>>Welcome back everyone to the cubes live coverage here in San Francisco for VMware Explorer. I'm John farer, Dave LAN two days of Wal three days of Wal Walker. Two sets live events got PERA, had Metabo, senior vice president and general manager of cloud management at VMware. I got it. Right. Thanks for coming on the queue. >>You got it right. Good to >>Be here. We're all smiles. Cause we were talking about your history. You once worked at loud cloud and we were reminiscent about how cloud was before cloud was even cloud. Exactly. And how, how hard it was. >>And >>It's still hard. Complexity is a big deal. And one of the segments we want to talk to you about is the announcement around aria and you see cloud manage a big part of this direction to multi-cloud yes. To tame the complexity. And you know, we were quoting Andy Grove on the cube, let chaos rain, and then rain in the chaos. Exactly. Okay. A very famous quote in tech and the theme here is cloud chaos. Yes. And so we're starting to see signs of raining in that chaos or solving complexity. And every major inflection point has this moment where yes, it gets so hard and then it kicks up to the right and grows and link gets solved. So we feel like we're in that moment. >>I couldn't agree more. And in fact, the way I say is our, our, our tagline is we make the complexity of managing cloud invisible so that you can focus on building your business apps. And you're right about the inflection point. Every time a new technology hits, you have some point of adoption and then it becomes insanely successful. And that's when the complexity hits, then you go and tame the complexity till the next technology hits. Right? That's what happens. It's happened with virtualization. Then it has happened with cloud then with containerization and now the next one will hit. And so with aria, we said, we have to fundamentally change the problem, right? We are constantly running a race of TAing, this complexity. So very excited about this announcement with which we're doing with aria. And we said, imagine if I could have a view of my environment and all the dependencies, I don't need to know everything, just the environment and its dependencies. Then I can now start solving problems and answering questions that I was unable to before. And newer technologies can keep coming and piling on, but I'll always be able to answer that, help >>Our audience understand Ari, a great name and, and what's new. Your Heka what's new from, you know, it's not just V V realize with a new name what's what's new specifically. >>Yeah. Please. No. >>Explain some people. Well, >>There's some commentary on snarky comments, but it's a product it's not a rebrand of something >>Else. It's right. It's not explain that. It's not a, yeah. So what we did is let, let me start off. Why, why we started aria? So we said, okay, native public managing environments, native public cloud environments and cloud native applications is a different ballgame, more Emeral workloads, very large scale, highly fragmented data. So we looked at that problem rounds up and said, we need to have a management solution that solves that problem focused on native public cloud and cloud native apps and the core to solving that problem was you can't just solve it for one cloud or you can't solve it for one discipline. When I say discipline, when you think about management, what do you manage? You're managing to optimize cost. You're managing to optimize performance. You're managing to optimize your security and you're managing to speed up the delivery. That is it. And so we said, we'll have a new look to this management. And what we have done with aria is we have introduced a brand new platform, which we call aria hub powered by aria graph, which allows you to deliver this man on this management challenges, by creating a map of your environment, a near real time map of your environment. And then we are able to, once we know what an application looks like and how it maps to the infrastructure, we can go and query other subsystems to tell you, what is the cost of an application? What is the performance of an application? Creating a common understanding >>This now it's a new architecture. >>I just wanted to get that out there. It's federated >>New graph database. >>Yes. It's a new architecture federated, a platform that not only gives you a map of your environment, but it federates into other sources to pull that data together. Right now, one of the data sources that it federates into is of course also we realize, yeah, yeah. Cloud health, >>You plug and >>Cloud observability. You plug everything into it. Yeah. And as part of the announcement, we didn't just announce a platform. We also announced a set of crosscutting solutions cuz we said, okay, what is the power of the platform? The big thing is it removes the swivel share management. It allows you to answer questions you couldn't answer before. And so >>Swivel share meaning going from one app to another one app logging in exactly >>Credentials in credentials. And you don't have a common understanding of app across those. So now you hire people who do integration buses, right? All kinds of cloud. So the three new end to end solutions we are announcing also in, along with the platform, these are brand new. One is something called aria guardrails. So when I have development environments today, for example, my, I do development on public cloud as well as private cloud. I have thousands of accounts, each one with its own security rules, each one with its own policies. After I initially deploy the account, it becomes a nightmare to manage that. So what aria guardrails allows you to do is set up these multi-cloud environments with the right policies. And not only is it about one time provisioning, but it is maintaining them on >>A run basis. And those credentials are also risk. Cuz you have a password on the dark web, that's exposed on one and you've got to change it. And, and there's so many things going on exactly on security, which brings me up to the point of, you know, we were talking, we're gonna see Tom later on security. We heard earlier, why wasn't security in the keynote? Oh, it's table stakes. That's what Z has said. But we're like, okay, I get that. So let's just say that security is table stakes. There's a big trend towards security as a state of something at a, at a given time. And that CSOs and CSOs are going to defensible. Yes. Meaning being defensible all the time. Yes. As an ongoing thing, which is not just running a pen test once a week. Yes. Like multiple testing, real testing. Not simulation. Yes. To be secure. Yes. So it's not about being secure. It's about having security, but defense ability is the action now not yeah. Yeah. >>Can >>You does that, how does that fit into this? Because this seems to like be in this wheelhouse of management. >>No, I think you're bringing a very important point, which is the security as a post. The fact item is no longer. Right? Right. You want to bake in security. This is a shift left of security that we talk about when you're building an application and you are deploying code in your test, you wanna say, Hey, what is the security? Is it secure? Is it meeting my guardrail? Then when you deploy it from an operations perspective, also it is a security concern. It's not just a security team's concern now. So is my configuration right? Is my configuration secure? Has, is it drifting? It's never a snapshot in time. It's constantly, you have to look at it. Is it drifting? And that is exactly what we are doing also with aria. So >>That's part of the solution you're talking about in the guardrails within being >>Able to maintain the secure configuration right now, as I said, there's always a security discipline. Yeah. Which is you are done by security teams, but you also want operations teams and development teams to enforce security in their respective practices. And that's what Ari allows you to do. >>So the question on multi-cloud comes in, okay. So this is all good. By the way, we love that shift left again, very developer. And I would argue actually we are argue on the cube. That dev ops is the development environment for cloud native. So the it operational once called ops is now in dev just saying he is, and then data ops and security ops are now the new it because that's where the hard problems are. So how do you look at the data side of it as well as security in your view of multi-cloud because you know, hybrid cloud, I can see the steady state between, you know, on premises and cloud, if it's operating cloudlike but now you're starting to look at spanning clouds. Yes. Yes. Not full spanning workloads. That's not there yet, but certainly people have multiple clouds. Yeah. But when you data seems to be the first thing spanning not necessarily the app itself, but how do you guys view that multi-cloud aspect of what you're managing? I mean, how you look at that? >>I think there are different angles to it. Right? You can look at it from the data angle and you look at it on how the, how protected a data is for us. When you look at management discipline, it is all from the perspective of configurations. Okay. If I have configured my environment correctly, then you should not be able to do something that destroys or the data. Right. So getting the configuration right. When you're developing that, getting the configuration right. When you're provisioning the app and then getting the configuration, right. Even when you're doing day two and ongoing operations, that is what we bring to the table. And to some extent, that aria visibility, that I was talking about an Ary graph, a near real time view of the configuration state and its dependencies is very critical. So now I can ask questions. Is there a misconfiguration, by the way, the answer is yes, they, yeah. >>That is a lot by the way, too, right? Yeah. >>Which, which exposes me. And then you can say, Hey, is there user activity associated with that misconfigured? Good object. Now suddenly you have go, go to a red alert. So not only something misconfigured, but there is user activity associated with the misconfigured data. You know, this is something that I have. This >>Is where AI sings beautifully because beautifully, once you have the configuration baseline done, yes. It's like securing the S3 bucket, which is like a knee has to be a like brushing your teeth. It's gotta be a habit. Exactly. It's like, you just don't even think about, you just don't leave an S3 bucket. >>It's gotta be simplified because you're, we're asking the devs now to be security pros, correct. Secure the run time, secure the paths, you know, secure the containers. And so they need help. This is not what they wake up in the morning passionate about. Right. >>But that is where the guardrails comes in. Totally. Yeah. So a a developer, why should they care? They should just say, look, I'm developing for the credit card industry. I need a PCI compliant environment. And then let us take care of defining that environment, deploying that environment, managing that environment on an ongoing basis, they should be building code. Yeah. Right. But there is a change also, which is in the past, these were like two different islands and two different views with aria graft. We also have created this unified API that a developer could query or an ops could query to create a common understanding of the environment. So you're not looking at, you know, the elephant won the trunk and the other one, the tail you're looking at it in a common way. >>Can you talk about the collaboration between tan zoo and aria portfolios? Because obviously the VMware customers are investing in tan zoo. A lot of stuff's coming outta the oven. We heard some Dave heard some stuff from Chris Wolf and he's gonna come on tomorrow. And Raghu was hinting at some other stuff. That's not yet public, but you know, this things happening, >>Things happening, lot of >>Things, you know, you know, announcements happened years ago last year. Now some fruit's coming off the tree, this is a hot product aria. It makes a lot of sense for the customers. Where's the cloud native stuff, kicking, connecting in. What's the give us the overview what's connection >>Is lots and lots of connections. So you have a beautiful Kubernetes environment and a cloud native platform. You have accelerated app development. Now you're building more apps, more microservices based apps, more fragmented data, more information. So think of aria as an envelope around all of this. So wherever you are, whether you are building an application, deploying an application, managing an application, retiring an application through that life cycle, we can bring that management. So what we are doing with Tansu is with the platform, develop and platform. Now we can hook in management with a common perspective earlier in the life cycle. I don't have to wait for it to go to production to start saying, is it secure? Is it configured? How is it performing? What is my cost trade off as a developer, I've decided to, to fix a latency issue, I'm gonna add a new region or I'm gonna scale out a particular tier. Do I know how much it'll cost me? Can I give you that right at your fingertips, potentially even within the development platform and within the ID, that's the power, right? So bringing Ary, >>Not a lot of heavy lifting on the develop. So it's pretty much almost like a query to a database or >>As simple API that they can just query as part of their development process. Yeah. So by bringing aria and Tansu and really aria en developing Tansu right. You're able to bring that power >>Developer. I just always smile because you, I remember we, we have a group called the cloud. AATI the early OG found cloud. >>AATI >>The early days of cloud. When we were talking about infrastructure as code yes. Way back when, and finally it's actually happening. So what you're describing is infrastructure's code because now there's more complexity happening under the hard and top and you know, service are being turned on and off automatically. Yes. And sometimes you might not even know what's going on. Exactly. If you have guard rail, >>But you have to discover the state, know something has turned on, understand the implication and then synthesize, synthesize it down to the insight for the user. >>You know, a lot of people have been complaining about other older companies. Like Splunks the world who have great logging technology for gen one cloud, but now these new logging logging becomes a problem. Can you talk about how you guys are handling that? Give confidence or yeah. Explain that there's everything's gonna be logged properly. Yeah. >>So, so really look, there are three disciplines that we have management. Discipl like, ultimately there are thousands of names, but it boils down to you're managing the cost. You're managing the security, you're managing the performance of your applications. That is it. Right. So what we found is when you think of these disciplines as siloed load solutions, you can't ask a simple question as what is my cost performance trade off. You can't ask a simple question as, Hey, I'm improving performance. How, what is the implication of security? And that's when you start building complex solutions that say, okay, let me collect log from here. Let me collect this from here. Then let me correlate and normalize an application definition and tell you something and then put it in a spreadsheet and put it in a spreadsheet finally for manual work. Exactly. So one of the pillars is about managing performance. >>We have very powerful capabilities today in our portfolio. Tansu observability, which is part of aria portfolio. We realize log, which is part of aria portfolio, networks, insights, and operations. So with the common, when you, when you have a common language, we have a common language. We understand each other. Similarly with Ary graph and aria hub, we have creating this common language. So once we create a common language, all the various observability and log solutions have a meaning. They have relevance. And so we are able to take the noise from all these systems and synthesize it down to what we call business insights. And that's what is one of the big announcement as part of aria, awesome take data, which we have lots of and convert it to information. >>Give us the bumper sticker on why VMware. >>Well, I I'll tell you, when you talk about various public clouds, each public cloud has their native solutions. I've got control tower, I've got cloud wash, cloud trail, different solutions, and some of the hyperscalers are also expanding their solutions to other cloud. I think VMware in a way, from a multi-cloud perspective, we are in a wonderfully neutral position. Not only do we have a wealth of technology and assets that we can bring to the game, but we can also do it evenly across all clouds. So, so look at something like cost. Do you trust one of the hyperscalers to tell you that what is the cost comparison between them and another hyperscaler? That is where the VMware value comes in? >>I think people just try to hear what the cost of one cloud. Exactly, exactly. That is often people make money doing that is a job. No, >>No, definitely. Even a single cloud. What is the cost? >>It's a cloud economist out there and we know who he is. Corey Corey, a friend of the cube. He does it for his living. So help people figure out their bill. Exactly. Just on one cloud. >>Exactly. It's one cloud. So being able, we have the unique position where, and the right sets of technologies and experiences to bring that solution to bear across multicloud. Right. Great. >>What's your vision real quick. One minute left. What's your vision for the group? What are you investing in? What's your goals? What are you trying to do? Ask you the products. New. Gonna roll that out. What's what's the plan. I >>Really, again, the biggest one, the, the, the tagline I talked about, right. I, I, I want to, you know, I'm telling customers, managing stuff is boring. Don't waste your time on it. Let us take care of it. Right? So make the cloud complexity invisible so that you can focus on building your applications and everything that we do in the business unit is targeted towards that one goal. It is not about doing more features, more capabilities. It's are you solving customers questions? And we start from question down, >>Be thank you for spending your valuable time here in the cube, explaining the new news. Appreciate it. All right. Get lunch. After the short breaks, stay more with the cube live here in San Francisco for VMware Explorer, 22. I'm John that's. Dave. >>Thank you.

(upbeat music) >> Announcer: Live from Orlando Florida, it's theCUBE, covering .conf18. Brought to you by Splunk. >> Welcome back to .conf18 everybody. I'm Dave Vellante with Stu Miniman, and you're watching theCUBE, the leader in live tech coverage. We love to go out to the events, extract the signal from the noise. A lot of focus today, Stu, on security and Haiyan is here. Haiyan Song is the Senior Vice President and General Manager of Security at Splunk. Great to see you again. >> Thank you for having me. >> You're very welcome. Fifth time I think for you on theCUBE So you're super alum. And really always appreciate your deep knowledge. As I said, today was security day. A lot of customers talking about security. It's obviously a strong hold of Splunk. But, give us the update. What's new this year with you? We talked a year ago in D.C. What's happening with you guys? >> Well this is the year that we really went out and shared our vision of what SOC looks like in 2020. And we call it the Vision of SOC 2020. And on a very high level, we envision that in a couple of years with the technology like analytics, and operations, automation, orchestration, we envision that 90% of the Tier 1 work that a SOC analyst would be doing will be automated. And with that automation we are envisioning that most of the time, more than 50% of the time, the SOC analyst can actually focus on detection logic and really responding to things, that requires the human skills and insights. And we're also envisioning that by that time, there will be a place, one place, where things for response gets orchestrated versus people have to go to twenty different places trying to figure out what's going on. So, that sort of, from a business perspective but to deliver that, there's really, sort of ten, we share the ten big we call it core capabilities, that capability road map to SOC 2020. And for us, we feel really fortunate that with the acquisition of Phantom, we are really able to bring that full stack together, to deliver that capability. So we have data platform. You heard all the exciting news on what we are doing, with data fabric search, stream processing, and amplifying the performance analytics. You heard all those things that we're putting into IT, and security, ES, UBA, and then last but not least is the ability to orchestrate, to automate, to collaborate. So I think we're really uniquely positioned, because we can bring all three together. That's the full stack to deliver on that vision. >> So let's talk a little bit more about that vision. So, I mean my rudimentary understanding is you really had a reactive mode in the past. It's kind of herding cats, trying to figure out, okay I'm going to to try to respond to an incident. Then you started to use data and analytics to try to prioritize, to focus on those things that aren't going to be a false positive or of high value. What you're putting forth is a vision where a lot of that heavy lifting goes away. Machine intelligence is either augmenting, or making decisions about which items to go after. Talk more about that world. What does it look like? What's the role of the security professional in that new world? >> Yeah, there's two parts we do in the Security Operations Center. Detecting things and responding things and taking care of sort of the incidents. So a lot of the things you really touched on is how we have applied machine learning and analytics and really leveraging the business context. The feature we talked about, the distribute, the data fabric search is a really powerful tool. Now we can reach out and get lot more information to help you make better decisions to reduce the reshow of noise to signal, or signal to noise, and whichever way you want to see it up and down. So, that world we expect more machine learning, more data modeling, more threat modelings so we can really sort of incorporate business, sort of context, so risks become a one key thing to help people prioritize. That's our product ES, and UBA, and you heard about the whole predictive capabilities in IT. I think all of those will be sort of that world. And the second part of what we do is if something does happen now we really got the signal. What do you do about it? We envision that world lot of initial men did prep work. Like, oh I want to find out if this ID belongs to which organization? Is this really a signature in the virus total, sort of database and what happened, so that whole prep hopefully, will be done for you before you even get started into an incident. And furthermore, if we have responded to those type of incidents before, we actually would like to give you a recommendation, this is what happened before, this is what worked, and why don't you think about this playbook and automate this part? So, I think the world in 2020, is going to be a lot of augmentation. >> One of the things we've heard from a number of your customers, is security in DevOps and how they are using the DevOps mentality to make security more pervasive and integrated in everything they do. Could you explain how Splunk fits into that discussion? >> Yeah, so DevSecOps, I think that's, sort of, the term you might be eluding to and I think the cloud adoption, the acceleration, and the new IT is really, sort of, bringing that into focus for us. Splunk plays to that in several ways. We have a security business, we have a IT business, and you may have heard we just acquired another company called VictorOps after Phantom. So they're really helping the DevOps world and try to coordinate and enable collaboration. So we definitely expect that capability will show up in the security side to help the DevOps, DevSecOps' world and we are also, as a company, taking data security really seriously. So we are putting a lot of, you know, you saw the data stream processing and one of the capabilities to obfuscate credit card and for GDPR and a lot of other things, there's that mending. You got to give people the control of things so there is a lot of that. We're taking into consideration and putting that into the product and the other thing is, really, we ourselves operate probably one of the biggest, sort of, cloud capabilities on AWS and we have infused a lot of best practices around, how do you automate? How do you protect? How do you be compliant? And how do you insure customer have control? And there's a lot of work we're doing there and practicing DevSecOps ourselves. >> Haiyan, in thinking about the Splunk portfolio and in the context of the vision that you guys laid out, how does Splunks existing portfolio fit in to that vision and where are the gaps? What has to evolve, whether it's your capabilities, or the industry's MI, ML, or machine learning capabilities? Where are the gaps? >> So I think in many ways the ten core capabilities were laid out. I going to try to go through them in my head. So. >> Okay. >> Ingest. Detect. Predict. and then automate. Orchestrate. Recommend. Investigate. Case Management. Collaborate. And reporting. So those are the ten. When we were sharing with our audience, we actually look at our ES, UBA, and Phantom. We are able to give them all those capabilities to get started on their path for SOC 2020. But we also realize and recognize that all those capabilities, I'll give you an example, Case Management, now there is more and more requirements coming to the security side to say I want you to bring all the different things together, and I want you to take in the automated playbooks and how this plays into those, so there's always room for us to continue to enhance those capabilities. But, we also see the opportunity for us to bring all those things in a more seemless way into, sort of, one full stack, the full stack that gives you, you know, I don't know if you heard the term, powering the OODA Loop? Right, the observe, orient, decide, and act. And that was really, sort of, military strategy for the fighter pilots to say the whole premise is whoever can power that loop, and execute the fastest, wins. >> It's like readying fire but more data focused. >> More data focused, I like that. So for us, it's really how do we bring the portfolio together, so they can really power that loop in a very intuitive way. And in a very open way. I want to make sure that I iterate that reiterate our commitment to be open. There's data layer, there is analytics layer, there's operational layer. We want to be that company can bring the full stack make them work really well. But, in the meantime work well with other data, with other analytics, detection engines, and other ways to operate. So being open is very important. >> And you'll automate as many of those or all of those ten that you mentioned. Do you automate the run book? >> Automated run book is what Phantom is all about and the run book gets more and more sophisticated and I think we give people the ways to say if on day one, you don't want to automate everything, especially shutting down his email, then you have the choice. But, it's as you learn, as you become more confidence, and you have that under your control. How much you want to automate, and hopefully, as more automated actions are taken, we get to analyze those and start making recommendations so you become more comfortable with that. >> So I understand New York Presbyterian was in your session. And, you were talking about going beyond security. I often like to say that security and privacy are two different sides of the same coin. But, when they talked about going, well share with us, what you learned from them. >> Yeah you have really the best phrase to say they are both sides and as a security professional in the digitized world I don't think you have a boundary to say my job starts with SOC and ends with SOC. It goes way beyond. It goes into data privacy. It goes into even fraud analytics, because a lot of things are happening online. It also goes into compliance. And, it's interesting that we thought years ago, compliance was driving investment. I think now with GDPR, with some of the data privacy challenges we've seen, that's impacting the masses, the criticalness of compliance is actually coming back. So the story that I was super impressed that our customer, New York Presbyterian shared with us is they had a challenge of really managing all this sort of patient records, and try to understand the staff's activities. Because, the auditors have a certain set of things. You know you shouldn't be snooping around the patient's record, if its your neighbor, or your buddy. So they used Splunk and they powered, sort of, us with a lot of the data from various applications. They have probably 20 data sources, that's very healthcare centric. We partnered up, we had our product expert, and fraud experts on that. And, we built a privacy platform, a early version of that, and they showed it to their privacy officers, and they basically said we've not seen anything like this to give us the flexibility and ease of use to be able to bring everything together. And, they did even more than that. If you have time I'll share with you on the opiate diversion capabilities they started building with. >> Dave: Oh, yeah talk about that, yeah please >> So we were thinking, we're just going to help them with compliance that makes their organization more compliant and better, but they didn't stop there. They said well, based on the power we're able to, really, leverage from the Splunk platform, we see the data we have for our pharmacies, there's a lot of prescription, sort of, information and with the world that's battling the opiate epidemic, we think we can actually analyze the data and give us early patterns and earnings, warnings of what might be happening. So, that's the next project we're partnering up. And for us we have technology, and customer have domain knowledge, have data. I think that's a great partnership. And they are willing, they are wanting us to go evangelize 'cause they want the whole industry to benefit, they want the nation to benefit. >> Well we saw this week on 60 Minutes, did you see that story? The one pharmaceutical company got in big trouble and a doctor went to jail. The pharmaceutical company was shipping 500 million Oxycontin pills into Florida. This is a state with a population of 20 million. Something was wrong. Obviously those were hitting the streets. And, this individual this doctor went to jail for life. So, data analysis could identify that. >> Data was there. I think it's the inside to look for the ways, to look for those things and having that inside drive decisions is really the partnership we have with our customers >> We're seeing that, g'head Stu. >> Yeah I was just, you spoke on a panel of the Grace Hopper event. >> Haiyan: Last week. >> We've been hearing great messages of diversity at this show. You had the Carnival Cruise CEO up on stage giving some great discussion points yesterday. Maybe you could share a little bit of your experience at the show and the panel that you were on. >> The Grace Hopper is such an amazing event and we see so many college grads and people, sort of, starting their career and that is like the go to place. And I see all the big companies, big, or small actually, putting so much effort to try to really evangelize to that audience. 'Cause California just passed, the Governor just signed into law, they require a woman on the board, as part of the requirements because diversity is being proven to bring better decision making into the board and I, myself, can tell you that my security leadership team over the years become more and more diverse. I don't think diversity is just gender diversity. I think diversity needs to go beyond gender. It's background where people who are from the private sector, from the government, where people from different Geo's of the world. That sort of richness of perspective always give us the best, sort of, angles to think about and validating, and debating on our, sort of, strategies. And going back to Grace Hopper, the panel that I was on was really sharing with the people who are there, what are some of the things that you should be prepared for if you want a cyber security career. And the part is not try to, oh here's a high bar. We really try to encourage everyone, whether you're technical, or you just having great analytical skills. I think one of my fellow panelist, she made a comment I thought was super funny. She was a CEO of a company and she said, sometimes women just have to have enough confidence and to go take the risk, grab the opportunity. She use the word, sometimes you have to fake it until you prove it and until you make it. And she's really just encouraging the attendees, just step up take the opportunity. I am in total agreement with that. >> Lean in baby. >> Lean in. That's another way to do it. >> Haiyan thanks so much for coming back in theCUBE. Really great to see you again. >> Thank you for having me. >> You're very welcome. All right, keep it right there everybody. Stu and I will be right back with our next guest. Right after this short break. We're live from Orlando, Splunk .conf18 You're watching theCUBE. (upbeat music)

>> Narrator: Live from Washington D.C. it's theCUBE, covering .conf2017. Brought to you by Splunk. (techno music) >> Well welcome back here on theCUBE as we continue our coverage at .conf2017. Splunks get together here in the nation's capital, Washington D.C. We are live here on theCUBE along with Dave Vellante. I'm John Walls. Glad to have you with us here for two days of coverage. We're joined now by Team Dell EMC I guess you could say. Colin Gallagher, who's the Senior Director of VxRail Product Marketing. Colin, good to see you, sir. >> Likewise. >> And Cory Minton, many time Cuber. Colin, you're a Cuber, as well. Principle Engineer, Data Analytical Leader at Dell EMC, and BigDataBeard.com, right? >> Yes, sir. >> Alright, and just in case, you have a special session going on. They're going to be handing these out a little bit later. So, I'm going to let you know that I'm prepared >> Cory: I love that, that's perfect. >> With you and your many legions of fans, allow me to join the club. >> That's awesome. Well welcome, we're so glad to have you. You've got a big data beard. You don't have to have a beard to talk big data at Dell EMC, but it certainly is not frowned upon if you do. >> John: Alright, well this would be the only way I'd ever grow one. >> There you go. >> I can promise you that. >> Looks good on you. >> I like the color, though, too. Anyway, they'll be handing these out at the special session. That'll be a lot of fun. Fellows, big announcement last week where you've got a marriage of sorts with Splunk technology and what Dell EMC is offering on VxRail. Tell us a little bit about that. Ready Systems is how you're branding this new offer. >> So we announced our Ready Systems for Splunk. These are turnkey offerings of Dell EMC technology pre-certified and pre-validated with Splunk and pre-sized. So we give you the option to buy from us both your Splunk solution and the underlying infrastructure that's been certified and validated in a wide variety of flavors based on top of VxRail, based on top of VxRack, based on top of some of our other storage products, as well, that gives you a full turnkey implementation for Splunk. So as Splunk is moving from the land of the hoodies and the experimenters to more mainstream running the business, these are the solutions that IT professionals can trust from both brands that IT professionals (mumbles). >> So you're both a Splunk reseller and a seller of infrastructure, is that right? >> Indeed. So we actually, we joined Splunk in a partnership as a strategic alliance partner a little over a year ago. And that gave us the opportunity to act as a reseller for Splunk. And we've recently gone through a rationalization of their catalog, so we actually have now an expanded offering. So, customers have more choice with us in terms of the offers that we provide from Splunk. And then part of our alliance relationship is that not only are we a reseller, but because of our relationship they now commit engineering and resources to us to help validate our solutions. So we actually work hand in hand with their partner engineering team to make sure that the solutions that we're designing from an infrastructure perspective at least meet or exceed the hardware requirements that Splunk wants to see their platform run on top of. >> Dave: Okay, cool. So you're a data guy. >> Indeed. >> You've been watching the evolution of things like Hadoop. When I look at the way in which customers deal with Hadoop, you know, ingest, you know, clean or transform, analyze, etc., etc., operationalize, there seem to be a lot of parallels between what goes on in that big data world and then the Splunk world, although Splunk is a package, it seems to be an integrated system. What are the similarities? What are the differences? And, what are the requirements for infrastructure? >> I think that the ecosystems, like you said, it's open source versus a commercial platform with a specific objective. And if you look at Splunk's deployment and their development over the years they've really started going from what was really a Google search for log, as Doug talked about today in the kickoff, to really being a robust analytics platform. So I think there's a lot of parallels in terms of technology. We're still ... It's designed to do many of the same things, which is I need to ingest data into somewhere, I need to make sense of it. So, we index it or do some sort of curation process to where then I can ask questions of it. And whether you choose to go the open source route, which is a very popular route, or you choose to go a commercial platform like Splunk, it really depends on your underlying call it ethos, right? It's that fundamental buy versus build, right? For somebody to achieve some of the business outcomes of like deploying a security event and information management tool like Splunk can do, to do that in open source may require some development, some integration of disparate open source platforms. I think Splunk is really good about focusing specifically on the business outcome that they're trying to drive and speeding their customers' time to value with that specific outcome in mind, whereas I think the open source community, like the Hadoop community, I think it offers maybe some ability to do some things that Splunk maybe wouldn't be interested in, things like rich media analytics, things that aren't good for Splunk indexing. >> Are there unique attributes of a data rich workload that you've accommodated that's maybe different from a traditional enterprise workload, and what are those? >> Yeah, so at the end of the day any application is going to have specific bottlenecks, right? One of the basis of performance engineering is move the bottleneck, right? In enterprise applications we had this evolution of originally they were kind of deployed in a server, and then we saw virtualization and shared storage really come in vogue for a number of years. And that's true in these applications, these data rich applications, as well. I think what we're starting to see is that regardless of what the workload is, whether it's a traditional business application like Oracle, SAP, or Microsoft or it's a data application like Splunk, anytime it becomes critical to the operation of a business organizations have to start to do things that we've done to every enterprise IT app in the past, which is we align it to our strategy. Is it highly available? Is it redundant? Is it built on hardware that we can be confident in that's going to be up and running when we need it? So I think from a performance and an engineering perspective, we treat each workload special, right? So we look at what Splunk requirements are and we understand that their requirements may be slightly different than running SAP or Oracle, and that's why we build the bespoke systems like our Ready System for Splunk specifically, right? It's not a catch all that hey it works for everything. It is a specifically designed platform to run Splunk exceptionally well. >> So Colin, a lot of the data practitioners that I talk to at this show and other data oriented shows like, "Ah, infrastructure. "I don't care about infrastructure." Why should they care about infrastructure? Why does infrastructure matter, and what are the things that they should know? >> Infrastructure does matter. I mean infrastructure, if youre infrastructure isn't there, if your infrastructure isn't highly available, as Cory said, if it lets you down in the middle of something, your business is going to shut down, right? Any user can say, "Talk about what happened "the last time you had a data center event, "and how long were you offline, "and what did that really mean for your business? "What's the cost of downtime for you?" And everything we build at an application level and a software level really rests on an infrastructure foundation, right? Infrastructure is the foundation of your data center and the foundation of your IT, and so infrastructure does matter in the sense that, as Cory said, as you build mission critical platforms on it the infrastructure needs to be highly reliable, highly available, and trusted, and that's what we really focus on bringing. And as applications like Splunk evolve more into that mainstream world, they need to be built on that mission critical, reliable, managed infrastructure, right? It's one thing for infrastructure development, and this kind of happens in the history of IT, as well. It happened in client server back in the day. You know, new applications ... Even the web environment I remember a company was running, one of my clients was running a web server under their secretary's desk, and she was administering in half time. You would never have a large company doing that. >> They'd be back up (mumbles). Before you leave. >> As it becomes more important it becomes more central, but also it becomes more important to centrally manage those, right? I'm a 15 year storage veteran, for good or for worse, and what we really sell in storage is selling centralized management of that storage. That's the value that we bring from centralized infrastructure versus a bunch of servers that are sitting distributed around the environment under someone's desk is that centralized management, the ability to share the resources across them, the ability to take one down while the others keep running, shift that workload over and shift it back. And that's what we can do with our Ready Systems. We can bring that level of shared management, shared performance management, to the Splunk world. >> I'll tell you, one of the things that we talked about, we talked about in a number of sessions this week, is application owners, specifically the folks that are here at this conference, need to understand that when they decide to make changes at the application level, whether they like infrastructure or they think it's valuable or not, what they need to understand is that there are impacts, and that if you look at the exciting things that were announced today around Enterprise Security updates, right? Enterprise Security is an interesting app from Splunk, but if a customer goes from just having Splunk Enterprise to running Enterprise Security as a premium application, there's significant downstream impacts on infrastructure that if the application team doesn't account for they can basically put themselves in a corner from a performance and a capacity perspective that can cause serious problems and slow down the business outcome that they're trying to achieve because they didn't think about the infrastructure impacts. >> Well, and what they want really is they want infrastructure that they can code, right? And we talked about this at VMworld we were talking about off camera that cloud model, bringing that cloud model to your data as oppose to trying to force your business into the cloud. So what about Ready Systems mimics that cloud model? Is it a cloud like infrastructure? Wondering if you could talk-- >> Yeah, I think it's that cloud like experience. Because we know we're in a multi cloud world, right? Cloud is not a place, cloud is an operating model, right? And so I think that the Ready Systems specifically provides a couple of things that are that cloud like experience, which is simple ordering and configuration and consumption that is aligned to the application, right? So we actually align the sizing of the system to the license size and the expected experience that this one customer would have so they get that very curated bespoke system that's designed specifically for them, but in a very easy to consume fashion that's also validated by the software vendor, in this case Splunk, that they say, "These are known good configurations "that you will be successful with." So we give customers that comfort that, "Hey, this is a proven way "to deploy this application successfully, "and you don't have to go through "a significant architecture design concept "to get to that cloud like experience." Then you layer in the fact that what makes up the Ready System, which is it is a platform powered by, in the VxRail case powered by VMware, right, ESX and vSAN, which obviously if you look at any of the cloud providers everything is virtualized at the end of the day for the most part, or at least most of the environments are. And so we give, and VMware has been focused on that for years and years of giving that cloud like experience to their customers. >> You talk about, you mentioned selling, sort of reseller, you've got this partnership growing, you're a customer. So, you have all these hats, right, and connections with Splunk. What does that do for you you think just in general? What kind of value do you put on that having these multiple perspectives to how they operate whether it's in your environment or what you're doing for your customers using their insights? >> Yeah, I think at the end of the day we're here to make it simpler for customers. So if we do the work, and we invest the time and energy and resources in this partnership, and we go do the validation, we do the joint engineering, we do the joint certification, that's work that customers don't have to do, and that's value that we can deliver to them that whatever reason they buy Splunk for whatever workload or business outcome they're trying to achieve, we accelerate it. That's one of the biggest values, right? And then you look at who do they interact with in the field? Well, it's engineers from our awesome presales team from around the world that we've actually trained in Splunk. So we have now north of 25 folks that have Splunk SE certifications that are actually Dell EMC employees that are out working with Splunk customers to build platforms and achieve that value very, very quickly. And then them understanding that, "Oh, by the way, Dell EMC is also a user of Splunk, "a great customer of Splunk "and a number of interesting use cases "that we're actually replatforming now "and drinking our own Kool Aid so to say," that I think it just lends credibility to it. And that's a lot of the reason why we've made the investments in being part of this awesome show, but also in doing things like providing the applications. So we actually have four apps in Splunkbase that are available to monitor Dell EMC platforms using Splunk. So I think customers just get a wholistic experience that they've got a technology partner that wants to see them be successful deploying Splunk. >> I wonder if we could talk about stacks, because I've heard Chad Sack-edge talk about stack wars, tongue and cheek, but his point is that customers have to make bets. You've heard him talk about this. You've got the cloud stacks, whether it's Azure or AWS or Google. Obviously VMware has a prominent stack, maybe the most prominent stack. And there's still the open source, whether it's Hadoop or OpenStack. Should we be thinking about the Splunk stack? Is that emerging as a stack, or is it a combination of Splunk and these other? >> You know, we actually had that conversation today with some of the partner engineering team, and I don't know that I would today. I think Splunk continues to be, it's its own application in many cases. And I actually think that a lot of what Splunk is about is actually making sure that those stacks all work. So there was even announcements made today about a new app. So they have a new app for Pivotal Cloud Foundry, right? So if you think about stacks for application development, if you're going to hit push on a new application you're going to need to monitor it. Splunk is one of those things that persistent. The data is persistent. You want to keep large amounts of data for long periods of time so that you can build your models, understand what's really going on in the background, but then you need that real time reporting of, "Hey, if I hit push on a Cloud Foundry app "and all of a sudden I have an impact "to the service that's underlying it "because there's some microservice that gets broken, "if I don't have that monitoring platform "that can tell me that and correlate that event "and give me the guidance to not only alert against it "but actually go investigate it and act against it, "I'm in trouble." The stacks, I think many of them have their own monitoring capabilities, but I think Splunk has proven it that they are invested in being the monitoring and the data fabric that I think is wanting to help all the stacks be successful. So I don't necessarily put it in the stack. And I kind of don't put Hadoop in its own stack, either, because I think at the end of the day Hadoop needs a stack for deployment models. So you may see it go from a physical construct of being, a bit trying to be its own software that controls the underlying hardware, but I think you're seeing abstraction layers happen everywhere. They're containerizing Hadoop now. Virtualization of Hadoop is legit. Most of the big cloud providers talk about the decoupling of compute from storage in Hadoop for persistent and transient clusters. So I think the stacks will be interesting for application development, and applications like Splunk will be one of two things. They'll either consume one of those stacks for deployment or they'll be a standalone monitoring tool that makes us successful. >> So you don't see in the near term anyway Splunk becoming an application development platform the way that a lot of the-- >> Cory: They may have visions of it. That's not, yeah. >> They haven't laid that out there. It's something that we've been bounding around here. >> Yeah, I think it's interesting. Again, I think it goes back to .. Because the flexibility in what you can do with Splunk. I mean we've developed some of our own applications to help monitor Dell EMC storage platforms, and that's, it's interesting. But in terms of building what we'd I guess we'd consider like traditional seven factor app development, I don't know that it provides it. >> Yeah, well it's interesting because, I'm noodling here, Doug Merritt said, "Hey, we think we're going to be the next five billion, "10 billion, 20 billion dollar ecosystem slash company," and so you start to wonder, "Okay, how does that TAM grow to that point? That's one avenue that we considered. I want to talk about the anatomy of a transaction and how that's evolved. Colin, you mentioned Client Server, and you think about data rich applications going from sort of systems of record and the transactions associated with that. And while there were many going to Client Server and HTTP, and then now mobile apps really escalated that. And now with containers, with microservices, the amount of data and the complexity of transactions is greater and greater and greater. As a technologist, I wonder if you could sort of add some color to that. >> Yeah, I think as we kind of go down a path of application stacks are interesting, but at the end of the day we're still delivering a service, right? At the end of the day it's always about how do I deliver service, whether it's a business service, it's a mobile application, which is a service where I could get closer to my customer, I could transact business with them on a different model, I think all of it ... Because everything has gone digital, everything we do is digital, you're seeing more and more machines get created, there's more and more IP addressed devices out there on the planet that are creating data, and this machine generated data deluge that we're under right now it ain't slowing down, right? And so as we create these additional devices, somebody has got to make sense of this stuff. And if you listen to a lot of the analysts they talk about machine data is the most target rich in terms of business value, and it's their fastest growing. And it's now at a scale because we've now created so many devices that are creating their own logs, creating their own transactional data, right, there's just not that many tools that out of the box make it simple to collect the data, search the data, and derive value from it in the way that Splunk does. You can get to a lot of the things that Splunk can deliver from an outcome other ways with other platforms, but the simplicity and the ability to do it with a platform that out of the box does it and has a vibrant community of folks that will help you get there, it's a pretty big deal. So I think it's, you know, it's interesting. I don't know, like under the covers microservices are certainly interesting. They're still services. They're just smaller and packaged slightly differently and shared in a different way. >> And a lot more of them. >> Yeah, and scaled differently, right? And I totally get that, but at the end of the day we're still from a Splunk perspective and from a data perspective, we've still got to make sense of all of it. >> Right, well, I think the difference is just the amount of data. You talked about kind of new computing models, serverless sort of, stateless, IoT coming into play. It's just the data curve is reshaping. >> Well, it's not just the amount of data, it's the number of sources. The data is exploding, but also, as Cory mentioned, it's exploding because it's coming from so many places. Your refrigerator can generate data for you now, right? Every single ... Everything that generates Internet, anything doing anything now really has a microprocessor in it. I don't know if you guys saw my escape room at VMworld. There were 12 microprocessors running this escape room. So one of the things we played about doing was bring it here and trying to Splunk the escape room to actually see real time what the data was doing. And we weren't able to ship it back from Barcelona in time, but it would've been interesting to see, because you can see just the centers that are in that room real time and being able to correlate all that. And that's the value of Splunk is being able to pull that from those disparate sources altogether and give you those analytics. >> Yeah, it's funny you talk about an IoT use case. So we've got these... Our partner, who's a joint partner of both Dell EMC and Splunk, we actually have these Misfit devices that are activity trackers. And we're actually-- >> Misfit device? >> Misfit. Yeah, it's a brand. >> John: Love it. >> It's fitting, I think. But we have these devices that we gave away to a number of the attendees here, and we actually asked them if they're willing to participate. They can actually use the app on your phone to grab the data. And by simply going to a website they can allow us to pull the data from their device about their activity, about their sleep. And so we actually have in our booth and in Arrow's booth we're Splunking Conf and it's called How Happy is Conf? And so you can actually see Splunk running, and by the way, it's running in Arrow's lab. It's running on top of Dell EMC infrastructure designed for Splunk. You can actually see us Splunking how happy conf attendees are. And we're measuring happiness by their sleep. How much sleep-- >> John: Sleep quality and-- >> The exercise, the number of steps, right? So we have a little battle going between-- >> Is more sleep or less sleep happy? >> Are consumption behaviors also tracked on that? I just want to know. I'm curious. >> It's voluntary. You'd have to provide that. >> Alright, because that's another measure of happiness. >> It certainly is. But it's just a great use case where we talk about IoT and the number of sources of data that Splunk as a platform ... It's very, very simple to deploy that platform, have a web service that's able to pull that data from an API from a platform that's not ours, right, but bring that data into our environment, use Splunk to ingest and index that data, then actually create some interesting dashboards. It's a real world use case, right? Now, how much people really want to (mumbles) Splunk health devices we'll determine, but in the IoT context it's an absolute analog for what a lot of organizations are trying to do. >> Interesting, good stuff. Gentlemen, thanks for being with us. We appreciate that. Cory, it's probably not the real deal, but as close as I'm going to go. Good luck with your session. We appreciate the time to both of you, and you and your Misfit. Back with more here on theCUBE coming up in just a bit here in Washington D.C. (techno music)