I mean, our customers can deploy the infrastructure before the infrastructure hits the loading dock because they can download the UCS emulator. They can actually configure, deploy, build the whole policy on our management platform, test it out, do the what ifs on the emulator. When the equipment shows up, we're ready to go, we are in business, nobody else can do that. And the final thing which is, aside from all of the cloud connected pieces I've talked about, the breadth of Cisco's portfolio spanning from all of our networking assets, our SD WAN assets, our security assets, our collaboration assets, our cloud assets, that breadth gets us to implement use cases for our customers that are just, it's just impossible for anybody else to do. >> We've heard lots of proof points here in the devnote zone specifically from programmability and the automation. I've talked to some service providers here at the show, we've also heard about the journey that enterprise customers are going through to kind of understand that space and learn places here like this. Kevin, I'm sure you're talking to a lot of customers here, maybe if you have examples as to you know the exemplars of who're doing this well, and what people can learn from customers like that. >> Yeah, I mean it's amazing right. In just devnet alone we've got sessions on UCS with Python, STKs, UCS with Powertool, how to integrate with Ansible, these are just becoming common terms, common household terms for our customers. As you go up to enterprise customers, service provider customers, they're using these tools in a day to day manner to do the automation on top of, to really deploy and manage their apps, right, and the way that, I mean, it's exciting, we have customers from all segments of all industry, and they really they use these programmatic, KD's simple example of platform emulator, you don't realize how powerful that is, where you can set that same exact state machine that's in your UCS, you can put it on your laptop, set up all your policies, and then when that gear hits the dock, you are up in hours. Literally we have very large e-commerce sites, they do this, thousands of servers hit it, and in a matter of hours, they've applied those policies and they're up and running. Python, we've got Python, Ruby, Powertool, software developer kits, we've got devops that sit on those, and Ansible, Puppet, Chef, and these are just the automation so if you want to do it yourself, we've got the world class API, nobody else gives you that programmatic API. That's how we built our foundation. If you want Cisco to call those APIs, we have Intersight and we'll make those calls for you. If you just want to do some simple scripting, Powertool. You can automate certain processes, it doesn't have to be the whole end to end. You know you can use all these, it's basically choice to really, what your applications are demanding and what your customers are demanding. >> That's a strong story, one of breadth and depth. We're out of time, but KD I wonder if you could sort of put a bow on Cisco Live! Europe this year, big takeaways from your point of view. >> Listen, we've been innovating like monsters and it's such a terrific week for us to come here, to really touch and feel and listen to our customers and see the delight on their faces as we show them what we've been doing. And this part of the show, day three the devnet takeover, this is where it gets really really real, because now we get to go down to the depths of looking at those APIs, looking at those use cases, getting people to play around with them. So it's just been terrific, I love it. >> I love it too, we're the interview monsters this week. So guys thanks very much for coming on theCUBE. >> Thanks for having us. >> You're welcome. Alright keep it right there everybody, we'll be back with our next guest right after this short break. You're watching theCUBE from Cicso Live! In Barcelona. Be right back. (upbeat electronic outro)

live from San Francisco it's the cube covering Google cloud next 2018 brought to you by Google cloud and its ecosystem partners ok welcome back everyone we're live here in San Francisco this is the cubes exclusive coverage of Google clouds event next 18 Google next 18 s the hashtag we got two great guests talking about services kubernetes sto and the future of cloud aparna scene how's the group product manager of kubernetes and we have hen goldberg director of engineering of google cloud - amazing cube alumni x' really awesome guests here to break down why kubernetes why is Google cloud really doubling down on that is do a variety of other great multi cloud and on-premise activities guys welcome to the queue great to see you guys again thank you always a pleasure and again you know we love kubernetes the CN CF and we've talked many times about you know we were riffing and you know Luke who Chuck it was on Francisco who loves sto we thought service meshes are amazing you guys had a great open source presence with cube flow and a variety of other great things the open source contribution is recognized by Diane green and the whole industry as number one congratulations why is this deal so important we're seeing the big news at least for me this kind of nuances one datos available you get general availability we're supposed to be kind of after kubernetes made it but now sto is now happening faster why so what we've seen in the industry is that it only becomes too easy to create micro services or services overall but we still want to move fast so with the industry today how can you make sure that you have the right security policies how do you manage those services at scale and what if tio does really in one sense is to expand it it's decoupled the service development from the service operations so developers are free they don't need to take care of monitoring audit logging network traffic for example but instead the operation team has really sophisticated tool to manage all of that on behalf of the developers in a consistent way you know Penn and I did a session yesterday a spotlight session and it covered cloud services platform including ISTE oh we had a guest from eBay and eBay has been with Google kubernetes engine for a long time and they're also a contributor to the kubernetes open source project they talked about how they have hundreds of micro services and they're written in different languages so they're using gold Python Ruby everything under the Sun and as an operator how do you figure out how the services are communicating with each other how do you know which ones are healthy so they I asked him you know so how did you solve that complexity problem and he said boom you assist EO and I deployed this deal it deploys as just kind of like a sidecar proxy and it's auto injected so none of your developers have to do anything and then it's available in every service and it gives you so much out of the box it gives you traffic management it gives you security it gives you observability it gives you the ability to set quotas and to have SL o--'s and and that's really you know something that operators haven't had before describe SL lows for a second what is why is that important objectives so you can see an example so you can have an availability objective that this service should always always be available you know 99.9 percent of the time that's an SLO or you know the response rate needs to be have a certain type of latency so you can have a latency SLO but the key here with this deal is that as an operator previously Jeff was working Jeff from eBay he was working at the at the VM or container or network port level now he's working at the service level so he understands intelligence about the parts of the application that weren't there before and that has two things it makes him powerful right and more intelligent and secondly the developer doesn't need to worry about those things and I think one of the things for network guys out there is that it's like policy breeze policy to the equation now I want to ask course on the auto injections what's the role of the how much coding is involved in doing this zero coding how much how much developer times involved in injecting the sidecar proxies zero from a developer perspective that's not something that you need to worry about you you can focus on you know the chatbot your writing or the webpage your writing or whatever logic you're developing that's critical for your business that's gonna make you more competitive that's why you were hired as a developer right so you don't have to worry about the auto injection of sto and what we announced was really managed it's d1 gke so that's something that Google will manage for you in the future oh go ahead I want less thing about sto I think it also represented changing the transformation because before we were all about kubernetes and containers but definitely when we see the adoption the complexity is much broader so in DCP were actually introducing new solutions that are appropriate for that so easier for example works on both container eyes applications and VM based applications cloud build that we announced right it also works across applications of all types doesn't have to be only containers we introduced some tools for multi cluster management because we know all customers have multi cluster the large ones so really thinking about it how is in a holistic way we are solving those problems we've seen Google evolve its position in the enterprise clearly when we John and I first started talking to Google about cloud is like everything's going to cloud now we're seeing a lot of recognition of some of the challenges that enterprises face we heard a lot of announcements today that are resonating or going to resonate with the enterprise can you talk about the cloud services platform is that essentially your hybrid strategy is it encompass that maybe you could talk about that little bit closer services platform is a big part of our hybrid cloud strategy I mean for as a Google platform we also have networking and compute and we bridge private and public and that's a foundation but cloud services platform it comes from our heritage with open source it comes from our engagement with many large enterprises banks healthcare institutions retailers do so many of them here you know we had HSBC speaking we had target speaking we know that there are large portions of enterprise IT that are going to remain on premise that have to remain on premise because you know they're in a branch office or they have some sort of regulatory compliance or you know that's just where their developers are and they want to have a local environment so so we're very very sensitive and and knowledgeable about that and that's why we introduced cloud services platform as Google's technology in your environment on Prem so you can modernize where you are at your own pace so some of the things we heard today in the keynote we heard support for Oracle RAC and Exadata and sa P that's obviously traditional enterprises partnership with NetApp cloud armor shielded VMs these are all you know traditional enterprise things what enterprise grade features should we be looking for from cloud services platform so the first one which I actually love the most is the G key policy management one of the things we've heard from our customers they say okay portability is great consistency great but we want security portability right they now have those all of those environment how can they ensure that they're combined with the gtp are in all of their environments how they manage tenants in all of their environments in the same way and G key policy measurement is exactly that okay we're allowing customers to apply the same policy while not locking them in okay we're fully compatible with the kubernetes approach and the primitives of our bug enrolls but it is also aligned with G CPI M so you can actually manage it once and apply it to all your environment including clusters kubernetes cluster everywhere you have so I expect we'll have more and more effort in this area I'm making sure that everything is secured and consistent auto-scaling is that enterprise greed auto-scaling yes yes I mean auto-scaling is a inherent part of kubernetes so kubernetes scales your pods automatically that's a very mature I mean it's been stable for more than a year or probably two years and it's used everywhere so auto skip on auto scaling is something that's used and everywhere the thing about gke is that we also do cluster auto scaling cluster auto scaling is actually harder and we not only do it for CPU as we do it for GPUs which is innovative you know so we can scale an auto scale and auto implements Auto provision your GPUs if you machine learning we're gonna bring that on-prem - it's not in the first version but that's something that with the approach that we've taken to GK on Prem we're gonna be adding those kinds of capabilities that gonna be the go on parameters it's just an extension just got to get the job done or what time frame we look API that we've built it's a downward API that works with some sort of hardware clustering technology right now it's working with vSphere right and so it basically if you're under an underlying technology has that capability we will auto scale the cluster in the future you know I got to say you guys are like the dynamic duo of kubernetes seen you in the shows you had Linux Foundation events talk about the relationship between you guys you have an engineering your product management how were you guys organizer you're moving fast I mean just the progress since we've been interviewing you to CN CF segoe all just been significant since we started talking on the cube you see in kubernetes obviously you guys have some inside knowledge of that but it's really moving fast how is the team organized what's the magic internal formula that you guys are engineering and you guys are working as a team I've seen you guys opens is it just open stores is the internal talk about some of the dynamics we're working as one team one thing I love mostly about the Google culture is about doing the right thing for the user like the announcements you've seen yesterday on the on the keynote there are many many teams and I've been working together you know to get that done but you cannot see that right you don't see that there are so many different teams and different product managers and different engineering managers all working together but well I I think where we are right now I know is that really Google is backing up kubernetes and you can see it everywhere right you can see with ours our announcement about key native yeah for example so the idea of portability the idea of no lock-in is really important for us the idea of open cloud freedom of choice so because we're all aligned to that direction and we all agree about the principles is actually super easy to the she's very modest you know this type of thing doesn't just happen by itself right I mean of course google has a wonderful culture and we have a great team but I you know I really enjoy working with hen and she is an amazing leader she is the leader of the engineering team she also brings together these other teams you know every large company has many teams and the announcement at the scale that we made it and the vision that you see the cohesiveness of it right it comes from collaboration it comes from thinking as a team and you know the management and leadership depend has brought to the kubernetes project and to kubernetes and gke and cloud services platform is phenomenal it's an inspiration I really enjoy the progress congratulate and it's been great progress so I hear a lot of customers talk about things like hey you know they evaluate vendors you know those guys have done the work and it's kind of a categorical way of saying it's complete they're working hard they're doing the right things as you guys continue this mission what's some of the work that you're continuing to what's the work that you guys are doing the work we see some of that evidence if it does ascribe to someone says hey have you done the work to earn the cred in the crowd cloud what would it be how would you describe the work that you've done and the work that you're doing and continue to do what does that work what would you say that I mean I hope that we have done the work to you know to earn the credit I think we're very very conscientious you know in the kubernetes open source project I can say we have 300 plus contributors we are working not just on the future functionality but we work on the testing and the we work on the QA we work on all the documentation stuff we work on all the nitty-gritty details so I think that's where we earn the credit on the open source side I think in cloud and in Enterprise do well you're seeing a lot of it here today you know the announcements that you mentioned we're very very cognizant and I think the thing I like about one of the things that Diane said I liked very much as I think the industry underestimates us well when you talk about well we look at the kubernetes if I can call it a playbook it took the world by storm obviously solving some of your own problems you open source it develop the community should we think about it Co the same it's still the same way are you going to use that sort of similar approach it seems to be working yes doing open source is not easy okay managing and investing and building something like kubernetes requires a lot of effort by the way not just from Google we have a lot of people that working full time just on kubernetes the way we look at that we we look about the thing that we have valued the most like portability for example if there is anything that you would like to make a standard like with K native those are kind of thing that we really want to bring to the industry as open source technologies because we want to make sure that they will work for customers everywhere right we need we need to be genuine and really stand behind what we were saying to our customers so this is the way we look at things again another example you can see about Q flow right so we actually have a lot of examples or we want to make sure that we give those options so that's one it's one is for the customer the second thing I want actually the emphasize is the ecosystem and partners yeah we know that innovation not a lot of innovation will come from Google and we want to make sure that we empower our powders and the ecosystem to build new solutions and is again another way to do it yes I mean because we're talking before we came on camera about the importance of ecosystems Dave and I have covered many industries within you know enterprise and now cloud and big data and I see blockchain on the horizon another part of our coverage area ecosystems are super important when you have openness and you have inclusion inclusion Airy culture around building together and co-creation this is the ethos of open source but people need to make money right so at the end of the day we're you guys are not you're not a non-profit you know it's gonna make profit so instead of the partners so as the world turns to cloud there's going to be new value opportunities how do you guys view that ecosystem because is it yeah is it more educational is it more just keep up a lot of people want to be on the right side of history with cloud and begin a lot of things are changing how do you guys view that ecosystem in terms of nurturing it identifying it working with it building it sharing what's your thoughts sure you know I I believe that new technology comes with lots of opportunity we've seen this with kubernetes and I think going forward we see it it's not a zero-sum game you know there's a huge ecosystem that's grown up around kubernetes and now we see actually around sto a huge ecosystem as well the types of opportunities in the value chain I think that it changes it's not what it used to be right it's not so much I think taking care of hardware racking and stacking hardware it's higher level when we talked about SEO and how that raises the level of management I think there's a huge role for operators it's a transformative role you know and we've seen it at Google we have this thing called site reliability engineering sre it's a big thing like those people are God you know when it comes to your services I think that's gonna happen in the enterprise that's gonna be a real role that's an Operations role and then of course developers their life changes and I think even like for regular people you know for kids for you and I and normal people they can become developers and start writing applications so I think there's a huge shift that's a huge thing you're touching on a lot of areas of IT transformation you know talking about the operations piece we've touched upon some of the application development how do you guys look at IT transformation and what are some of your customers doing IT transformation is enabled by you know this raising of the level of abstraction by having a multi cluster multi cloud environment what I see in in the customer base is that they don't want to be limited to one type of cloud they don't want to be limited to just what's on Prem or just what's in one you know in any one cloud they want to be able to consume best-of-breed they want to be able to take what they have and modernize it even if it's even if they can't completely rewrite or even if they can't completely transform it they want to be able they wanted to be able to participate so they even they want their mainframes to be able to participate but yeah I had one customers say you know I I don't want to have two platforms a slow platform and a fast platform I want just a fast platform know about the future now as we end the segment here I want to get your thoughts we're gonna see CN CF s coming up to Seattle in a couple months and also his ST O's got great traction with I'll see with the support and and general availability but what's the impact of the customers because gke Google Cabernets engine is evolving to be the single in her face it's almost as ease of use because that's a real part of what you guys are trying to do is make it easy the abstraction layer is gonna create new business models obviously we see that with the transformation fee she were just mentioning the end of the day I got to operate something I'm a network guy I'm now gonna might be a operating the entire environment I'm gonna enable my developers to be modern fast or whatever they want to be in the day you got to run things got to manage it so what does gke turn into what's the vision can you share your thoughts on on how this transforms and what's the trajectory look like so our goal is actually to help automate that for our customers so they can focus elsewhere as we said from the operations perspective making things more reliable defining the SLO understanding what kind of service they want to provide their customers and our hope you know you can again you can see in other things that we are building like Auto ml okay actually giving more tools to provide those capabilities to the application I think that's really see more and more so the operators will manage services and they will do it across clusters and across environments this is this is a new skill set you know it's the sre skill set but but even bigger because it's not just in one cloud it's across clouds yeah it's not easy they're gonna do it with centralized policy centralized control security compliance all of that so you see us re which is site reliability engineers at Google term but you see that being a role in enterprises and it's also knowing what services to use when what's going to be the most cost effective the right service for the right job that's really an important point I agree I think yeah I think security I think cost perspective was something definitely that will see enterprises investing more in and understanding and how they can leverage that right for their own benefit the admin the operator is gonna say okay I've got this on Prem I've got these three different regions I have to be that traffic coordinator to figure out who can talk to who where should this traffic go there's who should have how much quota all of that right that's the operator role that's the new roles so it's a it's an opportunity for operations people who might have spent their lives managing lawns to really transform their careers yes there's no better time to be an operator I mean you can I want to be an operator and I can't tell you how my dear sorry impacts our team like the engineering team how much they bring the focus on customer the service we are giving to our customers thinking about our services in different ways I think that actually is super important for any engineering team to have that balance okay final questions just put you on the spot real quick answer great stuff congratulations on the work you guys are doing great to follow the progress but I'm a customer I'll put my customer hat on par in ahead I can get that on Amazon Microsoft's got kubernetes why Google cloud what makes Google cloud different if kubernetes is open why should I use Google Cloud so you're right and the wonderful thing is that Google is actually all in kubernetes and we are the first public cloud that actually providing a managed kubernetes on-prem well the first cloud provider to have a GCP marketplace with a kubernetes application production-ready with our partners so if you're all in kubernetes I would say that it's obvious yeah III see most of the customers wanting to be multi cloud and to have choice and that is something that you know is very aligned with what we're look at this crowd win open source is winning great to have you on a part of hend thanks for coming on dynamic duo and kubernetes is - a lot of new services are happening we're bringing all those services here in the cube it's our content here from Google cloud Google next I'm Jennifer and David Lonnie we'll be right back stay with us for more day two coverage after this short break thank you