>> Live, from San Francisco, it's theCUBE covering IBM Think 2019. Brought to you by IBM. >> Hello everyone, welcome back to theCUBE's live coverage here in San Francisco for IBM Think 2019. I'm John Furrier, Stu Miniman with theCUBE. Stu, it's been a great day. We're on our fourth day of four days of wall to wall coverage. A theme of AI, large scale compute with Cloud and data that's great. Great topics. Got two great guests here. Rohit Badlaney, who's the director of IBM Z As a Service, IBM Systems. Real great to see you. And Nataraj Nagaratnam, Distinguished Engineer and CTO and Director of Cloud Security at IBM and Hybrid Cloud, thanks for joining us. >> Glad to be here. >> So, the subtext to all the big messaging around AI and multi-cloud is that you need power to run this. Horsepower, you need big iron, you need the servers, you need the storage, but software is in the heart of all this. So you guys had some big announcements around capabilities. The Hyper Protect was a big one on the securities side but now you've got Z As a Service. We've seen Linux come on Z. So it's just another network now. It's just network computing is now tied in with cloud. Explain the offering. What's the big news? >> Sure, so two major announcements for us this week. One's around our private cloud capabilities on the platform. So we announced our IBM Cloud Private set of products fully supported on our LinuxOne systems, and what we've also announced is the extensions of those around hyper-secure workloads through a capability called the Secure Services Container, as well as giving our traditional z/OS clients cloud consumption through a capability called the z/OS Cloud Broker. So it's really looking at how do we cloudify the platform for our existing base, as well as clients looking to do digital transformation projects on-premise. How do we help them? >> This has been a key part of this. I want to just drill down this cloudification because we've been talking about how you guys are positioned for growth. All the REORG's are done. >> Sure, yeah >> The table's all set. Products have been modernized, upgraded. Now the path is pretty clear. Kind of like what Microsoft's playbook was. Build the core cloudification. Get your core set of products cloudified. Target your base of customers. Grow that and expand into the modern era. This is a key part of the strategy, right? >> Absolutely right. A key part of our private cloud strategy is targeted to our existing base and moving them forward on their cloud journey, whether they're looking to modernize parts of their application. Can we start first with where they are on-premise is really what we're after. >> Alright, also you have the Hyper Protect. >> Correct. >> What is that announcement? Can you explain Hyper Protect? >> Absolutely. Like Rohit talked about, taking our LinuxOne capabilities, now that enterprise trusts the level of assurance, the level of security that they're dependent on, on-premise and now in private cloud. We are taking that further into the public cloud offering as Hyper Protect services. So these are set of services that leverage the underlyings of security hardening that nobody else has the level of control that you can get and offering that as a service so you don't need to know Z or LinuxOne from a consumption perspective. So I'll take two examples. Hyper Protect Crypto Service is about exposing the level of control. That you can manage they keys. What we call "keep your own keys" because encryption is out there but it's all about key management so we provide that with the highest level of security that LinuxOne servers from us offer. Another example is database as a service, which runs in this Hyper Secure environment. Not only encryption and keys, but leveraging down the line pervasive encryption capabilities so nobody can even get into the box, so to say. >> Okay, so I get the encryption piece. That's solid, great. Internet encryption is always good. Containers, there's been discussions at the CNCF about containers not being part of the security boundaries and putting a VMware around it. Different schools of thought there. How do you guys look at the containerization? Does that fit into Secure Protect? Talk about that dynamic because encryption I get, but are you getting containers? >> Great question because it's about the workload, right? When people are modernizing their apps or building cloud-native apps, it's built on Kubernetes and containers. What we have done, the fantastic work across both the IBM Cloud Private on Z, as well as Hyper Protect, underlying it's all about containers, right? So as we deliver these services and for customers also to build data services as containers or VM's, they can deploy on this environment or consume these as a compute. So fundamentally it's kubernetes everywhere. That's a foundational focus for us. When it can go public, private and multicloud, and we are taking that journey into the most austere environment with a performance and scale of Z and LinuxONE. >> Alright, so Rohit, help bring us up to date. We've been talking about this hybrid and multi-cloud stuff for a number of years, and the idea we've heard for many years is, "I want to have the same stack on both ends. I want encryption all the way down to the chip set." I've heard of companies like Oracle, like IBM say, "We have resources in both. We want to do this." We understand kubernetes is not a magic layer, it takes care of a certain piece you know and we've been digging in that quite a bit. Super important, but there's more than that and there still are differences between what I'm doing in the private cloud and public cloud just naturally. Public cloud, I'm really limited to how many data centers, private cloud, everything's different. Help us understand what's the same, what's different. How do we sort that out in 2019? >> Sure, from a brand perspective we're looking at private cloud in our IBM Cloud Private set of products and standardizing on that from a kubernetes perspective, but also in a public cloud, we're standardizing on kubernetes. The key secret source is our Secure Services Container under there. It's the same technology that we use under our Blockchain Platform. Right, it brings the Z differentiation for hyper-security, lockdown, where you can run the most secure workloads, and we're standardizing that on both public and private cloud. Now, of course, there are key differences, right? We're standardizing on a different set of workloads on-premise. We're focusing on containerizing on-premise. That journey to move for the public cloud, we still need to get there. >> And the container piece is super important. Can you explain the piece around, if I've got multi-cloud going on, Z becomes a critical node on the network because if you have an on-premise base, Z's been very popular, LinuxONE has been really popular, but it's been for the big banks, and it seems like the big, you know, it's big ire, it's IBM, right? But it's not just the mainframe. It's not proprietary software anymore, it's essentially large-scale capability. >> Right. >> So now, when that gets factored into the pool of resources and cloud, how should customers look at Z? How should they look at the equation? Because this seems to me like an interesting vector into adding more head room for you guys, at least on the product side, but for a customer, it's not just a use case for the big banks, or doing big backups, it seems to have more legs now. Can you explain where this fits into the big picture? Because why wouldn't someone want to have a high performant? >> Why don't I use a customer example? I had a great session this morning with Brad Chun from Shuttle Fund, who joined us on stage. They know financial industry. They are building a Fintech capability called Digital Asset Custody Services. It's about how you digitize your asset, how do you tokenize them, how you secure it. So when they look at it from that perspective, they've been partnering with us, it's a classic hybrid workload where they've deployed some of the apps on the private cloud and on-premise with Z/LinuxONE and reaching out to the cloud using the Hyper Protect services. So when they bring this together, built on Blockchain under the covers, they're bringing the capability being agile to the market, the ability for them to innovate and deliver with speed, but with the level of capability. So from that perspective, it's a Fintech, but they are not the largest banks that you may know of, but that's the kind of innovation it enables, even if you don't have quote, unquote a mainframe or a Z. >> This gives you guys more power, and literally, sense of pretty more reach in the market because what containers and now these kubernetes, for example, Ginni Rometty said "kubernetes" twice in her keynote. I'm like, "Oh my God. The CEO of IBM said 'kubernetes' twice." We used to joke about it. Only geeks know about kubernetes. Here she is talking about kubernetes. Containers, kubernetes, and now service missions around the corner give you guys reach into the public cloud to extend the Z capability without foreclosing the benefits of Z. So that seems to be a trend. Who's the target for that? Give me an example of who's the customer or use case? What's the situation that would allow me to take advantage of cloud and extend the capability to Z? >> If you just step back, what we're really trying to do is create a higher shorten zone in our cloud called Hyper Protect. It's targeted to our existing Z base, who want to move on this enterprise out journey, but it's also targeted to clients like Shuttle Fund and DAX that Raj talked about that are building these hyper secure apps in the cloud and want the capabilities of the platform, but wanted more cloud-native style. It's the breadth of moving our existing base to the cloud, but also these new security developers who want to do enterprise development in the cloud. >> Security is key. That's the big drive. >> And that's the beauty of Z. That's what it brings to the table. And to a cloud is the hyper lockdown, the scale, the performance, all those characteristics. >> We know that security is always an on-going journey, but one of the ones that has a lot of people concerned is when we start adding IoT into the mix. It increased the surface area by orders of magnitude. How do those type of applications fit into these offerings? >> Great question. As a matter of fact, I didn't give you the question by the way, but this morning, KONE joined me on stage. >> We actually talked about it on Twitter. (laughs) >> KONE joined us on stage. It's about in the residential workflow, how they're enabling here their integration, access, and identity into that. As an example, they're building on our IoT platform and then they integrate with security services. That's the beauty of this. Rohit talked about developers, right? So when developers build it, our mission is to make it simple for a developer to build secure applications. With security skill shortage, you can't expect every developer to be a security geek, right? So we're making it simple, so that you can kind of connect your IoT to your business process and your back-end application seamlessly in a multi-cloud and hybrid-cloud fashion. That's where both from a cloud native perspective comes in, and building some of these sensitive applications on Hyper Protect or Z/LinuxONE and private cloud enables that end to end. >> I want to get you guys take while you're here because one of the things I've observed here at Think, which is clearly the theme is Cloud AI and developers all kind of coming together. I mean, AI, Amazon's event, AI, AI, AI, in cloud scale, you guys don't have that. But developer angle is really interesting. And you guys have a product called IBM Cloud Private, which seems to be a very big centerpiece of the strategy. What is this product? Why is it important? It seems to be part of all the key innovative parts that we see evolving out of the thing. Can you explain what is the IBM Cloud Private and how does it fit into the puzzle? >> Let me take a pass at it Raj. In a way it is, well, we really see IBM Cloud Private as that key linchpin on-premise. It's a Platform as a Service product on-premise, it's built on kubernetes and darker containers, but what it really brings is that standardized cloud consumption for containerized apps on-premise. We've expanded that, of course, to our Z footprint, and let me give you a use case of clients and how they use it. We're working with a very big, regulated bank that's looking to modernize a massive monolithic piece of WebSphere application server on-premise and break it down into micro-services. They're doing that on IBM Cloud Private. They've containerized big parts of the application on WebSphere on-premise. Now they've not made that journey to the cloud, to the public cloud, but they are using... How do you modernize your existing footprint into a more containerized micro-services one? >> So this is the trend we're seeing, the decomposition of monolithic apps on-premise is step one. Let's get that down, get the culture, and attract the new, younger people who come in, not the older guys like me, mini-computer days. Really make it ready, composable, then they're ready to go to the cloud. This seems to be the steps. Talk about that dynamic, Raj, from a technical perspective. How hard is it to do that? Is it a heavy lift? Is it pretty straight-forward? >> Great question. IBM, we're all about open, right? So when it comes to our cloud strategy open is the centerpiece offered, that's why we have banked on kubernetes and containers as that standardization layer. This way you can move a workflow from private to public, even ICP can be on other cloud vendors as well, not just IBM Cloud. So it's a private cloud that customers can manage, or in the public cloud or IBM kubernetes that we manage for them. Then it's about the app, the containerized app that can be moved around and that's where our announcements about Multicloud Manager, that we made late last year come into play, which helps you seamlessly move and integrate applications that are deployed on communities across private, public or multicloud. So that abstraction venire enables that to happen and that's why the open... >> So it's an operational construct? Not an IBM product, per say, if you think about it that way. So the question I have for you, I know Stu wants to jump in, he's got some questions. I want to get to this new mindset. The world's flipped upside down. The applications and workloads are dictating architecture and programmability to the DevOps, or infrastructure, in this case, Z or cloud. This is changing the game on how the cloud selection is. So we've been having a debate on theCUBE here, publicly, that in some cases it's the best cloud for the job decision, not a procurement, "I need multi-vendor cloud," versus I have a workload that runs best with this cloud. And it might be as if you're running 365, or G Suite as Google, Amazon's got something so it seems to be the trend. Do you agree with that? And certainly, there'll be many clouds. We think that's true, it's already happened. Your thoughts on this workload driving the requirements for the cloud? Whether it's a sole purpose cloud, meaning for the app. >> That's right. I'll start and Rohit will add in as well. That's where this chapter two comes into play, as we call Chapter Two of Cloud because it is about how do you take enterprise applications, the mission-critical complex workloads, and then look for the enablers. How do you make that modernization seamless? How do you make the cloud native seamless? So in that particular journey, is where IBM cloud and our Multicloud and Hybrid Cloud strategy come into play to make that transition happen and provide the set of capabilities that enterprises are looking for to move their critical workloads across private and public in bit much more assurance and performance and scale, and that's where the work that we are doing with Z, LinuxONE set of as an underpinning to embark on the journey to move those critical workloads to their cloud. So you're absolutely right. When they look at which cloud to go, it's about capabilities, the tools, the management orchestration layers that a cloud provider or a cloud vendor provide and it's not only just about IBM Public Cloud, but it's about enabling the enterprises to provide them the choice and then offer. >> So it's not multicloud for multicloud sake, it's multicloud, that's the reality. Workload drives the functionality. >> Absolutely. We see that as well. >> Validated on theCUBE by the gurus of IBM. The cloud for the job is the best solution. >> So I guess to kind of put a bow on this, the journey we're having is talking about distributed architectures, and you know, we're down on the weeds, we've got micro-services architectures, containerization, and we're working at making those things more secure. Obviously, there's still a little bit more work to do there, but what's next is we look forward, what are the challenges customers have. They live in this, you know, heterogeneous multicloud world. What do we have to do as an industry? Where is IBM making sure that they have a leadership position? >> From my perspective, I think really the next big wave of cloud is going to be looking at those enterprise workloads. It's funny, I was just having a conversation with a very big bank in the Netherlands, and they were, of course, a very big Z client, and asking us about the breadth of our cloud strategy and how they can move forward. Really looking at a private cloud strategy helping them modernize, and then looking at which targeted workloads they could move to public cloud is going to be the next frontier. And those 80 percent of workloads that haven't moved. >> An integration is key, and for you guys competitive strategy-wise, you've got a lot of business applications running on IBM's huge customer base. Focus on those. >> Yes. >> And then give them the path to the cloud. The integration piece is where the linchpin is and OSSI secure. >> Enterprise out guys. >> Love encryption, love to follow up more on the secure container thing, I think that's a great topic. We'll follow-up after this show Raj. Thanks for coming on. theCUBE coverage here. I'm John Furrier, Stu Miniman. Live coverage, day four, here live in San Francisco for IBM Think 2019. Stay with us more. Our next guests will be here right after a short break. (upbeat music)