>>Welcome back to HPD discovered 2021. My name is Dave Volonte and you're watching the cubes virtual coverage of discover we're going to dig into the most pressing topic not only for I. T. But entire organizations and that's cyber security with me. Miss O'Neil James, senior Director of security engineering at Hewlett Packard Enterprise. So Neil welcome to the cube. Come on in. >>Dave, thank you for having me. I appreciate it. >>Hey, you talked about Project Aurora today. Tell us about project Aurora. What is that? >>So I'm glad you asked. Project Aurora is a new framework that we're working on that attempts to provide the underpinnings for Zero Trust architectures inside of everything that we build at. Hp. Zero Trust is a way of providing a mechanism for enterprises to allow for everything in their enterprise. Whether it's a server, a human or anything in between to be verified and attested to before they're allowed to access or transact in certain ways. That's what we announced today. >>Well, so in response to a spate of damaging cyber attacks last month, President biden issued an executive order designed to improve the United States security posture and in that order essentially issued a zero trust mandate. You know, it's interesting. Zero Trust has gone from a buzzword to a critical part of a security strategy. So in thinking about a zero trust architecture, how do you think about that and how does project Aurora fit in? >>Yeah, Zero Trust architecture as a concept has has been around for quite some time now and over the last few years you've seen many a company attempting to provide technologies that they purport to be. Zero trust. Zero Trust is a framework. It's not one technology, it's not one tool, it's not one product. It is an entire framework of thinking and applying cyber security principles uh to everything that we just talked about beforehand. Project Aurora, as I said before hand, is designed to provide a way for our ourselves and our customers to be able to measure a test and verify every single piece of technology that we sell to them, whether it's a server or everything else in between. Now, we've got a long way to go before we're able to cover everything that HP sells. But for us these capabilities are the root of Zero Trust architectures, you need to be able to at any given moments notice, verify measure and a test and this is what we're doing with Project Aurora. >>So you founded a company called citadel and sold out to HPD last year. And my understanding is you were really the driving force behind the secure production identity framework, but you said zero Trust is really a framework, uh that's an open source project. Maybe you can explain what that is. I mean people talk about the nist framework for cybersecurity. How does that relate? What why is this important and how does Aurora fit into it? >>Yeah, so it's a good question. The next framework is a broader framework for cybersecurity that couples and covers many aspects of thinking about the security posture of an enterprise, whether it's network security, host based intrusion detection capabilities in response things of that sort Spiffy. What you're referring to secure production identity framework for everyone is an open source framework and technology base that we did work on when I was the ceo of Seattle. That was designed to provide a platform agnostic way to assign identity to anything that runs in a network. And so think about yourself or myself, we are uh, we have identities in our back pocket driver's license, passports, things of that sort. They provide a unique assertion of who we are and what we're allowed to do that does not exist in the world of software. And what spiffy does is it provides that mechanism so that you can actually use frameworks like project Aurora that can verify the underpinning infrastructure on top of which software workloads run to be able to verify the spiffy identities even better than before >>is the intensive product ties this capability within this framework. How do you approach this from HP standpoint >>suspicion inspire will and always will be. As far as I'm concerned, remain an open source project held by the cloud Native Computing Foundation. It's for the world. And we want that to be the case because we think that more of our enterprise customers are not living in the world of one vendor or two vendors. They have multiple vendors. And so we need to give them the tools and the flexibility to be able to allow for open source capabilities like Spiffy inspire to provide a way for them to assign these identities and assign policies and control regardless of the infrastructure choices they make today or tomorrow. H P E recognizes that this is a key differentiating capability for our customers. And our goal is to be able to look at our offerings that power the next generation of workloads, kubernetes instances, containers, serverless and anything that comes after that. And our responsibility to say, how can we actually take what we have and be able to provide those kinds of assertions, those underpinnings for zero trust that are going to be necessary to distribute those identities to others workloads and to do so in a scalable, effective and automated manner, which is one of the most important things that project Wara does. >>So a lot of companies senior will set up a security division, uh and and so, but is the IS HPV strategy to essentially uh embed security across its entire portfolio? How do you, how should we think about HP strategy in cyber? >>Yeah, so it's a it's a great question. Hp has a long history, uh security and other domains, networking and servers and storage and beyond. Uh the way we think about what we're building with project or this is plumbing, this is plumbing that must be and everything we built, customers don't buy one product from us and they think it's one custom, one company and something else from us and they think it's another company, they're buying HPV products. And our goal with Project Aurora is to ensure that this plumbing is widely and uniformly distributed and made available. So whether you're buying in Aruba device, a primary storage device or per alliance server. Project Aurora's capabilities are going to provide a consistent way to do the things that I've mentioned beforehand To allow for those zero trust architectures to become real. >>So it's I alluded to President biden's executive order previously, I mean you're a security practitioner or an expert in this area. It just seems as though, and I'd love to get your comments on this. I mean the adversaries are well funded. You know, they're either organized crime, their nation states, uh they're they're extracting a lot of very valuable information, they're monetizing that you've seen things like ransomware as a service now, so any any knucklehead can, can be in the ransomware business. Um it's just this endless escalation game. Um how do you see the industry approaching this? What needs to happen? So obviously I like what you're saying about the plumbing, you're not trying to attack this with a bunch of point tools, which is part of the problem. How do you see the industry coming together to solve this problem? >>Yeah, it's uh if you operate in the world of security, you have to operate from the standpoint of humility. And the reason why you have to operate from a standpoint of humility is because the attack landscape is constantly changing the things and tools and investments and techniques that you thought were going to thwart an attacker. Today, there quickly outdated within a week, a month, a quarter or whatever it might be. And so you have to be able to consistently and continuously evolve and adapt towards what customers are facing on any given moments notice I think to be able to as an industry tackle these issues more and more. So you need to be able to have all of us start to abide, not abide, but start to adopt these open source patterns. We recognize that every company hB included is here to serve customers and to make money for its shareholders as well. But in order for us to do that, we have to also recognize that they've got other technologies in their infrastructure as well. And so it's our belief, it's my belief that allowing for us to support open standards with spiffy inspire and perhaps with some of the aspects of what we're doing with project Aurora, I think allows for other people to be able to kind of deliver the same underpinning capabilities, the plumbing if you will, regardless of whether it's an HP product or somebody else along those lines as well. We need more of that generally across our industry and I think we're far from it. >>I mean this sounds like a war. I mean, it's it's more than a battle. It's a war that actually is never gonna end. Uh, and I don't think there is an end in sight. And you hear, see, so let's talk about the shortage of talent. Uh, they're getting inundated with point products and tools and then that just creates more technical debt. It's been interesting to watch interesting. Maybe it's not the right word, but the pivot 20 trust, endpoint security, cloud security and the exposure that we've now seen as a result of the pandemic was sort of rushed. And then of course, we've seen, you know, the the adversaries really take advantage of that. So, I mean, what you're describing is this ongoing, never ending battle, >>isn't it? Yeah, yeah, no, it's it's it's going to be ongoing. And by the way, Zero Trust is not the end state, right. I mean, there was things that we called the final nail in the coffin Five years ago, 10 years ago and yet the Attackers persevered. And that's because there's a lot of innovation out there. There's a lot of uh, infrastructure moving to dynamic architecture is like cloud and others that are going to be poorly configured and are going to not have necessarily the best and brightest providing security around that. So we have to remain vigilant. We have to work as hard as we can to help customers deploy Zero Trust architecture, but we have to be thinking about what's next. We have to be watching, studying and evolving to be able to prepare ourselves to be able to go after whatever the next capabilities are. >>What I like about what you're saying is, you're right. You have to have humility. I don't want to say. I mean it's it's hard because I do feel like a lot of times the vendor community says, okay, we have the answer to your point. You know, okay. We have a zero trust solution or we have a security solution and there is no silver bullet in this game. And I think what I'm hearing from you is look, we're providing infrastructure, Plumbing is the substrate, but it's an open system. It's got to evolve. We've anything you didn't say, but I love your thoughts on this is we got to collaborate with who some of you might think is your competitor because they're still, they're the good guys. >>Yeah. I mean our our customers are customers don't care that we're competitors with anybody. They care that we're helping them solve their problems for their business. So our responsibility is to figure out what we need to do to work together to provide the basic capabilities that allow for our customers to to remain in business. Right. If cybersecurity issues plague any of our customers, that doesn't affect just HP. That affects all of the companies that are serving that customer itself. So I think we have a shared responsibility to be able to protect our customers >>and you've been in cyber for much, if not most of your career. Right, correct. Let's go. So I got to ask you, did you have a superhero when you were a kid? Did you have sort of uh, you know, save the world thing going? >>Did I have to say, you know, I I didn't have to save the world thing going. But I had um I had, I had two parents that cared for for the world in many, many ways. They were both in the world of health care and so every day I saw them taking care of other people. And I think that probably rubbed off in some of the decisions that I made too >>Well. It's awesome. You can do a great work, really appreciate you coming on the cube and and thank you so much for your insights. >>I appreciate that. Thanks >>All right. Thank you for being with us for our ongoing coverage. HPD discovered 21. This is Dave Volonte. You're watching the cube. The leader in digital tech coverage will be right back. Mhm.

>>data by its very nature is distributed and siloed. But most data architectures today are highly centralized. Organizations are increasingly challenged to organize and manage data and turn that data into insights this idea of a single monolithic platform for data, it's giving way to new thinking. We're a decentralized approach with open cloud native principles and Federated governance will become an underpinning underpinning of digital transformations. Hi everybody, this is Day Volonte. Welcome back to HP discover 2021 the virtual version. You're watching the cubes continuous coverage of the event and we're here with Matt Mako is the field C T O for Israel software at H P E. And we're gonna talk about HP software strategy and esmeralda and specifically how to take a I analytics to scale and ensure the productivity of data teams. Matt, welcome to the cube. Good to see you. >>Good to see you again. Dave thanks for having me today. >>You're welcome. So talk a little bit about your role as CTO. Where do you spend your time? >>Yeah. So I spend about half of my time talking to customers and partners about where they are on their digital transformation journeys and where they struggle with this sort of last phase where we start talking about bringing those cloud principles and practices into the data world. How do I take those data warehouses, those data lakes, those distributed data systems into the enterprise and deploy them in a cloud like manner. And then the other half of my time is working with our product teams to feed that information back so that we can continually innovate to the next generation of our software platform. >>So when I remember I've been following HP and HP for a long, long time, the cube is documented. We go back to sort of when the company was breaking in two parts and at the time a lot of people were saying, oh HP is getting rid of the software business to get out of software. I said no, no, no hold on, they're really focusing and and the whole focus around hybrid cloud and and now as a service and so you're really retooling that business and sharpen your focus. So so tell us more about asthma, it's cool name. But what exactly is as moral software, >>I get this question all the time. So what is Israel? Israel is a software platform for modern data and analytics workloads using open source software components. And we came from some inorganic growth. We acquired a company called citing that brought us a zero trust approach to doing security with containers. We bought blue data who came to us with an orchestrator before kubernetes even existed in mainstream. They were orchestrating workloads using containers for some of these more difficult workloads, clustered applications, distributed applications like Hadoop. And then finally we acquired Map are which gave us this scale out, distributed file system and additional analytical capabilities. And so what we've done is we've taken those components and we've also gone out into the marketplace to see what open source projects exist, to allow us to bring those club principles and practices to these types of workloads so that we can take things like Hadoop and spark and Presto and deploy and orchestrate them using open source kubernetes, leveraging Gpu s while providing that zero trust approaches security. That's what Israel is all about. Is taking those cloud practices and principles but without locking you in again using those open source components where they exist and then committing and contributing back to the open source community where those projects don't exist. >>You know, it's interesting. Thank you for that history. And when I go back, I always been there since the early days of big data and Hadoop and so forth. The map are always had the best product. But but they can't get back then. It was like Kumbaya open source and they had this kind of proprietary system, but it worked and that's why it was the best product. And so at the same time they participated in open source projects because everybody that that's where the innovation is going. So you're making that really hard to use stuff easier to use with kubernetes orchestration. And then obviously I'm presuming with the open source chops, sort of leaning into the big trends that you're seeing in the marketplace. So my question is, what are those big trends that you're seeing when you speak to technology executives, which is a big part of what you do? >>Yeah. So the trends I think are a couple of fold and it's funny about Duke, I think the final nails in the coffin have been hammered in with the Hadoop space now. And so that that leading trend of of where organizations are going. We're seeing organizations wanting to go cloud first, but they really struggle with these data intensive workloads. Do I have to store my data in every cloud? Am I going to pay egress in every cloud? Well, what if my data scientists are most comfortable in AWS? But my data analysts are more comfortable in Azure. How do I provide that multi cloud experience for these data workloads? That's the number one question I get asked. And that's the probably the biggest struggle for these Chief Data Officers. Chief Digital Officer XYZ. How do I allow that innovation but maintaining control over my data compliance especially, we talk international standards like G. D. P. R. To restrict access to data, the ability to be forgotten in these multinational organizations. How do I sort of square all of those components and then how do I do that in a way that just doesn't lock me into another appliance or software vendors stack? I want to be able to work within the confines of the ecosystem. Use the tools that are out there but allow my organization to innovate in a very structured, compliant way. >>I mean I love this conversation. And just to me you hit on the key word which is organization. I want to I want to talk about what some of the barriers are. And again, you heard my wrap up front. I I really do think that we've created not only from a technology standpoint and yes, the tooling is important, but so is the organization. And as you said, you know, an analyst might want to work in one environment, a data scientist might want to work in another environment. The data may be very distributed. They maybe you might have situations where they're supporting the line of business. The line of business is trying to build new products. And if I have to go through this, hi this monolithic centralized organization, that's a barrier uh for me. And so we're seeing that change that kind of alluded to it upfront. But what do you see as the big, you know, barriers that are blocking this vision from becoming a reality? >>It very much is organization dave it's the technology is actually no longer the inhibitor here. We have enough technology, enough choices out there. That technology is no longer the issue. It's the organization's willingness to embrace some of those technologies and put just the right level of control around accessing that data because if you don't allow your data scientists and data analysts to innovate, they're going to do one of two things, they're either going to leave and then you have a huge problem keeping up with your competitors or they're gonna do it anyway, and they're gonna do it in a way that probably doesn't comply with the organizational standards. So the more progressive enterprises that I speak with have realized that they need to allow these various analytical users to choose the tools, they want to self provision those as they need to and get access to data in a secure and compliant way. And that means we need to bring the cloud to generally where the data is because it's a heck of a lot easier than trying to bring the data where the cloud is while conforming to those data principles. And that's, that's Hve strategy, you've heard it from our CEO for years now, everything needs to be delivered as a service. It's essential software that enables that capability, such as self service and secure data provisioning, etcetera. >>Again, I love this conversation because if you go back to the early days of the Duke, that was what was profound about. Do bring bring five megabytes of code, do a petabyte of data and it didn't happen. We shoved it all into a data lake and it became a data swamp. And so it's okay, you know, and that's okay. It's a one dato maybe maybe in data is is like data warehouses, data hubs data lake. So maybe this is now a four dot Oh, but we're getting there. Uh, so an open but open source one thing's for sure. It continues to gain momentum. It's where the innovation is. I wonder if you could comment on your thoughts on the role that open source software plays for large enterprises. Maybe some of the hurdles that are there, whether they're legal or licensing or or or just fears. How important is open source software today? >>I think the cloud native development, you know, following the 12 factor applications microservices based, pave the way over the last decade to make using open source technology tools and libraries mainstream, we have to tip our hats to red hat right for allowing organizations to embrace something. So core is an operating system within the enterprise. But what everyone realizes that its support, that's what has to come with that. So we can allow our data scientists to use open source libraries, packages and notebooks. But are we going to allow those to run in production? And so if the answer is no, then that if we can't get support, we're not going to allow that. So where HP es Merrill is taking the lead here is again embracing those open source capabilities, but if we deploy it, we're going to support it or we're going to work with the organization that has the committees to support it. You call HPD the same phone number you've been calling for years for tier 1 24 by seven support and we will support your kubernetes, your spark your presto your Hadoop ecosystem of components were that throat to choke and we'll provide all the way up to break fix support for some of these components and packages giving these large enterprises the confidence to move forward with open source but knowing that they have a trusted partner in which to do so >>and that's why we've seen such success with, say, for instance, managed services in the cloud or versus throwing out all the animals in the zoo and say, okay, figure it out yourself. But of course what we saw, which was kind of ironic was we, we saw people finally said, hey, we can do this in the cloud more easily. So that's where you're seeing a lot of data. A land. However, the definition of cloud or the notion of cloud is changing no longer. Is it just this remote set of services somewhere out there? In the cloud? Some data center somewhere. No, it's, it's moving on. Prem on prem is creating hybrid connections you're seeing, you know, co location facility is very proximate to the cloud. We're talking now about the edge, the near edge and the far edge deeply embedded, you know? And so that whole notion of cloud is, is changing. But I want to ask you, there's still a big push to cloud, everybody is a cloud first mantra. How do you see HP competing in this new landscape? >>I I think collaborating is probably a better word, although you could certainly argue if we're just leasing or renting hardware than it would be competition. But I think again, the workload is going to flow to where the data exists. So if the data is being generated at the edge and being pumped into the cloud, then cloud is prod, that's the production system. If the data is generated, the on system on premises systems, then that's where it's going to be executed, that's production. And so HBs approach is very much coexist, coexist model of if you need to do deaf tests in the cloud and bring it back on premises, fine or vice versa. The key here is not locking our customers and our prospective clients into any sort of proprietary stack, as we were talking about earlier, giving people the flexibility to move those workloads to where the data exists. That is going to allow us to continue to get share of wallet. Mindshare, continue to deploy those workloads and yes, there's going to be competition that comes along. Do you run this on a G C P or do you run it on a green lake on premises? Sure. We'll have those conversations. But again, if we're using open source software as the foundation for that, then actually where you run it is less relevant. >>So a lot of, there's a lot of choices out there when it comes to containers generally and kubernetes specifically, uh, you may have answered this, you get zero trust component, you've got the orchestrator, you've got the, the scale out, you know, peace. But I'm interested in hearing in your words why an enterprise would or should consider s morale instead of alternatives to kubernetes solutions? >>It's a fair question. And it comes up in almost every conversation. We already do kubernetes, so we have a kubernetes standard and that's largely true. And most of the enterprises I speak to their using one of the many on premises distributions of the cloud distributions and they're all fine. They're all fine for what they were built for. Israel was generally built for something a little different. Yes, everybody can run microservices based applications, devoPS based workloads, but where is Meryl is different is for those data intensive and clustered applications. Those sort of applications require a certain degree of network awareness, persistent storage etcetera, which requires either a significant amount of intelligence. Either you have to write in go lang or you have to write your own operators or Israel can be that easy button. We deploy those state full applications because we bring a persistent storage later that came from that bar we're really good at deploying those stable clustered applications and in fact we've open sourced that as a project cube director that came from Blue data and we're really good at securing these using spiffy inspire to ensure that there is that zero trust approach that came from side tail and we've wrapped all of that in kubernetes so now you can take the most difficult, gnarly, complex data intensive applications in your enterprise and deploy them using open source and if that means we have to coexist with an existing kubernetes distribution, that's fine. That's actually the most common scenario that I walk into is I start asking about what about these other applications you haven't done yet? The answer is usually we haven't gotten to him yet or we're thinking about it and that's when we talk about the capabilities of s role and I usually get the response, oh, a we didn't know you existed and be, well, let's talk about how exactly you do that. So again, it's more of a coexist model rather than a compete with model. Dave >>Well, that makes sense. I mean, I think again, a lot of people think, oh yeah, Kubernetes, no big deal, it's everywhere. But you're talking about a solution, I'm kind of taking a platform approach with capabilities, you've got to protect the data. A lot of times these microservices aren't some micro uh and things are happening really fast, You've got to be secure, you've got to be protected. And like you said, you've got a single phone number, you know, people say one throat to choke, Somebody said the other day said no, no single hand to shake, it's more of a partnership and I think that's a proposed for HPV met with your >>hair better. >>So you know, thinking about this whole, you know, we've gone through the pre big data days and the big data was all, you know, the hot buzz where people don't maybe necessarily use that term anymore, although the data is bigger and getting bigger, which is kind of ironic. Um where do you see this whole space going? We've talked about that sort of trends are breaking down the silos, decentralization. Maybe these hyper specialized roles that we've created maybe getting more embedded are lined with the line of business. How do you see it feels like the last, the next 10 years are going to be different than the last 10 years. How do you see it matt? >>I completely agree. I think we are entering this next era and I don't know if it's well defined, I don't know if I would go out on an edge to say exactly what the trend is going to be. But as you said earlier, data lakes really turned into data swamps. We ended up with lots of them in the enterprise and enterprises had to allow that to happen. They had to let each business unit or each group of users collect the data that they needed and I. T. Sort of had to deal with that down the road. And so I think the more progressive organizations are leading the way they are again taking those lessons from cloud and application developments, microservices and they're allowing a freedom of choice there, allowing data to move to where those applications are. And I think this decentralized approach is really going to be king. And you're gonna see traditional software packages, you're gonna see open source, you're going to see a mix of those. But what I think we'll probably be common throughout all of that is there's going to be this sense of automation, this sense that we can't just build an algorithm once released and then wish it luck that we've got to treat these these analytics and these these data systems as living things that there's life cycles that we have to support, which means we need to have devops for our data science. We need a ci cd for our data analytics. We need to provide engineering at scale like we do for software engineering. That's going to require automation and an organizational thinking process to allow that to actually occur. And so I think all of those things that sort of people process product, but it's all three of those things are going to have to come into play. But stealing those best ideas from cloud and application development, I think we're going to end up with probably something new over the next decade or so >>again, I'm loving this conversation so I'm gonna stick with it for a second. I it's hard to predict, but I'll some takeaways that I have matt from our conversation. I wonder if you could, you could comment. I think, you know, the future is more open source. You mentioned automation deV's are going to be key. I think governance as code, security designed in at the point of code creation is going to be critical. It's not no longer to be a bolt on and I don't think we're gonna throw away the data warehouse or the data hubs or the data lakes. I think they become a node. I like this idea and you know, jim octagon. But she has this idea of a global data mesh where these tools lakes, whatever their their node on the mesh, they're discoverable. They're shareable. They're they're governed uh in a way and that really I think the mistake a lot of people made early on in the big data movement, Oh we have data, we have to monetize our data as opposed to thinking about what products that I can I build that are based on data that then I can, you know, can lead to monetization. And I think and I think the other thing I would say is the business has gotten way too technical. All right. It's an alienated a lot of the business lines and I think we're seeing that change. Um and I think, you know, things like Edinburgh that simplify that are critical. So I'll give you the final thoughts based on my rent. >>I know you're ready to spot on. Dave. I think we we were in agreement about a lot of things. Governance is absolutely key. If you don't know where your data is, what it's used for and can apply policies to it, it doesn't matter what technology throw at it, you're going to end up in the same state that you're essentially in today with lots of swamps. Uh I did like that concept of of a note or a data mesh. It kind of goes back to the similar thing with a service smashed or a set of a P I is that you can use. I think we're going to have something similar with data that the trick is always how heavy is it? How easy is it to move about? And so I think there's always gonna be that latency issue. Maybe not within the data center, but across the land, latency is still going to be key, which means we need to have really good processes to be able to move data around. As you said, government determine who has access to what, when and under what conditions and then allow it to be free, allow people to bring their choice of tools, provision them how they need to while providing that audit compliance and control. And then again, as as you need to provision data across those notes for those use cases do so in a well measured and govern way. I think that's sort of where things are going. But we keep using that term governance. I think that's so key. And there's nothing better than using open source software because that provides traceability, the audit ability and this frankly openness that allows you to say, I don't like where this project is going. I want to go in a different direction and it gives those enterprises that control over these platforms that they've never had before. >>Matt. Thanks so much for the discussion. I really enjoyed it. Awesome perspectives. >>Well, thank you for having me. Dave are excellent conversation as always. Uh, thanks for having me again. >>All right. You're very welcome. And thank you for watching everybody. This is the cubes continuous coverage of HP discover 2021 of course, the virtual version next year. We're gonna be back live. My name is Dave a lot. Keep it right there. >>Yeah.

>> Host: From around the globe, it's theCUBE, with coverage of KubeCon and CloudNativeCon North America 2020 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hi everyone, I'm John Furrier with theCUBE. We are here covering KubeCon and CloudNativeCon North America 2020, November 17th to the 20th, a virtual event. Normally we're there in person, but again, 2020 has been a crazy year, we're not going to be able to be there in person, but we're here remotely. We have two great guests, the co-chairs of KubeCon and CloudNativeCon Stephen Augustus senior, open source engineer VMware KubeCon CloudNativeCon chair and Constance Caramanolis principal software here at Splunk and you guys are co-chairs of KubeCon. Big responsibility, thank you for coming on. >> Thank you. Thank you for having us. >> Thank you for having us. >> Okay so we, the number one question every year is before it gets started is, how did you make the selections for the talks, what's the hottest thing going on, what's the focus for this KubeCon? >> Well, so actually we use a Ouija board to choose the talks. (laughing) No, I'm joking it doesn't happen that way. >> Yeah, yeah, it's pretty much all out of a hat, but seriously, we spent a lot of time with talks that showed, I guess diversity and integration in the community. So, what projects are starting to pick up steam? What projects are starting to integrate more deeply with other ones? So you'll see lots of commentary around, multi cluster items within cloud native technologies, as well as, lots of content on security, which I'm excited about. >> Yeah, and also things are like, there's a little bit like, kind of to your point about like things layered on, like we're starting to get to the point where people are talking about like hey, I deployed Kubernetes and Envoy and something else. And like, these are starting to be a lot more of these kind of joint talks there that actually even make it harder for us to place. Like, does it belong in networking? Does it belong in application development? Like there've been some really good challenges trying to figure out where things are slotted and what's right- >> You know one of the things I love about KubeCon besides being fun to go to while it's face to face is even with the virtual, it's still a great community. The talks are awesome, people are submitting talks. But you got the sixth year, I think it's a six year or fifth year. We've been there for all years. I think this is the sixth year for us, the maturation, the growth and of Kubernetes now it's pretty clear. This glue layer, is gluing things together the API is extending to service and more services. Can you guys comment on what you guys are seeing in terms of some of the practical projects and how they're playing out for developers? Because you're starting to see you know, more clusters you've got cloud you've got multi-cloud around the horizon. So you've got more of these conversations where you have more capabilities but the focus on the modern application building is the number one business focus. So, you know, the developers are trying to build out under the covers and say, how do I scale this? So, this seems to be the kind of a growth year and inflection point for that next level. It seems like next level. Steven, what's your thoughts and reactions to that? >> Yeah absolutely. So, as a former, I've been out a few cloud native companies at this point so more or less from Red Hat before heading over to VMware. And as a former field engineer and solutions architects at some of these places, we spent a lot of time thinking through what is the days, zero day one story, right? And it's very clear that as a community, we've gotten to the point where like that is officially the boring stuff, right? Seeing a lot of the features within projects like (indistinct) and Cluster API come to maturation. We start to focus a lot more on that developer story, right? And ultimately that's what we care about, right? Businesses are not necessarily looking for a new tool to play around with, right? There are business goals that are tied to the new technologies, right? So the velocity in which you deploy your applications, the feedback loop in terms of understanding, you know, what ties into your application, where things are going wrong and, you know, Constance can definitely speak to the, the observability layer for all of these cloud native applications that are out there. >> Constance, observability I hear is really hot right now, what's your take on it, I mean is observability everywhere? New startup comes out and you work at Splunk, they're the King King of observability, they started out with very small observation space now it's a full platform. You have to look at the observation space to get the data that's the internet. >> You do. >> That's semi application. What's hot in observability? Take us through your thoughts. >> I think what's also starting to like, so you're still like, there's some, I can think of like one talk right now, it's a little bit talking about like, you know, observability at scale in a sense of just like now we have these massive applications and saying we globally and to observe and monitor observe right now, I'm not going to use a tourism changeable. I know that's a total different debate the available topic, but for now, just keep it at that. But it's also now, I think one thing as observability space and maturing is we're not talking only about like, hey, I instrument my like application with metrics, logs, traces, or some other thing there. It's now being a little bit more critical about how, if I'm using all three of these are all different telemetries, like how to be smart about it. Like, okay, I'll need to use traces for some things and let me use logs for something else. And like kind of getting to reach a part of like, now that we have that data let's actually think about better ways to use that data. So we don't, you know, collect everything cause you can't collect everything as much as we want to. >> Well, I mean this is something that I want to get your both thoughts on because one of the conversations we're hearing from developers and we hear it from them on the business size everything is a service, that's like the ivory tower you know, the CXOs, everything is as a service and then it down into the developers in the engineering community and they're like, well, it's not that easy 'cause you got tools for every platform, right? And that's a problem because these siloed tools are tools that were built for a certain products. And then you've got the systems thinking you guys talk about this integration is a key area. So making everything is as a service, just isn't that easy, right? So the goal is to make it easy, right? So this is the systems conversation. How do you guys look at that from a KubeCon, CloudNativeCon because cloud native does enable a lot of, good things. It's horizontally scalable cloud from a resource standpoint, you've got programmability. You can look at it as a system but people are stuck with these tools for the platform. I mean, you have tools for this, tools for that and five different tools, how do you make observability work? How do you make security work? These are tough questions. What's your reaction to that? >> I think that a lot of it comes down to, from a building perspective and, you know, taking the builder perspective and then also taking the consumer perspective. For builders, and I actually spent some time with, at some developer heads in New York, we sat down for a dinner and kind of talked, talked through some of the problems in the space. And I think what it really comes down to is when we build tools we need to think about who we're building the tools for, right? There are multiple personas that you might look at in the cloud native space. And, you know, one might be the persona of that systems integrator, of the classic Opsy, DevOps SRE role, right? Then you've got someone who may be building tools on top of one of those Ops platforms, right? And then you've got the consumers that may be in your company maybe they're external, right? That's for their experience, they're really only interested in how do I ship my app, right? So whether we're talking about building out Kubernetes or whether we're talking about a server less platform, right? So sort of Alyssa and the cloud, right? You often hear the, it runs on, it's running on someone else's machine, right? You know, it's not really, so I think in that space you have to consider a developer experience, right? So I think one of the overarching themes that you'll see throughout this KubeCon is, how do we talk about the developer experience? Who are we building these tools for? How can we actually get outcomes that end users are looking for? Right, cause it's not, again, it's not about the tools it's about the outcomes for the respective businesses. >> Constance what's your reaction to this trend of tools. >> I think. >> Edge computing, 'cause you you don't want to have to build security for everything, single thing. I've got an edge device, I want to have that'd be software operated, right? It makes total sense. But making that happen is hard. >> Yeah, I think this is something that as a community like we're really, I guess like kind of how I use example like end user docs versus restaurants documentation. I think that we've been, done a really good job at creating these really powerful tools but like in terms of, we still need to simplify them for anyone who doesn't want to learn, like say Kubernetes or Envoy or open telemetry, like the back of their hand. And I think that's where we're starting to finally start to close that gap. And as I think also why KubeCon is getting a lot more popular is like now things are a little bit more accessible to those who don't have, you know, either don't have the bandwidth or it just it isn't in their interest to learn all these things in details. And so we're slowly going from those who want to be deep, deep experts into, yeah I kind of want to play around with it and make it more manageable. And, I do think we still have quite a bit of ways to go. Like I think, you know, what's been helpful like at least like our end user stories that we get and like the application development track, especially that one, like the case studies that there's no longer track but it is highlighted as like these talks and case studies. I think that shows it's kind of giving people more like, hey, these are stories of how I can take these tools and start making them more digestible in my own way. 'Cause going from like, oh, this feature does XYZ to, this is a whole story that you can do around it. It's been a little very gap, we're closing. >> Yeah, and I think one of the things about you kind of being shy there, I'll say, KubeCon, CloudNativeCon, CNCF in general has been very successful because of the end user focus I will say that. But also the ecosystem of the vendors that are there. So you have kind of the best of both worlds and they'll want to get better, right? So, but they al have to make money at the same time. So you have this balance, is open source, is what it is, it's out in the open. Can you guys comment on how the community is thriving and surviving? We're in a tough time with the pandemic. It's been a big challenge honestly, we're not in person we're remote. How is everything going with the community? Because it's such a great end user vendor community working together out in the open shipping code, trying to make things better. What's the state of the community? >> Yeah, so I would say that honestly, what it comes down to is that word community, we're all friends, right? There are people who, you know, as the, as we moved towards is kind of like cloud native consolidation of companies. A lot of us have worked together before, right? A lot of us are active in multiple communities and what comes out of that is really open and honest collaboration as a result. You know, even today there's a Twitter thread going, you know, I started talking about the Kubernetes release cadence, right? And if, and how it should change. Given 2020, we had an extended release cycle for 119, right? And questions became, what do we do? Like, do we continue with three releases a year? Do we try for, to do the switch back to four? Like, what does that look like? Right. And reaching out across the Kubernetes community across the CNCFC, the contributor strategy saying in CNCF and getting feedback from all of these people who depend on the products that we build day to day is huge. So I think what it comes down to really is, is open and honest collaboration. I think, you know, when you were strained I know that everyone has a lot going on in life right now. What's great about it is being forthcoming with that, right? We have all of these teams that are, that are built to support the people that are around them. So, if anything, I, you know, I'd love to see all of the collaboration and feedback coming from everyone who works on these projects day to day. >> Yeah. >> Constance what's your reaction? I mean when, I've talked of some developer friends of mine, they're like, hey, this is great, I can work virtually, I've been doing it for years anyway. So no big deal. It's not like the people who have to go to the office every day. So they're used to virtual format. The other comment was, I get more time to do some gaming too. Trying to make light out of the bad situation, but you know, it is serious. What's your reaction to the survival and the thriving continue thriving of the community? >> Yeah, I also want to eventually go back to cause you're making a comment about vendors and now this is my first time as vendor. I have interesting, I like, it's a really interesting perspective to come from, but let's talk about the community. I think like, you know, it's like one of the things that like I think actually has been one of the highlights of this year for me, for 2020, it like to be co-chair but it's also just to like be able to work with Stephen and Nancy and the rest of the CNCF community. And also like any attendees, like has actually even though this is a big year of change and it's, you know, it was a change that no one was planning. It has definitely been like really nice to just get like Kube, I guess would say as an example, the story like for KubeCon you, like I was surprised at how many people were engaged in the Slack channel and asking questions and like Priyanka has set up these happy hours and people are just joining and we're starting to talk and so it wasn't quite hallway track but we still had that connection. And there was definitely, there are people who are attending from all parts of the world. And I thought that was really nice. Like, we think CNCF has made it, like they have made the statement before that there will always be a virtual component to it to address the fact that, you know, our community we're so used to being in person, but that does, you know it does reduce accessibility to those who can't travel or for whatever reason they can't be there in person. So now it is becoming more open. And, I know, I mean kind of turning back a little bit a little bit derail, I'm a little bit derailing but to your point about like also like the vendors. And so this is my first time being a part of a vendor. And I think what's really interesting is like, there's this natural like, you know, tension between like, oh, some were like, oh, I don't want to do it from the vendors, or like, I only want things from end users. But I think the thing that I've kind of forget is that both of them are like active, you know, they're active in the community, both in either contributing or enabling others to be successful using CNCF projects. And so we all have, you know, valid points and perspectives on it really. You can maybe sometimes argue that sometimes being a vendor is almost a bonus because you get to talk to maybe more people who are trying to adopt the technology and you get to see trends. And then after as an end user, you could say like, hey, I have this really unique problem here and this is how I try to solve it and share that story with other people, so. >> Yeah, I mean, I think you're right. I mean, there's checks and balance I've observed over my years in open source you've seen certain things thrive certain ways. And I think that balance and, but having the mission and kind of a rules of engagement if always seen well, good, worked well for CNCF they embraced the vendors really well, but they're, I mean I will say paranoid cause that's my word. But like they're paranoid of the vendors I would be too, like, you know, only to get their fingers in the pie, but they're also contributing. So there's always been that checks and balance and that's, what's been magical I think about it is that they fostered the community, they fostered the engagement and they fostered that balance. And I think that's where the give and get comes in. And I think that's a healthy community and I just love to see and love to be involved with. So, it's super, super good approach. Now, putting back the vendor hat on, if I'm a vendor, I want a competitive advantage. So yeah, this brings us to the next gen conversation open source goes and going next gen, you're seeing a big focus on AI, you're seeing a big focus on, you know, edge computing which is going to be software operated, software defined, which cloud native will lead. I got to get your perspective on something. Steven said at the top was security. Every conversation for the past five months with Dave has been shift left. So, okay. Where are we going left? We're shifting left. This is about security. How do you build security in? This has been a big conversation. It's not easy problem. I know it's a top focus. I want to get your reactions Steve and we'll start with you then Constance I would like you to weigh in too. >> Yeah sure, so, security, security is already strict, right? And I think that people start to put the focus on security when it's a little too late, right? The move is always preventative as opposed to reactive, right? And security is an onion, right? So it's not enough to just think about security on one axis, right? It's, you know, how is this affecting, you know, how is this affecting my application, the systems that I build, the physical, you know, the physical restraints of the, you know, of the area, right? Infrastructure, the cloud providers that I'm running on, right? Are they a certain level of compliant, right? Especially when that comes up for federal customers, right? On the application side, right? You know, if you think of, you know, if you think of all the, the different ways that you can break an application that hurts security now with the cloud native space container security, right? Am I building a safe Docker files or build packs or what have you, however you package your application. And ultimately you have to, you know and then there's also the supply chain, right? Am I getting, how am I moving that stuff from some physical infrastructure or some cloud infrastructure into the hands of the developers, into the hands of the customers? How do I react to changes once those applications have actually been deployed? Right? So like all of these things to consider and when you look at that space, these are multiple teams, right? These are dozens and dozens of teams across, you know, multiple companies, right? You may not have, you may not have full control of your security story, right? So I think that, what, you know what you need to do is start the conversation internally about how we can build security at multiple layers, right? So some of the things that are kind of interesting to see pop up during this KubeCon and some of, you know, and some of the last ones, the continued work that's happening on OPA and Gatekeeper spiffy and Spire, right? And, you know, all of these, all these frameworks for authentication and authorization that are kind of cropping up, right? I think, you know, Spiffy and Spire really interesting story because, you know, the first thing that you think is I have these cloud native applications that I'm building and I also have these legacy applications, right? How can I build a bridge between the two? Right? And then you've also got things like, you know, service mesh, right? And you start to talk about service mesh and, you know, the security within applications that live inside a cluster or across cluster, right? And how you negotiate that. So tons of things to think about, and, you know, it's honestly going to it's honestly going to depend on where you are in your journey but I think that, you know, good security is only built by having the conversation and having the conversation across all teams and doing it before you get into trouble. >> Do it before you get in trouble have it baked in from the beginning, brush your teeth make sure you're all healthy. Constance your reaction, (laughing) your reaction. >> So I will say like, I am unfortunately one of those people that like security, well security is just not something that I guess going to say I find super exciting. And it mostly just because I, I really love observability and like service mesh and so I usually defer to the experts on that, but I do want to like, I guess plus when some of what Steven said, obviously using git hub, you know, terminology for plus and what you know, enhancing things like definitely started early and it, but I think, you know, start early, start a conversation. But I think we also need just be cognizant of like for any of the technologies, like if it's security say networking whatever, all of these things are behavior changes and just bucket more time than you think you're going to need. There's going to be so many roadblocks and especially when it comes like, especially when it comes to behavior changes. Like, if you're and behavior, but not like necessarily like a personal, but like, you know, technology behavior like you're used to sending things without MTLS, right? Or, you know, with our backs, things are going to fail and, you know, there's going to be that initial friction and so definitely trying to make this smooth as possible. >> Yeah, I mean, I think that's the focus I like to see more of which is having it be built in. So if you're really not into it, but you don't want to screw it up either so you want to be on top of it without doing it, right? That's the end game, right? That's what DevOps is about. So if you don't have programming infrastructure write code. So all these things, this is the trend this is the trend that we're seeing in cloud native. Can you guys share your thoughts this year on, on the most important stories that you think people should think about or lean into or at least look at for KubeCon? What are some of the things that attendees or people watching remotely or participating virtually or in the Slack channels, what should they pay attention to? >> So starting with, I think even with the last KubeCon and some of the products that have recently come out from certain vendors, we're starting to look a lot more at the, what is that conversion story for someone who is a classic CIS admin, right? Who may be learning all about cloud native technology for the first time, or how do we, you know, how do we welcome a new KubeCon attendee to the community? So I think one of the best things that we did was instantiate that's a one-on-one track, right? So with the one-on-one track, I think we got a bunch of great feedback. So we work to make sure that they were actually, we eliminated I believe we fully eliminated the lightning talks and work to include more one-on-one content as well as tutorials within this program. >> Constance, your reaction, Constance your reaction to thoughts on the most important story to pay attention to? >> I think it's more, right, cause, okay, I know this is like a common line that we say at KubeCon and like, you know, depends what group your on. But since so many more of our talks we're now talking about intersections between like, you know, using X and Y try to build Z, Zed. Oh my goodness I'm trying, I'm losing my Zeds. I think trying to like, you know looking for those talks that at least somewhat resonated like, hey, I've already talked to communities, let me see how I add Envoy. Like, trying to find those there because there's a lot more of that content now, right? Cause maybe you know, about like to even last KubeCon or like last KubeCon North America, a lot of the things were more focused on like one project, maybe a hint or you're just going to see more of these combinations. And so there are a lot more, there's a lot more of that content available for you to find. I'm doing two, three, maybe four, It's a lot of projects at once, adoptions and seeing how that works too. Oh yeah, one-on-one track has definitely been definitely like a great hit. I'm going to say, right? The first time it was launched and we got so many CFPs for one-on-one it was just amazing to see all these ways that people wanted to make KubeCon more accessible to everyone else who hasn't been a part of, you know. >> It's every year, it's every year the onboarding of new members of the community would be impressive. And having that tracker laddering or different ways to work as a community to help people along has been another thing I noticed you guys do really well on. There's a real camaraderie amongst the community. So a hat tip for you guys on that. Final question for you guys is more about the format. Obviously it's virtual this year the game is still the same. There's talks, there's people, there's hallways, but they're virtual, I guess you're virtually walking through Slack and discord or Twitter, whatever. What's the learnings from last event, as we're going into virtual, how does an attendee maximize their time, their engagement there's times to lean in and be present, attending a talk, you mentioned Slack Constance. What's some of the learnings that you guys have learned from virtual? And what can people think about and prepare for, for KubeCon virtual this year? >> Yeah, I think one way you start it. So, there's actually a resource, this came from our debrief for me, it was like there's a resource like, hey, let me help get the day off. And like, we even provided template to like provide to your, you know, direct to your managers. Say like can I please get this day off so I could focus on it? And I think that's one thing that and I think we'd all probably seen on Twitter and blogs is that even though it is virtual it is still a brain drain, well it's still, you know, you have to engage with a topic so set aside time. I would probably even say attend fewer talks, than you would normally do in person there is zoom fatigue, I guess it's been from on screen fatigue. So just give yourself a lot more space to consume the information and just debrief and also join the activities, right? Like ask questions in Slack. There's a lot of the virtual events like there's bingo there's even an escape room, which sounds like a lot of fun, all these different activities too that you can do with everyone. So like definitely enjoy that part, right? 'Cause you still get a little bit off until you just say like hey, you mentioned this project, let's chat offline. And then, you know, a few weeks later you may be on a four hour long Zoom meeting talking about some project. And so, yeah >> Yeah, I noticed the hang space kind of mindset of virtual was pretty cool. Be mindful to introduce yourself and either do a sidebar or jump on some back channel. I mean, there's plenty of tools, developers know what they are, so pretty good point I want to call that out. Good, good point Constance. Steven, your thoughts on learnings from the virtual format and then things this year people should pay attention to and jump in and use the site for. >> Yeah, so I would say if anything the previous attendees gave lots of thoughtful feedback about how to improve the overall program. One of my favorite parts of any conference and it's the part that I prioritize more than anything else in the conference even the talks, right? Is the hallway track, right? It's one of the few times, you know, especially with KubeCon and the various contributors across the cloud native space that's the, you know, the one time every quarter or so that I get an opportunity to see these people face to face, right? So, you know, we wanted to do our best to bring in experience that felt, you know, it's not the, you know, it's not the same as the physical hug, right? Or the, you know, or going out for, you know, going out for dinner after a long day. But we tried and we laughed through lots of crazy ideas that the event team, to see what they would come up with for me as a New York resident and having a conference that is any virtual but would have been in Boston, I thought it was important thinking about screen fatigue, as well as just the physicality of where people would have been at the time, is the start time of the conference, right? So as Constance was mentioning screen fatigue it's, I think with all of the virtual conferences going on, it's very hard to have that time during the day, right? So this KubeCon for folks on the East coast it starts basically at your lunchtime. So the idea is, hopefully you get some, you get some of your meetings in for the day, grab a bite to eat and then you sit down for lunch and you, and you dig into some KubeCon, so. >> Yeah, and you can have any lunch you want and then later of you will be able to eat lunch from the conference. That's awesome. The other thing I love about the, what you guys said is the hallway tracks. And I think one of the things I've noticed going to a lot of virtual events and doing them is, Constance you're right, it's mentally draining to lean into a talk because you're present, even though you're virtual. So taking time to get involved in the fun activities or just, you know, wandering Slack or doing a sidebar with the hallways is kind of a have some time off like the time to regroup and not be so, you know, leaned into a session, I find that to help on the fatigue side for sure. The other one is viewing parties. We popped into some, you know, Zooms together and we watched each other watch the session, right? So viewing parties has been one trick I've seen work well, other ones I've seen people toast beer at a certain time. The Germans obviously do at first, cause they're on the time zone, but you start to see these playful things. You know, people can share their kind of position where they are. So it's fun. We'll look forward to seeing that. Okay, final comments, Steven, Constance. What's the bumper sticker this year for KubeCon? >> Ooh, have we decided yet Constance? (laughing) >> Velvet jackets are required for entry. (laughing) I'll make word sense after you see a special message from us. (laughing) >> It's a lot of fashion on stage, on stage, right? >> All right we stumped the co-chairs. (laughing) We stumped the, well, I want to say thank you very much for coming on and sharing little color commentary on KubeCon around the program, some of the things when the virtual event too some of the talks, really appreciate it and we really appreciate what you do, the community does. It's been a hard year. We're not going to be there in person. We'll continue to ride the wave in to back to the normal. So thanks for doing what you doing and thank you for coming on. >> Thank you so much for having us. >> Yeah, thank you. >> Okay. This is theCUBE, virtual coverage of KubeCon CloudNativeCon virtual November 17th to the 20th. I'm John Furrier, your host for theCUBE. Thanks for watching. (upbeat music)

>>from around the globe. It's the Cube covering HP. Discover Virtual experience Brought to you by HP. >>Welcome back to the Cube's coverage of HP Discover. 2020. The virtual experience. The Cube. The Cube has been virtualized. My name is Dave Vellante. I'm here with Stuart Minuteman and our good friend Tim Crawford is here. He's a strategic advisor to see Io's with boa. Tim, Great to see you. Stuart. Thanks for coming on. >>Great to see you as well, Dave. >>Yes. So let's unpack. What's going on in that Discover Antonio's, He notes, Maybe talk a little bit about the prospects for HP of coming forward in this decade. You know, last decade was not a great one for HP, HP. I mean, there was a lot of turmoil. There was a botched acquisitions. There was breaking up the company and spin merges and a lot of distractions. And so now that companies really and you hear this from Antonio kind of positioning for innovation for the next decade. So So I think this is probably a lot of excitement inside the company, but I want to touch on a couple of points and then you get your guys reaction, I guess, you know, to start off. Obviously, Antonio's talking about Cove in the role that they played in that whole, you know, pandemic and the transition toe the the isolation economy. But so let me start with you, Tim. I mean, what is the sort of posture amongst cios that you talk to? How strategic is HB H B two? The folks that you talk to in your community? >>Well, I think if you look at how CIOs are thinking, especially as we head into covert it into Corona virus and kind of mapping through that, that price, um, it really came down to Can they get their hands on technology? Can they get people back to work working from home? Can they do it in a secure fashion? Um, keeping people productive. I mean, there was a lot of block and tackling, and even to this day, there's still a fair amount of that was taking place. Um, we really haven't seen the fallout from the cybersecurity impact of expanding our foot print. Um, quite. But we'll see that, probably in the coming months. There are some initial inklings there when it comes to HP specifically I think it comes back to just making sure that they had the product on hand, that they understood that customers are going through dramatic change. And so all bets are off. You have to kind of step back and say, Okay, those plans that I had 60 9100 and 20 days ago those strategies that I may have already started down the path with those are up for grabs. I need to step back from those and figure out What do I do now? And I think each company, HP included, needs to think about how do they start to meld themselves, to be able to address those changing customer needs? And I think that's that's where this really kind of becomes the rubber hits the road is is HP capable of doing that? And are they making the right changes? And quite frankly, that starts with empathy. And I think we've heard pretty clearly from Antonio that he is sympathetic to the plight of their customers and the world >>on the whole. >>Yeah, and I think culturally 10 minutes do I mean I think you know HP is kind of getting back to some of its roots, and Tony has been there for a long time. I think people I think is very well liked. Andi, I think, ease of use, and I'm sure he's tough. But he's also a very fair individual, and he's got a vision and he's focused. And so, you know, I think again, as they said, looking forward to this decade, I think could be one that is, you know, one of innovation. Although, you know, look, you look at the stock price, you know, it's kind of piqued in November 19. It's obviously down like many stocks, so there's a lot of work to do there, and it's too. We're certainly hearing from HP. This notion of everything is a service that we've talked about green like a lot. What's your sense of their prospects going forward in this, you know, New Era? >>Yeah, I mean, Dave, one of the biggest attacks we've heard about H E in the last couple of years, you know the line Michael Dell would use is you're not going to grow by, say, abstraction. But as a platform company, HP is much more open. From what I've seen in the HP that I remember from, you know, 5 to 10 years ago. So you look at their partner ecosystem. It's robust. So, you know, years ago, it seemed to be if it didn't come out of HP Labs, it wasn't a product, you know. That was the services arm all wanted to sell HP here. Now, in this software defined world working in a cloud environment, they're much more open to finding that innovation and enabling it. So, you know, we talk about Green Lake Day. Three lakes got about 1000 customers right now, and a big piece of that is a partner. Port Police, whether it's VM Ware Amazon Annex, were H B's full stack themselves. They have optionality in there, and that's what we hear from from users is that they want flexibility they don't want. You know, you look at the cloud providers, it's not, you know, here's a solution. You look at Amazon. There's dozens of databases that you can use from Amazon or, if you use on top of Amazon, so H p e. You know, not a public cloud provider, but looking more like that cloud experience. They've done so many acquisitions over the years. Many of them were troubled. They got rid of some of the pieces that they might have over paid for. But you look at something like CTP them in this multi cloud world in the networking space, they've got a really cool, open source company, the company behind spiffy, inspire. And, you know, companies that are looking at containers and kubernetes, you know, really respond to say, Hey, these are projects that were interesting Oh, who's the company that that's driving that it's HP so more open, more of a partner ecosystem definitely feels that there's a lot there that I respect and like that hp >>well, I mean, the intent of splitting the company was so that HP could be more focused but focused on innovation was the intent was to be the growth company. It hasn't fully played out yet. But Tim, when you think about the conversations that CIOs are having with with HPI today versus what they were having with hpe HP, the the conglomerate of that the Comprising e ds and PCs, I guess I don't know, in a way, more more Dell like so Certainly Michael Dell's having strategic conversations, CIOs. But you got to believe that the the conversations are more focused today. Is that a good thing or a jury's still out? >>No, it absolutely is a good thing. And I think one of the things that you have to look at is we're getting back to brass tax. We're getting back to that focus around business objectives. So no longer is that hey, who has the coolest tech? And how can we implement that tax? Kind of looking from a tech business? Ah, spectrum, you're now focused squarely is a C i. O. You have to be squarely focused on what are the business objectives that you are teamed up for, and if you're not, you're on a very short leash and that doesn't end well. And I think the great thing about the split of HP HP e split and I think you almost have to kind of step back for a second. Let's talk about leadership because leadership plays a very significant role, especially for CIOs that are thinking about long term decisions and strategic partners. I don't think that HP necessarily had the right leadership in place to carry them into that strategic world. I think Antonio really makes a change there. I mean, they made some really poor decisions. Post split. Um, that really didn't bode well for HP. Um, and frankly, I talked a bit about that I know wasn't really popular within HP, but quite frankly, they needed to hear it. And I think that actually has been heard. And I think they are listening to their customers. And one of the big changes is they're getting back into the software business. And when you talk about strategic initiatives, you have to get beyond just the hardware and start moving up the proverbial stack, getting closer to those business initiatives. And that is software. >>Yeah, well, Antonio talked about sort of the insights. I mean, something I've said a lot about borrowed from the very Meeker conversations that that data is plentiful. Something I've always said. Insights aren't. And so you're right. You've seen a couple of acquisitions, you know, Matt bahr They picked up, I think pretty inexpensively. Kind of interesting cause, remember, HP hp had an investment in Horton works, which, of course, is now Cloudera and Blue Data. Ah Kumar Conte's company, you know, kind of focusing on maybe automating data, you know, they talked about Ed centric, cloud enabled, data driven. Nobody's gonna argue with those things. But you're right, Tim. I mean, you're talking more software than kind of jettisons the software business and now sort of have to rebuild it. And then, of course, do this cloud. What do you make of HP ease Cloud play? >>Yeah, well, I >>mean, >>Dave, you the pieces. You were just talking about math bar and blue data, where HP connects it together is, you know, ai ops. So you know, where are we going with infrastructure? There needs to be a lot more automation. We heard a great quote. I love from automation anywhere. Dave was, if you talk about digital transformation without automation, it's hallucination. So, you know, HP baking that into what they're doing. So, you know, I fully agree with Tim software software software, you know, is where the innovation is. So it can't just be the infrastructure. How do you have eyes and books into the applications? How are you helping customers build those new pieces? And what's the other software that you build around that? So, you know, absolutely. It's an interesting piece. And you know, HP has got a lot of interesting pieces. You know, you talk about the edge. Aruba is a great asset for that kind of environment and from a partnership, that is a damn point. Dave. They have. John Chambers was in the keynote. John, of course. Long time partners. He's with Cisco for many years Intel. Cisco started eating with HP on the server business, but now he's also the chairman of pensando. HP is an investor in pensando general availability this month of that solution, and that's going to really help build out that next generation edge. So, you know, a chip set that HP E can offer similar to what we see how Amazon builds outpost s. So that is a solution both for the enterprise and beyond. Is as a B >>yeah course. Do. Of course, it's kind of, but about three com toe. Add more fuel to that tension. Go ahead, Tim. >>Well, I was going to pick apart some of those pieces because you know, at edge is not an edge is not an edge. And I think it's important to highlight some of the advantages that HP is bringing to the table where Pensando comes in, where Aruba comes in and also we're really comes in. I think there are a number of these components that I want to make sure that we don't necessarily gloss over that are really key for HP in terms of the future. And that is when you step back and you look at how customers are gonna have to consume services, how they're going to have to engage with both the edge and the cloud and everything in between. HP has a great portfolio of hardware. What they haven't necessarily had was the glue, that connective tissue to bring all of that together. And I think that's where things like Green Lake and Green Lake Central really gonna play a role. And even their, um, newer cloud services are going to play a role. And unlike outposts and unlike some of the other private cloud services that are on the market today, they're looking to extend a cloud like experience all the way to the edge and that continuity creating that simplicity is going to be key for enterprises. And I think that's something that shouldn't be understated. It's gonna be really important because when I look at in the conversations I'm having when we're looking at edge to cloud and everything in between. Oh my gosh, that's really complicated. And you have to figure out how to simplify that. And the only way you're going to do that is if you take it up a layer and start thinking about management tools. You start thinking about autumn, and as companies start to take data from the edge, they start analyzing it at the edge and intermediate points on the way to cloud. It's going to be even more important to bring continuity across this entire spectrum. And so that's one of the things that I'm really excited about that I'm hearing from Antonio's keynote and others. Ah, here at HP Discover. >>Yeah, >>well, let's let's stay on that stupid. Let's stay on that for a second. >>Yeah, I wanted to see oh interested him because, you know, it's funny. You think back. You know, HP at one point in time was a leader in, you know, management solutions. You know, HP one view, you know, in the early days, it was really well respected. I think what I'm hearing from you, I think about outpost is Amazon hasn't really put management for the edge. All they're doing is extending the cloud piece and putting a piece out of the edge. It feels like we need a management solution that built from the ground up for this kind of solution. And do I hear you right? You believe that to be as some of those pieces today? >>Well, let's compare and contrast briefly on that. I think Amazon and the way Amazon is well, is Google and Microsoft, for that matter. The way that they are encompassing the edge into their portfolio is interesting, but it's an extension of their core business, their core public cloud services business. Most of the enterprise footprint is not in public cloud. It's at the other end of that spectrum, and so being able to take not just what's happening at the edge. But what about in your corporate data center in your corporate data center? You still have to manage that, and that doesn't fall under the purview of Cloud. And so that's why I'm looking at HP is a way to create that connective tissue between what companies are doing within the corporate data center today, what they're doing at the edge as well as what they're doing, maybe in private cloud and an extension public cloud. But let's also remember something else. Most of these enterprises, they're also in a multi cloud environment, so they're touching into different public cloud providers for different services. And so now you talk about how do I manage this across the spectrum of edge to cloud. But then, across different public cloud providers, things get really complicated really fast. And I think the hints of what I'm seeing in software and the new software branding give me a moment of pause to say, Wait a second. Is HP really gonna head down that path? And if so, that's great because it is of high demand in the enterprise. >>Well, let's talk about that some more because I think this really is the big opportunity and we're potentially innovation is. So my question is how much of Green Lake and Green Lake services are really designed for sort of on Prem to make that edge to on Prem? No, I want to ask about Cloud, how much of that is actually delivering Cloud Native Services on AWS on Google on Azure and Ali Cloud etcetera versus kind of creating a cloud like experience for on Prem in it and eventually the edge. I'm not clear on that. You guys have insight on how much effort is going into that cloud. Native components in the public cloud. >>Well, I would say that the first thing is you have to go back to the applications to truly get that cloud native experience. I think HP is putting the components together to a prize. This to be able to capitalize on that cloud like experience with cloud native APS. But the vast majority of enterprise app they're not cloud native. And so I think the way that I'm interpreting Green Lake and I think there are a lot of questions Greenland and how it's consumed by enterprises there. There was some initial questions around the branding when it first came out. Um, and so you know it's not perfect. I think HP definitely have some work to do to clarify what it is and what it isn't in a way that enterprises can understand. But from what I'm seeing, it looks to be creating and a cloud like experience for enterprises from edge to cloud, but also providing the components so that if you do have applications that are shovel ready for cloud or our cloud native, you can embrace Public Cloud as well as private cloud and pull them under the Green Lake >>Rela. Yeah, ostensibly stew kubernetes is part of the answer to that, although you know, as we've talked about, Kubernetes is necessary containers and necessary but not sufficient for that experience. And I guess the point I'm getting to is, you know we do. We've talked about this with Red Hat, certainly with VM Ware and others the opportunity to have that experience across clouds at the Edge on Prim. That's expensive from an R and D standpoint. And so I want to kind of bring that into the discussion. HP last year spent about 1.8 billion in R and D Sounds like a lot of money. It's about 6% of its of it's revenues, but it's it's spread thin now. It does are indeed through investments, for instance, like Pensando or other acquisitions. But in terms of organic R and D, you know, it's it's it's not at the top of the heap. I mean, obviously guys like Amazon and Google have surpassed them. I've written about this with regard to IBM because they, like HP, spend a lot on dividends on share buybacks, which they have to do to prop up the stock price and placate Wall Street. But it But it detracts from their ability to fund R and d student your take on that sort of innovation roadmap for the next decade. >>Yeah, I mean, one of the things we look at it in the last year or so there's been what we were talking about earlier, that management across these environments and kubernetes is a piece of it. So, you know, Google laid down and those you've got Microsoft with Azure, our VM ware with EMS. Ooh! And to Tim's point, you know, it feels like Green Lake fits kind of in that category, but there's there's pieces that fall outside of it. So, you know, when I first thought of Green Lake, it was Oh, well, I've got a private cloud stack like an azure stack is one of the solutions that they have there. How does that tie into that full solution? So extending that out, moving that brand I do here, you know good things from the field, the partners and customers. Green Lake is well respected, and it feels like that is, that is a big growth. So it's HB 50 from being more thought of, as you know, a box seller to more of that solution in subscription model. Green Lake is a vehicle for that. And as you pointed out, you know, rightfully so. Software so important. And I feel when that thing I'd say HPI ee feels toe have more embracing of software than, say, they're closest competitors. Which is Dell, which, you know, Dell Statement is always to be the leading infrastructure writer, and the arm of VM Ware is their software. So, you know, just Dell alone without VM ware, HP has to be that full solution of what Dell and VM ware together. >>Yeah, and VM Ware Is that the crown jewel? And of course, HP doesn't have a VM ware, but it does have over 8000 software engineers. Now I want to ask you about open source. I mean, I would hope that they're allocating a large portion of those software engineers. The open source development developing tooling at the edge, developing tooling from multi cloud certainly building hooks in from their hardware. But is HP Tim doing enough in open source? >>Well, I don't want to get on the open source bandwagon, and I don't necessarily want to jump off it. I think the important thing here is that there are places where open source makes sense in places where it doesn't, um, and you have to look at each particular scenario and really kind of ask yourself, does it make sense to address it here? I mean, it's a way to to engage your developers and engage your customers in a different mode. What I see from HP E is more of a focus around trying to determine where can we provide the greatest value for our customers, which, frankly, is where their focus should be, whether that shows up in open source for software, whether that shows up in commercial products. Um, we'll see how that plays out. But I think the one thing that I give HP e props on one of several things I would say is that they are kind of getting back to their roots and saying, Look, we're an infrastructure company, that is what we do really well We're not trying to be everything to everyone. And so let's try and figure out what are customers asking for? How do we step through that? I think this is actually one of the challenges that Antonio's predecessors had was that they tried to do jump into all the different areas, you know, cloud software. And they were really X over, extending themselves in ways that they probably should. But they were doing it in ways that really didn't speak to their four, and they weren't connecting those dots. They weren't connecting that that connective tissue they needed to dio. So I do think that, you know, whether it's open source or commercial software, we'll see how that plays out. Um, but I'm glad to see that they are stepping back and saying Okay, let's be mindful about how we ease into this >>well, so the reason I bring up open source is because I think it's the mainspring of innovation in the industry on that, but of course it's very tough to make money, but we've talked a lot about H B's strength since breath is, we haven't talked much about servers, but they're strong in servers. That's fine We don't need to spend time there. It's culture. It seems to be getting back to some of its roots. We've touched on some of its its weaknesses and maybe gaps. But I want to talk about the opportunities, and there's a huge opportunity to the edge. David Flores quantified. He says that Tam is four. Trillion is enormous, but here's my question is the edge Right now we're seeing from companies like HP and Dell. Is there largely taking Intel based servers, kind of making a new form factor and putting them out on the edge? Is that the right approach? Will there be an emergence of alternative processors? Whether it's our maybe, maybe there's some NVIDIA in there and just a whole new architecture for the edge to authority. Throw it out to you first, get Tim Scott thoughts. >>Yeah, So what? One thing, Dave, You know, HP does have a long history of partnering with a lot of those solutions. So you see NVIDIA up on stage when you think about Moonshot and the machine and some of the other platforms that they felt they've looked at alternative options. So, you know, I know from Wicky Bon standpoint, you know, David Foyer wrote the piece. That arm is a huge opportunity at the edge there. And you would think that HP would be one of the companies that would be fast to embrace that >>Well, that's why I might like like Moonshot. I think that was probably ahead of its time. But the whole notion of you know, a very slim form factor that can pop in and pop out. You know, different alternative processor architecture is very efficient, potentially at the edge. Maybe that's got got potential. But do you have any thoughts on this? I mean, I know it's kind of Yeah, any hardware is, but, >>well, it is a little hardware, but I think you have to come back to the applicability of it. I mean, if you're taking a slim down ruggedized server and trying Teoh essentially take out, take off all the fancy pieces and just get to the core of it and call that your edge. I think you've missed a huge opportunity beyond that. So what happens with the processing that might be in camera or in a robot or in an inch device? These are custom silicon custom processors custom demand that you can't pull back to a server for everything you have to be able to to extend it even further. And, you know, if I compare and contrast for a minute, I think some of the vendors that are looking at Hey, our definition of edge is a laptop or it is this smaller form factor server. I think they're incredibly limiting themselves. I think there is a great opportunity beyond that, and we'll see more of those kind of crop up, because the reality is the applicability of how Edge gets used is we do data collection and data analysis in the device at the device. So whether it's a camera, whether it's ah, robot, there's processing that happens within that device. Now some of that might come back to an intermediate area, and that intermediate area might be one of these smaller form factor devices, like a server for a demo. But it might not be. It might be a custom type of device that's needed in a remote location, and then from there you might get back to that smaller form factor. Do you have all of these stages and data and processing is getting done at each of these stages as more and more resources are made available. Because there are things around AI and ML that you could only do in cloud, you would not be able to do even in a smaller form factor at the edge. But there are some that you can do with the edge and you need to do at the edge, either for latency reasons or just response time. And so that's important to understand the applicability of this. It's not just a simple is saying, Hey, you know, we've got this edge to cloud portfolio and it's great and we've got the smaller servers. You have to kind of change the vernacular a little bit and look at the applicability of it and what people are actually doing >>with. I think those are great points. I think you're 100% right on. You are going to be doing AI influencing at the edge. The data of a lot of data is going to stay at the edge and I personally think and again David Floor is written about this, that it's going to require different architectures. It's not going to be the data center products thrown over to the edge or shrunk down. As you're saying, That's maybe not the right approach, but something that's very efficient, very low cost of when you think about autonomous vehicles. They could have, you know, quote unquote servers in there. They certainly have compute in there. That could be, you know, 2344 $5000 worth of value. And I think that's an opportunity. I'd love to see HP Dell, others really invest in R and D, and this is a new architecture and build that out really infuse ai at the edge. Last last question, guys, we're running out of time. One of the things I'll start with you. Still what things you're gonna watch for HP as indicators of success of innovation in the coming decade. As we said last decade, kind of painful for HP and HP. You know, this decade holds a lot of promise. One of the things you're gonna be watching in terms of success indicators. >>So it's something we talked about earlier is how are they helping customers build new things, So a ws always focuses on builders. Microsoft talks a lot. I've heard somethin double last year's talk about building those new applications. So you know infrastructure is only there for the data, and the applications live on top of it. And if you mention Dave, there's a number of these acquisitions. HP has moved up the stack. Some eso those proof points on new ways of doing business. New ways of building new applications are what I'm looking for from HP, and it's robust ecosystem. >>Tim. Yeah, yeah, and I would just pick you back right on. What's do was saying is that this is a, you know, going back to the Moonshot goals. I mean, it's about as far away as HP ease, and HP is routes used to be and that that hardware space. But it's really changing business outcomes, changing business experiences and experiences for the customers of their customers. And so is far cord that that eight p e can get. I wouldn't expect them to get all the way there, although in conversations I am having with HP and with others that it seems like they are thinking about that. But they have to start moving in that direction. And that's actually something that when you start with the builder conversation like Microsoft has had, an Amazon has had Google's had and even Dell, to some degree has had. I think you missed the bigger picture, so I'm not saying exclude the builder conversation. But you have to put it in the right context because otherwise you get into this siloed mentality of right. We have solved one problem, one unique problem, and built this one unique solution. And we've got bigger issues to be able to address as enterprises, and that's going to involve a lot of different moving parts. And you need to know if you're a builder, you've it or even ah ah, hardware manufacturer. You've got to figure out, How does your piece fit into that bigger picture and you've got to connect those dots very, very quickly. And that's one of the things I'll be looking for. HP as well is how they take this new software initiative and really carry it forward. I'm really encouraged by what I'm seeing. But of course the future could hold something completely different. We thought 2020 would look very different six months ago or a year ago than it does today. >>Well, I wanna I want to pick up on that, I think I would add, and I agree with you. I'm really gonna be looking for innovation. Can h P e e get back to kind of its roots? Remember, H B's router invents it was in the logo. I can't translate its R and D into innovation. To me, it's all about innovation. And I think you know cios like Antonio Neri, Michael Dell, Arvind Krishna. They got a They have a tough, tough position because they're on the one hand, they're throwing off cash, and they can continue Teoh to bump along and, you know, placate Wall Street, give back dividends and share buybacks. And and that's fine. And everybody would be kind of happy. But I'll point out that Amazon in 2007 spent spend less than a $1,000,000,000 in R and D. Google spent about the back, then about the same amount of each B E spends today. So the point is, if the edge is really such a huge opportunity, this $4 trillion tam is David Foyer points out, there's a There's a way in which some of these infrastructure companies could actually pull a kind of mini Microsoft and reinvent themselves in a way that could lead to massive shareholder returns. But it was really will take bold vision and a brave leader to actually make that happen. So that's one of things I'm gonna be watching very closely hp invent turn r and D into dollars. And so you guys really appreciate you coming on the Cube and breaking down the segment for ah, the future of HP be well, and, uh and thanks very much. Alright. And thank you for watching everybody. This is Dave Volante for Tim Crawford and Stupid men. Our coverage of HP ease 2020 Virtual experience. We'll be right back right after this short break. >>Yeah, yeah, yeah, yeah.

>> Announcer: Live from Copenhagen Denmark, it's theCUBE covering Kubecon and CloudnativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome back everyone, live here at Copenhagen, Denmark, Cube's coverage of Kubecon 2018 in Europe, this is all about the Kubernetes the future of cloud native, CloudNativeCon part of the CNCF Cloud Native Foundation, I'm John Furrier and my co-host Lauren Cooney, founder of Spark Labs industry expert of open source. So, we have two end user customers of Kubernetes and Cloud Native, Zach Arnold, software engineer Ygenre energy fund, and Austin Adams software development manager, same company. You guys are doing really interesting business model around energy and equity in buildings and homes, but you're writing code, so you have to make all this stuff work, so I'm sure you're cloud native, why have a data center when you can have the cloud >> Austin : We were born in the cloud. >> You were born in the cloud. So take us through, explain the business real quick, and then what's your back end, technical scaling situation look like in terms of infrastructure, software and what's the make up of the systems. >> Zach: You know the business best. >> Yeah, so Ygrene operates under something called PACE, property assess clean energy. We operate in a couple of different states. We work with local governments to create a PACE program that is accepted in different counties or jurisdictions within the state, and then we allow homeowners and contracting companies to provide financing for home improvements that are specifically within the domain of renewable energy or energy efficiency. >> So, you basically finance a solar panel that I put on my house or building if there's benefits there, and then you guys get the financing and you tie in with the government so the property taxes, the leverage the security is the building right, or the asset. >> Yeah, and the way that we're chartered is basically we can put a tax on the property which gives us some guarantees on repayment and things like that, and it's a great model so far. >> It's a new financial engineering around energy efficiancy so you've got to build systems, so you're working with government, so now we all know how government systems work, so you've got to be agile and nimble. Take us through how the back end works, what's it look like, what's the system look like, you're hosted in the cloud, is it Amazon, Google? >> So everything that we have is in a cloud provider that starts with an A, and ends with an S, it's AWS I don't know if I can say that, I think I can say that, AWS all the way-- >> Yes, it's good. >> And we have tons of services, we have Kubernetes running most of our main services. Within our migration we actually started with our main service. A lot of people start with, you know, their smallest microservice, we just went whole-hog and just went in for it, so they system is mainly a lone-management system. Underwriting data aggregation and underwriting processing, so every application that comes in we have to underwrite it and make sure every little thing checks out, and our underwriting system has won awards for how accurate it is and how high quality it is as well. >> So, I'm doing a mental white board in my mind, just kind of graphing this so just help me out here and take us through this. So, you guys are a cutting edge company, new progressive business model, real innovative, great stuff. Cloud native, so you're born in the cloud no data center, cool, check, it's what everyone does, and now you're like okay, now I've got to deal with these legacy systems. So, you're putting containers around things, so you have to interface, you build your own system so that's cool, but you're dealing with other systems and then how are you handling that, you are just containerizing it, so take us through some of those linkages. >> Yeah, so where we're creating, a lot of times when we have to integrate with another system, we'll create a small service that is code that we own, and we'll reach out to those integrations, those vendors and we'll do aggregation within our system and provide an interface back to our systems. You know, like everyone, we're breaking up the monolith or whatever, maybe in 10 years we'll go back to a monolith, who knows but you know we're slicing out things, making microservices, it looks like a mess on the back end, just tons of microservices going everywhere and that's why we're using all these Cloud Native tools to be able to manage that. So, in order to move quickly, we're wanting to containerize everything, everything runs in a container at this point. >> Lauren: Great. >> A lot of our services follow this kind of we're kind of calling the container adaptor pattern, it follows the software adaptor pattern where, just like Austin was saying, let's say for example we're interfacing with a credit vendor, we create a service where we talk to our own service that has a well defined interface that we know will always get a credit report back with the following fields, but then where that information actually comes from, whether it's one of the big three credit vendors or someone else who has a well defined API, that's largely not the concern of the main loan management system, it's the concern of the microservice that's responsible for reaching out to that other entity there. So, that's how we've kind of gotten to beat around the legacy interfacing of all these other different financial services and tools that help to aggregate data.. >> It's super clever you can optimize on a service basis but now you have to orchestrate and kind of conduct everything through-- >> And keep everything secure. >> That's really interesting, I mean I think what I'm looking at here is a huge ecosystem of partners and companies and end users coming together and one of the questions, beyond why you are here, what are you looking at here, what is interesting to you, what do you want to learn about that you might bring into your, you know, architecture essentially? >> Austin and I were talking about this, we kind of tend to look at the CNCF list of projects as a dinner menu. (laughs) >> We're refreshing that page frequently, because we're adding projects at an alarming rate, but one project we're using FluentD, Notary, Kubernetes, of course, Prometheus, things like that, we want to start using those things more extensively. One's that we're really excited about are Spire and Spiffy, the identity, kind of a new take, not necessarily new but new for cloud native take on identity of services and authentication, as well as the open policy agent to provide a single DSL to do all of your policy and authorization-- >> Lauren: That's a lot of work, load and management and identity correct? >> Yeah, yes. >> Authorization and authentication are two of the most important things that happen in our system and we have so many different ways that it happens right now, it can tend to look a little clogy, just from the sense of the fact that we need a little more coordination or standardization around it, I mean we have well written policies that are documented but the way that those actually get enforced are, it's individualized based on the service, you know, if it's a cloud based policy, then it's AWS IAM, if it's Kubernetes based policy it's RBAC using Kubernetes RBAC, so it kind of looks like if we can abstact a lot of that functionality out of the services, the containers, the orchestration tool or the cloud, to making those decisions, that would really, really simplify things for us. >> So, you guys are end users, so are you part of like an end user group that gives feedback directly into the community or how does that work, and do you contribute to that? >> Yes, so we're on the fringes of the contributor community as well, and we're definitely on GitHub on all these projects posting issues and in some cases providing our own PR's or whatever. None of us are within the Kubernetes orb but that's definitely something we all are achieving or aspiring to be is jumping into some of these projects, especially some of the smaller projects that we're using on a daily basis on our build servers like, Portheurs or Notary, some of those things we're actively contributing to those. >> So, you've traded on mastery of product but being active on the project is the key, the balance there. >> Yeah, I mean typically what you find in the fiance industry is when they go for a solution, they lead with their wallet as for what we can purchase, or what we can sponsor, but Ygrene has been, our managers and management have been incredibly empowering this way, they say well what can we give, we lead with our hands. >> Yeah, and this is interesting, if you have a good business model innovation, which you guys have, you can be a completely clean sheet of paper to build it. >> Right >> So, that's the best thing about the cloud. You can really move fast and go from, you know, point A to point B, move the needle. >> Yeah, with it at the same time there's kind of a clean slate, there's even a clean slate in terms of best practices within our industry. Now if we were in mortgage, there's a lot of rules, there's a lot of clear guidelines on how to do security and auditing and things that you need, where in our industry that's all emerging, so we have a chance to also set the pace, set the tone for what security might look like, or what cloud usage might look like within the PACE industry. But at the same time, we're getting increasing government regulations, so we're having to make these decisions around, what are the tools that are going help us achieve maximum customer protection and audit-ability while maintaining our business model without totally-- >> And you're going to need flexibility because you don't know what's going to come next you've got to be ready for anything, and that is what leads to my next question, two points, how do you guys prepare for what's next, what's the main ethos around, technical architecture around being prepared for that, ready state that's coming to you, and then two, what have you learned over the, what's the scar tissue look like, what's the moments of joy and despair going on because you're reiterating, your learning, you're always constantly getting knocked down, standing back up. so this is what innovation is, it can be fun and also grueling at the same time. >> Yeah, so how we deal with what's new beyond our like software process, we have a well-defined process that everything gets churned into. Government is really good about giving us notice about when stuff's going into effect, so we always have target dates that we're going toward. But, in terms of what's next in terms of our software, we have this interesting culture within our organization, everyone wants to improve everything, I think it's called a Kaizen culture, just people are looking at stuff they want to improve it, and so our process allows for anyone to throw something on the backlog. It will get prioritized and put around, but we're allowing all of our engineers to say, hey we want to do this, and you know, putting it into an open forum where, you know, we might not do it but we have the discussion, and we have all the channels to have those discussions and, like most technology companies or technology focused companies, we spend a lot of time talking about technologies, and making those decisions. >> You guys really have the cultural ethos but the people to bate and then commit. >> And that's one of my, you know, recommendations for any company trying to move to cloud native or Kubernetes is, always, you have to have your evangelists, on your team, because you can't expect people who have been doing it one way forever to instantly be onboard. You need some sort of technical evangelist whether that's outside company, it works best, I think, if it's someone you've hired, or someone in your organization who's preaching the gospel of Kubernetes or cloud native. >> Spark Labs, Lauren's company's doing a lot of that work, but that really nails it, I mean, you got to just, it's not a technical issue, per se-- >> Exactly. >> We're hearing that all through the show here. What's on your wish list, what is the holiday's want to bring for you? If you could throw your wish list out there, and you can, a magic wand, crystal ball >> EKS, if Amazon would respond to our request. >> Okay, we just had AG on yesterday, he said it's coming >> It's coming. >> He said, months, >> Did he say months, I thought it was a few months, So maybe >> We'll check the transcripts. >> Alright >> Yeah, it wasn't tomorrow. >> That's alright. >> And that's one of our, that's our scar tissue right? We're doing this ourself, you know, there's this huge control board and we got people, you know, doing the knobs and things and we're relatively small, you know, we're a small engineering organization so we're doing a lot of this ourselves where we can abstract a lot of that work out to a cloud provider that we are already on. >> Well it's going to be good reps for you guys as this thing gets abstracted away, you're going to have a great core competencies in Kubernetes, I think that is a notable thing there. >> Austin: For sure. >> One of the things on my wish list, I was speaking to Jace and Josh Burkus and a lot of the core contributors in Kubernetes at the Contributors Summit, I kind of realized that I would love to see a coordinated cross cutting after, either on part of the CNCF or on part of The Kubernetes Project proper, to have a proactive security, I wouldn't call it a working group, I guess a SIG, a Special Interest Group. It would be, I know that we can deal with zero day issues really, really quickly. For example, the Azure host path mapping issue that was a few months ago, but right now it's kind of on the responsibility of each SIG to implement whatever security looks like to them individually, which is great, it means there are people thinking about security, that makes me sleep better at night. But, seeing some coordination around that and kind of driving towards, okay we have this tool that seems to be changing the game, how are we going to change the game with security? Like is there a way to look at that and even, 'cause authentication and authorization have been around since more than one user used a terminal in the 1960's and 70's. But, even with this new step of admission controllers, where we have more fine grain control around how stuff gets into the cluster. I think it would be great to look at what a coordinated cloud native security effort would look like. >> I think that's great, I mean we've been talking to a lot of vendors here and a lot of folks that have projects, and we bring security every single time and they kind of have an answer, but they really don't. >> They body swerve you, we've got this we've got that. >> Or you're the developer and you have to build it in yourself, so I totally agree with that recommendation I think it's fabulous. >> Yeah, Kubernetes is making so many things simpler at certain levels. Now, if we can focus those efforts at making security simple for people, because they're security experts, they can put their two cents in >> Lauren: Let's build it in and not block it on. >> Build it in and not expect every developer to know. >> Zach: Don't bolt it on, build it in. >> Build it from the beginning, there are all kinds of new ways. The fact there is no perimeter with the cloud brings up, really kind of throws everyone for a loop because you have to go to the chipset down, I mean what Google got, I think is a very interesting approach, they're trying to push forward this multilayer approach from chip to kernel to OS to app, interesting. They've got, managing through all their security, they've got android, I mean spear phishing is a huge problem right now, we're seeing and a lot of enterprises we talk to are like, well, it's like the firewalls and VPN's like that's old school, they need to modernize that so this is going to get them thinking about that. So great, hey guys, thank you for coming on and sharing your feedback-- >> Thank you. >> And your data and your place and how you are architected on AWS and your work with Kubernetes. Congratulations. >> Thank you. >> Cube coverage here in Copenhagen. It's theCUBE's coverage at Kubecon 2018. We'll be back with more after this short break.