(upbeat music) >> Hello, everyone. Welcome to theCUBE Studios here in Palo Alto. We're here for our next segment, The future of networking. And we're going to experience the future of networking through a demo of SD-WAN in action with Riverbed. I'm here with Josh Dobie, the Vice President of Product Marketing, and Vivek Ganti, Senior Technical Marketing Engineer. We're going to give a demo of SteelConnect in action. Guys, thanks for joining me on this segment. Let's get into it. What are we going to show here? Showing SD-WAN in action. This is experiencing the future of networking. >> Thanks, John. So what's exciting about this next wave of networking is just how much you can do with minimal effort in a short amount of time. So in this segment, we're actually going to show typical transformation of a company that's going from a traditional 100% on-premises world. Into something that's going to be going into the cloud. And so we're going to kind of basically go in time lapse fashion through those phases that a company will go to to bring the internet closer to their business. >> Okay, Vivek, you're going to show a demo. Set up the demo, what is the state? It's a real demo? Is it a canned demo? What's going on under the hood? Tell us through what's going to happen. >> It's an absolutely real demo. Everything you'll see in today's demo is going to be the real appliances. The links you'll see are going to be real. The traffic is going to be real. And it's going to be a fund demo. >> Well, the future networking and experiencing it is going to be exciting. Let's get through the demo. I'll just say as someone who's looking at all the complexity out there, people want to be agile, just so much complexity with IoT and AI, and all this network connections. People want simplicity. So you need to show simplicity and ease of use and value. I'm all interested. >> That's exactly it. Step one is we have to get out of the world of managing boxes. And we have to get into a software-defined world that's based on policy. So one of the first things that a company needs to do to start realizing these benefits of efficiency is to get away from the provisioning work that's involved in bringing up a new site. So that's the first thing that Vivek's going to show right now. >> John: Jump into it. Show us the demo. >> Vivek: Absolutely, so what you're looking at right now is the web console of SteelConnect Manager. This is Riverbed's SD-WAN solution. You're looking at a bunch of sites, a file company called Global Retail, which is spread all over the world. What I'm going to do now is bring up a new site, really zero touch provisioning, in Dallas, sitting here in Palo Alto. So let's get started. I'm going to jump right into Network Design and look at sites. I'll click here on Add Sites, and really just enter a few physical location details for my site in Dallas. And the moment I click here on Submit, not only is a pointer being created on the map for me, but there's a lot of automation and orchestration happening in the backend. What I mean by that is that there's a default uplink created for my Dallas site. And there's also a VLAN created for my site in Dallas. Of course, I can go and add more uplinks and VLANs for my site. But then a lot of this heavy lifting in terms of creating days is automatically done for me by SteelConnect. But right now it's just a pointer on the map, it's not a real site, we don't have an appliance. But that's the beauty of it, John. What SteelConnect let's me do is it gives me the flexibility and the freedom to deploy my entire site from ground up, my entire network from ground up, before I deploy the first piece of hardware. The way I'm able to do that is with this concept called shadow appliance, which is really a cardboard cutout of what will be once I have the hardware appliance. So I'm going to click here on Add Appliances. I'm going to say Create Shadow Appliance-- >> So shadow appliance, the customer knows the appliance. It might have the serial number. >> Yeah. >> But it's not connected, it's not even there yet. >> No, it's not even there yet. >> They're doing all the heavy lifting preparing for the drop in. >> Yeah, think of it as just designing it or drawing it on a white paper, except you get to see what your network's going to look like before you deploy anything. So I'm going to drop, let's say, and SDI-130 gateway, add my site in Dallas, which I just created. And click here on Submit. And that's the beauty of this, that now with this Shadow Appliance, I can click on this and really configure everything right down to the very port level. And once I do have the hardware, which I ship to someone and have someone plug it in. >> So now you configure, now the appliance could ship there. It could be anybody, it could be a non-employee, just says instruction, plug it in, and put this ethernet cable in. >> I'm sitting here in Palo Alto, I'm entering my appliance serial number. Click here on Submit. And now that the appliance is connected to the internet, it knows to contact Core Services in the cloud, download its configuration, it knows what organization it belongs to. And it comes online in a matter of seconds, really. You'll see that it's already online as I was talking to you. >> John: Let's just look at that, hold on, Dallas right there. >> Vivek: Yeah. >> John: Online, okay. >> Vivek: And when it says Pending, it means that it's actually downloading its current configuration. It's going to be up-to-date in less than a minute. And once it does that, when I look at the dashboard, this check mark will be green and it's going to start forming all its Ipsec VPN tunnels. >> It just turned green. >> Vivek: There you go. It's going to now start forming all those IPsec VPN tunnels to all my other existing sites automatically for me so that I don't have to do any of the heavy lifting. >> John: So does the self-discovery of the network, it just went red there real quick. >> Josh: That's okay, this is where it's going to start creating the VPN tunnels. >> Vivek: Right, it's basically associating all those, it's negotiating all the security associations with all my other appliances. >> So no one's involved? No humans involved. This is the machine, get plugged in, downloads the code. Then goes out and says where do I got to connect to my other networks? >> Yeah, the power of this is what you're not doing. So you could do all this by hand. And this is the way that legacy networks are configured, if you're still in a hardware-based approach. You have to go in and really think hard about the IP addresses, the subnets for each individual box, if you're going to create that full mesh connectivity, you're going to have to do that at an exponential level every time you deploy a new piece of hardware. So with this approach, with the design first, you don't have to do any staging. And when you deploy, the connectivity's going to happen for you automatically. >> John: Let's take a look at the sites, see if it turned green. >> Vivek: It's right now, if I click on it, you'll see that my appliance is online. But right now all the lines are red because it's still in the process of creating those IPsec VPN tunnels. But you'll see that in the next couple of minutes or so, all these lights will turn green. And what that means is now I have a single unified fabric of my entire network. But while we're waiting on that, let's actually move ahead and do something even cooler. Let's say our company called Global Retail wants to transition some of its applications to the cloud, because as we know, John, a lot of companies want to do that. For a few pennies on the dollar, you can make a lot of things somebody else's problem. So we've worked really hard with AWS and Microsoft to make that integration really work well. What I mean by that is when I click here on Network Design and EWS, I have a cross account access going between my SteelConnect Manager and AWS Marketplace so that I don't ever have to log back in to the AWS Marketplace again. Once I do that, I can see all of my VPCs across all of my regions, so that with a single click, and that's what I'm going to do here, I'm going to say connect to all my subnets in Frankfurt. I can choose to deploy a gateway instance of my choice in the Frankfurt site. So what I'm going to do now-- >> John: So you're essentially is telling Frankfurt, connect to my Amazon. And I'm going to set up some cloud stuff for you to work with. >> Vivek: So you already have your VPC infrastructure, or your VNET infrastructure in AWS or Azure. What I'm doing is I'm providing optimized automated connectivity for you. So I can choose to-- >> John: All with just one click of the button. >> Vivek: All with one click of a button. So you see that I can choose an EC2 and it's my choice. For the gateway I'm going to leave it to t2 medium. And then SteelHead, because WAN optimization, because the moment we start migrating huge datasets to the cloud in Frankfurt or say Ireland in Azure, latency becomes a real issue. So we want to be sure that we're also optimizing the traffic end-to-end. I'm going to leave redundancy to On so that there's high availability. And I'll leave AWS Routing to Auto. And I'll talk about that in just a bit. So when I click here on Submit, what's happening is SteelConnect is logging into my AWS account. It's looking at all my VPCs, it knows what subnets it has to connect to. It's going to plop a gateway appliance as well as a WAN optimization appliance, do all the plumbing between those appliances, and make sure that all the traffic is routed through the SteelHeads for WAN optimization. And it creates all the styles for me automatically. And the beauty of this solution, again, is that not only does it provide automated connectivity for me between say different regions of AWS, but also between AWS and Azure. We have suddenly become the cloud brokers of the world. We can provide automated optimized connectivity between AWS and Azure. So let me show that to you also. >> John: Yeah, show me the Azure integration. >> Vivek: So I'm going to search for maybe subnets in Europe, Ireland, I'm going to connect to that. The workflow is exactly the same. Once I do Connect, it gives me the option to deploy an instance of my gateway and my SteelHead. So I'm going to select that and then click on Submit. So now when I go back to my dashboard. You'll see that, oh, by the way, my Dallas site is now online and when I click on it, you'll see that all my tunnels have also come online. >> John: Beautiful. And Frankfurt and Ireland are up and running, 'cause you have the Amazon and Azure piece there. >> Vivek: It does take about four or seven minutes for those appliances to come online. They download their latest firmware, but that's not-- >> John: Minutes aren't hours, and that's not days. >> Vivek: Exactly, not hours, not days, not weeks. >> Right, I mean, a key use case here, when you think about cloud connectivity today, it's still rather tedious to connect your on-premise location into these cloud-based virtual environments. And so what network operators do is they do that in as few locations as possibly, typically in a data center. And what that means is now you're limited, because all the traffic that you need to go into those environments has to get back-called into your data center before going there. So, now, because this is automated, and it's all part of that same secure VPN, if you have some developers that are working on an app and they're using infrastructure as a service as part of their work, they can do that from whichever remote office they're sitting at, or their home office, or at a coffee shop. And there's no need to create that additional latency by back-calling them to the data center before going to the cloud. >> So all that stuff gets done automatically on the networking side with you guys. >> Exactly, exactly. So step one is really creating this easy button to have connectivity, both on-premises and in the cloud. >> Connectivity with all those benefits of the tunneling, and stuff that's either preexisting, or has been set up by (drowned by Josh). >> Exactly. Secure VPN, full mesh connectivity, across all the places where you're doing business or you need assets to run the cloud. Then the second phase is, okay, how do you want to dictate which applications are running over which circuits in this environment. And this is where, again, with a legacy approach, it's been really tedious to define which applications should be steered across one link, if you can identify those applications at all. So what Vivek's going to show next is the power of policy, and how you can make it easy to do some things that are very common, steering video, steering voice, and dealing with SaaS applications in the cloud. So you want to give 'em (mumbles) that? >> Vivek: Absolutely. So let's go to Rules and let's create a new traffic rule, say, I want to make sure that across all my sites for my organization, I want video, which is a bandwidth intensive application, as we all know. Doesn't really choke up my MPLS link, which is my most precious link across all my sites. I should be able to configure that with as much ease, as I just said it. So let's do that. We can do that with software defining intelligence of SteelConnect. I can apply that rule to all my sites, all my users, and I'm going to select applicationS where I search for video. There's already a pre-configured application group. For video, I'm going to select Online Collaboration and Video. And under Path Preference, I'm going to say that for this application, don't use my MPLS as my primary, >> John: And the reason for that is to split traffic between the value of the links cost or importance. >> Vivek: Exactly. Load balancing is really important. So I'm just going to save that is my primary-- >> John: Applying people that are watching YouTube videos or-- = (laughs) Yeah. Exactly, exactly. >> Video is one of the biggest hogs of balance. It's basically creating an insatiable demand. So you definitely need to look for your best option in terms of capacity. And with the internet broadband, maybe you're going to sacrifice a little bit on quality, but video deals with that pretty well. But it's just hard to configure that at each and every single box where you're trying to do that. >> Vivek: Yeah. As opposed to configuring that on each and every individual box, or individual site I'm creating that's globally applying rule to all my sites. And I'm going to select MPLS as a secondary. I'm going to set a path quality profile, which means that if there's some severe degradation in my internet link, go ahead and use my MPLS link. So I'm going to say latency sensitive metrics. And I'm going to apply a DSCP type of high. Click here on Subnet. And the moment I turn this rule on, it automatically updates all of the IPs, all of the uplinks, all of the routes across my entire organization. >> John: So you're paying the quality of service, concepts, to all dimensions of apps. >> Absolutely, whether it's from video-- >> Video, Snapchat, live streaming to downloading, uploading. >> Vivek: Yeah, and I can create the same kind of rule, even for voice where maybe I have my MPLS, since that's my primary and most precious link available for all my sites. Have as a primary in my secondary as my route VPN, which is my-- >> John: If you're a call center, you want to have, probably go with the best links, right? >> Vivek: Exactly, and assign it to DSCP type of urgent so that that traffic is set at the expense of all my other traffic. >> John: Awesome. That's great suff. Policy is great for cloud, what about security? Take us through a demo of security. >> So that's a really good question. I mean, as soon as you're starting to use internet broadband connectivity in these remote locations. One of the first things you think about is security. With the secure VPN connectivity, you're assuring that that traffics encrypted, end to end, if it's going from branch to data center, even branch into cloud. And that was really step one that Vivek showed earlier. Step two is when you realize, you know what? There's certain applications that are living in the cloud, things like Office 365, or Salesforce.com that truly are a trusted extension of our business. So let's turn that spigot up a little bit and let's steer those applications that we trust direct from branch to the internet. And by doing that, we can avoid, again, that back-call into the data center. And with an application-defined approach, this becomes really easy. >> Vivek: Yeah, and I can do that with a very simple rule here, too. I'm going to apply that rule to all my sites. I'm going to say for application, let's say, trusted SaaS apps, like Salesforce, Dropbox and Box. I'm going to select a group called Trusted SaaS apps. And now under Path Preference I'm going to say for these applications, I know that I've said on organization default, that for all my traffic, go over my MPLS link, and break out the internet that way, but for some applications that I've defined as trusted SaaS apps, break out to the internet directly. >> John: Those are apps that they basically say are part of our business operations, Salesforce, WorkDay, whatever they might be. >> Vivek: Absolutely. So you're opening that spigot just a little bit, as Josh was talking about. And I can choose to apply a path quality profile so that there's a dynamic path quality based path selection, and apply, of course, priority. I'm going to leave it to high and Submit. And the powerful thing about this is even though I've applied this to all my sites, I can choose to apply this to individual sites, or maybe individual VLAN in a site, or an individual user group, or even a single user for follow the user policies. And that's the entire essence of the software-defined intelligence of SteelConnect. The ease with which we can deploy these rules across our entire organization or go as granular to a single user is a very powerful concept. >> Josh: One of the things, too, John, in terms of security, which you were asking about earlier is that not only is a policy-base approach helping you be efficient, how you configure this, but it's also helping you be efficient in how you audit, that your security policies are in place. Because if you were doing this on a box-by-box basis, if you really truly wanted to do an audit with a security team, you're going to have to look at every single box, make sure there's no typo whatsoever in any of those commands. But, here, we've just made a policy within the company that there are certain applications that are trusted. We have one policy, we see that it's on, and we know that our default is to back-call everything else. And so that becomes the extent of the audit. The other thing that's interesting is that by just turning off this policy, that becomes your rollback. The other thing that's really hard about configuring boxes with lots of commands is that it's almost sometimes impossible to roll things back. So here you have a really easy button on a policy-by-policy basis to rollback if you need to. >> John: And just go clean sheet. But this path-based steering is an interesting concept. You go global across all devices. He has a rollback and go in individually to devices as well. >> Josh: That's right, that's right. Now this next click of bringing that internet closer to you is where you say, "You know what? "In addition to trusted SaaS applications, "let's go ahead and half even recreational "internet traffic, go straight from the branch out to the internet at large. >> John: Love that term recreational internet. (Josh laughs) I's just like the playground, go play out there in the wild. (all laughing) There's bad guys out there. But that's what you mean, there's traffic that's essentially, you're basically saying this is classified as assume the worst, hope for the best. >> Right, exactly, and that's where you do have to protect yourself from a network security standpoint. So that next step is to say, okay, well, instead of back-calling all of that recreational dangerous internet traffic, what if we could put some more powerful IDS/IPS capabilities out there at the edge. And you can do that by deploying traditional firewall, more hardware at those edge devices. But there's also cloud-based approaches to security today. So what Vivek is going to show next is some of the power of automation and policy that we've integrated with one cloud security broker named named Zscaler. >> Vivek: Zcaler, yes. >> John: Jump into it. >> Vivek: Our engineers have been working very closely with engineers from Zscaler. And really the end result is this. Where we do a lot of the heavy lifting in terms of connecting to the Zscaler cloud. What I mean by that is what you're looking at on the SteelConnect interface, going back to that entire concept of a single pane of glass is that you can see all your Zscaler nodes from SteelConnect right here. And on a side-by-side basis, we will automatically select for you what Zscaler nodes are the closest to you based on minimum latency. And we select a primary and a secondary. We also give you the option of manually selecting that. But, by default, we'll select that for you. So that any traffic that you want to break out to the internet will go to the Zscaler cloud like it's a WAN cloud by itself. So I can go to my organization and networking default and say that, hey, you know what? For all my traffic break out, by default, to the Zscaler crowd as the primary, so that it's all additionally inspected over there for all those IDS and IPS capabilities that Josh was talking about. And then break out to the internet from there. And that's, again, a very powerful concept. And just to remind you, though, the traffic patrol that we just created for trusted SaaS apps will still bypass the Zscaler cloud, because we've asked those applications to go directly out the internet. >> John: Because of the path information. But Zscaler about how that works, because you mentioned it's a cloud. >> Vivek: Yes. >> John: Is it truly a cloud? Is it always on? Whats' the relationships? >> I mean, this is what's interesting. And the cloud is basically a collection of data centers that are all connected together. And so some of the complexity and effort involved in integrating a cloud-based security solution like Zscaler is still often very manual. So without this type of integration, this collaboration we've done with them, you would still have to go into each box and basically manually select and choose which data center of Zscaler's should we be directing to. And if they add a new data center that's closer, you would have to go and reconfigure it. So there's a lot of automation here where the system is just checking what's my best access into Zscaler's cloud, over and over again. And making sure that traffic is going to be routed (drowned by John). >> And so Zscaler's always on, has like always on security model. >> Active, backup, exactly, there's many of those locations (drowned by John) as well >> All right, so visibility now as the internet connections are key to the zero-touch provisioning you guys demoed earlier. IoT is coming around the corner and it's bringing new devices to the network. That's more network connections. So we're usually there, who was that person out there? Who was that device? A lot of unknown autonomous... So how do I use the visibility of all this data? >> Yeah, visibility's important to every organization. And once we start talking about autonomous networks, it becomes even more important for us to dive deeper and make sure that our networks are performing the way we want them to perform. It goes back to that entire concept of trust but verified. So I'm creating all these policy rules, but how do I know that it's actually working? So if you look at my interface now. Actually, let's pause for a second and just enjoy what we've done so far. (John and Josh laugh) You'll see that my-- >> A lot of green. >> Vivek: A lot of green and a lot of green lines. So this is my site in AWS, which I just brought up and this is my site in Ireland. So if I click on the tunnel between-- >> John: Are those the only two cloud sites or the rest on-premise? >> Vivek: The rest are all on-premise, exactly. So if I want to, say, click on the tunnel over here between my Azure site and my AWS site, which I just brought up. It gives me some basic visibility parameters like what's my outbound and inbound true port, what's my latency jitter and packet laws? We don't see any real values here because we're not sending any data right now. >> John: Well, if you would, you would see full connection points. You can make decisions, or like workloads to be there. So as you look at connection to cloud-- >> Vivek: It's all real-time data, but if you want to dive in deeper, we can look at what we call SteelCentral Insights for SteelConnect. So you can look at-- >> Whoa, you're going too fast. Back up for a second. This is an insights dashboard powered by what data? >> Vivek: Powered By the data that is being pulled from all of those gateways. >> Those green, all those points. >> Vivek: All those green points. >> John: So this is where the visualizaiton of the data gives the user some information to act on, understand, make course corrections, understanding success. >> Exactly. >> John: Okay, now take us through this again, please. >> Vivek: So you can look at what your top uplinks. Also I'm looking at my site in New York City, so I can look at what my top uplinks are, what my top applications are, who are my top users. Who's using BitTorrent? I can see here that Nancy Clark is using BitTorrent, so I might have to go ahead and create a rule to block that. >> Talking about what movies she's got. >> Or have a chat with her. Yeah. >> What kind of movies she just downloaded, music. So you can actually look at the application type. So you mentioned BitTorrent. So same with the video, even though you're passed steering, you still see everything for this? >> Vivek: Absolutely. >> Exactly, I mean, this is application-defined networking in action, where the new primitives that network administrators and architects are now able to use are things like application, user, location, performance SLA, like the priority of that application, any security constraint. And that's very much aligned to the natural language of business. When the business is talking about which users are really important for which applications that they're sending, to which locations. I mean, now you have a pane of glass, that you can interact with that is basically aligned to that. And that's some of the power there. >> John: All right, so what are you showing here now? Back to the demo. >> Vivek: Back to the demo. The next part of the demo is actually a bonus segment. We're going to talk about integration with Xirrus Wifi. We recently announced that we are working with Xirrus. We bought them. And we're really excited to show how these two products, Xirrus Access Point, Xirrus Wifi and SteelConnect can work hand in glove with each other, because this goes back to the entire concept of not just SD-WAN, but SD-LAN for an end-to-end software-defined network. So what I want to show you next is really hot off the pressess-- >> John: And this is new tech you're showing? New technology? >> Vivek: Yes. >> Josh: So when SteelConnect was launched last year, there are wifi capabilities in the gateways that Vivek showed during the zero touch provisioning part. Xirrus is well regarded as having some of the most dense capabilities for access hundreds-- >> John: Like stadiums, well, we all know that, we all live that nightmare. I've got all these bars on wifi but no connectivity. >> Exactly, so stadiums, conventions. When you think about the world of IoT that's coming, and just how many devices are going to be vying for that local area wifi bandwidth. You need to have an architecture like Xirrus that has multiple radios that can service all those things. And so what we've been doing is taking the steps as quickly as possible to bring the Xirrus Wifi in addition with the wifi that SteelConnect already had into the same policy framework. 'Cause you don't want to manage those things necessarily going forward as different and distinct entities. >> So SteelConnect has the wifi, let's see the demo. >> Exactly. So I'm now moving to a different overview where we have about four or five sites. And I'm going to go ahead and add an appliance. And I'm going to add the Xirrus access point, and deploy it in my site at Chicago. So I just click here on Submit and you'll see that the access point will come online in less than a minute. And once it does come online, I can actually start controlling the Xirrus access point, not just from the XMS cloud, which is the Xirrus dashboard, but also from SteelConnect Manager. Going back to that concept of single pane of glass. So-- >> John: We have another example of zero-touch provisioning. Scan the device, someone just plugs it in and installs it. Doesn't have to be an expert, could be the UPS guy. Could be anybody. >> Vivek: Anybody. Just connect it to the right port, and you're done. And that's what it is here, so you'll see that this appliance in Chicago, which is a Xirrus Access Point, is online. And now I can go ahead and play with it. I can choose to deploy an SSID and broadcast it at my site in Chicago. You see that I'm already broadcasting Riverbed-2. And when I go to my XMS dashboard, I can see that one access point is actually op. This is the same access point that we just deployed in the Chicago site. And that profile called Chicago is already configured. So when I click on it, I can see that my SSID is also displaying over here. And I can do so much more with this interface. >> John: It really brings network management into the operational realm of networking. Future experience of networking is not making it as a separate function, but making it integral part of deploying, provisioning, configuring. >> Exactly, and the policies to automate how it's all used. So if we just take a step back. What we literally did in just a few minutes, we deployed a new location in Dallas without anybody needing to be there other than to plug in the box. We extended the connectivity from on-premises, not only into one cloud, but two clouds, AWS and Azure. We started leveraging public internet in these remote sites to offload our MPLS for video. We steered SaaS applications that were trusted out there directly to the internet. And then we pulled in a third-party capability of Zscaler to do additional security scrubbing in these remote locations. That applies to every single site that's in this environment. And we literally did it while we were talking about the value and the use cases. >> Great demo, great SD-WAN in action. Josh, Vivek, thanks for taking the time to give the demo. Experiencing the future of networking in real time, thanks for the demo, great stuff. >> Thanks, John. >> This is theCube watching special SD-WAN in action with Riverbed. Thanks for watching, I'm John Furrier. (electronic music)

(energetic electronic music) >> Hello and welcome to a special CUBE presentation of the future of networking with Riverbed. I'm John Furrier, host of the CUBE. We're here with Paul O'Farrell, Senior Vice President and General Manager of SteelHead, Steelhead Connect. SD-WAN in action. Well, good to have you on The CUBE. Thanks for joining us. >> Great to be here. >> So, future of networking. This is something that we talk a lot about in our conversations, because the cloud's exploding, cloud business model. On-premise, true, private cloud. Hybrid, connecting to public clouds, is changing the game for app developers and large enterprises and how they do business. But it always comes back down to networking, 'cause everyone wants to know what's going on with networking. What is the future of networking? What's your perspective? >> Yeah, well John, as you said, everything's going to the cloud. But if you're a large multinational organization, you can't just click your finger and move your entire infrastructure to the cloud. But for the workloads that you do manage to move to AWS or Google Cloud or Azure, the good thing is that your IT organization is able to get out of the low-value-added activity of managing boxes and get into more strategic higher-impact activities and projects. So, if you think about moving a workload to the cloud, all of a sudden your organization is out of the business of managing boxes, managing servers, storage, and backup. But the challenge is that networking and the infrastructure required to connect all of that is still stuck in the past. And much of the way you manage a network really hasn't changed that much since the, certainly in enterprise networks, since the mid-90's when routers first really became popular. >> Give an example of why it's so hard, because I mean everyone wants networking to be faster. You have still move packets around the network. I mean boxes are changing. We know that the surveys are all pointing to non-differentiated labor being automated away. And that's clearly from the research. It's not a question of when, it's a question of when will, I mean not a question of how, when it's going to happen. So that puts pressure on the companies. When do they move from the manual networking to more automation? So give an example of some of the use cases. >> Yeah, so for a long time, as I said, the way you manage a network hasn't really changed. And in the last couple of years, we've seen the growth of a new market segment, or a new market, called software-defined WAN. So, taking some of the concepts of software-defined networking that had been trapped in the data center and then bringing those out onto the wide area network. And one of the big drivers was around the idea of, since there's so much more traffic going to the Internet, going to the cloud, I need a simpler way of managing that traffic. And I'd like to do it at a software level. I'd like to manage it based on policies and simple configurations that I could apply centrally as opposed to going down to the level of IP addresses and port numbers, as you have to in the sort of more traditional approach. So I think a lot of the initial impetus for people to look at new ways and new approaches to networking has been around this concept of direct-to-net, the desire to use more Internet transport, lower-cost Internet transport in the network. And that's sort of where it starts. And after that, you get to, what we at Riverbed believe is a bigger transformation of networking, which sort of begins with SD-WAN, but probably ultimately is more about really cloud networking. >> Some will say, and I'll get your reaction to this, that networking is outdated. Your thoughts? Is it outdated? Is it just moving too slow? Is it advanced? What are some of the, where's the progress bar on this conversation that's been kicking around the industry around networking needs to get updated and modernized? And is it outdated? What's your thoughts? >> Yeah, so as you said, at some level, you're always going to need networking, right? You've got to move packets around the network. You've got to connect applications with people and resources across the network. And it's particularly true in enterprises. But where I think the network has become stuck somewhat in terms of its evolution is that the traditional approach to configuring and managing devices, pre-staging routers and then shipping to a location where you have to do some more configuration on them, that piece of it I think has not evolved enough. But we're at a point now where a lot of the simplicity, the policy-based approach that you see in other parts of cloud infrastructure can now be applied to networking, that you can abstract away some of the complexity of the underlying network and then present that to an admin in a very simple fashion that looks very similar in terms of the experience to what happens when you deploy an application in the cloud, in AWS or Amazon. If you think about it, you can spin up an application and get it up and running in a matter of hours, if not minutes. You can deploy applications all over the world. Now, if you had asked somebody to do that 10 years ago, they would have looked at you like you're crazy. I want an application running in Frankfurt. And I want an application running in Seattle. And I want you to have it done by this afternoon, and by the way. Where it all falls down though is when I ask you to connect every root in my organization to those applications and have it done in a matter of hours or minutes. That's where it gets really hard using the traditional approaches. >> And, by the way, just to put in a point of clarification. I remember back when I was living in the 90's, 'cause what you described sounds like the 90's, that's a six-week project. Not like hours. That's like weeks. I got to make sure that the routers, we've got to configure the tables. All these manual efforts. But you're hitting on one of the things that is the future that people talk about, is really balancing the agility of doing something really fast, that's what the cloud is bringing to the table, with managing complexity. So that's one thread. So I want to talk about that. But also can I talk about the elephant in the room, which is, is my job going to go away? 'Cause, you know, a lot of those guys that are doing this command line interface stuff have built a job around their knowledge around configuring, which is not an agile. So they've got to be agile. So they're potentially at risk. So, future career. But the mandate of managing the complexity with agility. >> Yeah, so the industry obviously evolves over time. And, as you look at, again, go back to different parts of the infrastructure stack or the IT environment, you could have said just exactly the same, made exactly the same argument to me about servers and storage and backup administrators. Now, to my knowledge, those people haven't gone away. The total number of people working in the IT industry has not shrunk. If anything, it's grown significantly. So I think it's much more about freeing people from some of these laborious tasks that really don't add a lot of value and then redirecting those people to delivering on higher-impact initiatives. You know, a lot of talk in the industry these days, no matter actually what vertical you're in, about digital strategies, about transforming your business, and really what you want is to take your IT resources and your IT personnel and have them work on those projects and not have them-- >> John: The high-yield projects. >> Exactly. And to the extent possible, to automate a lot of the workflows and the way you manage day-to-day administration of the network, whether it's in the design phase, the deployment phase, or the management phase, of your network infrastructure, make that simpler and more intuitive and ultimately more like a consumer application, the types of workflows we're used to when we use web-based applications. Or perhaps, more reasonably, make it more like how you manage an application in AWS or Google Cloud or Azure. >> So your point about the server guys, the storage guys, their jobs never went away. First of all, there's more data coming than ever before, so they're always going to have a good job. So you're saying that is also applied to networking. >> Paul: Mm-hmm. >> It's still super important. >> Paul: Absolutely. >> And there's going to be more network, certainly with IOT on the horizon. You're going to have more connection points than ever before. So you're saying that tasks may go away, but the job will shift to other things, whether it's up the stack or other function that's related to adding value. >> Absolutely. So, the individual components that are deployed in the network that make the traffic, that allow the traffic to flow, that allow you to get the packets around the network, allow you to connect different parts of your enterprise, none of that goes away. But it just maybe takes a different form. And you mentioned IOT, for example. I mean that's a big question and a big challenge for a lot of organizations. How do you manage a network environment where you have more and more devices coming on the network? And instead of having, 10's, 100's of clients on a wireless network, for example, you could have 100's or 1,000's in a facility. And that's the type of new networking challenges that would be interesting to address as opposed to doing things that are, by their nature, manual and arguably can be done with a lot more automation. >> So I'm going to make a statement. And I want you to either agree or disagree or add some color to it. The future of networking is about automation, embracing automation to add value. And just as a point of validation, IOT, whatever trend that's happening right now that people get excited about, are all probably about machine learning. And everyone's saying that AI is going to solve the problem, which is simply just saying, technology's going to help with the automation. That's kind of my take on it. Your thoughts on that? Because that essentially is the validation. So the future of networking is, get used to automation. It's coming down the road pretty fast. >> So I think the first step towards taking some of that machine learning know-how and AI and applying it to networking is to automate networking. Make it easier. Make it policy-based. Don't make it about CLI commands. Make it about more manual configuration about scripting. The next step will be to apply machine learning and be able to have self-healing networks, being able to have networks which are aware of the types of-- >> Self-healing networks? Self-healing networks for having self-healing cars. Self-driving everything. I mean this is essentially the automation of what we're seeing. >> Sure, but let's start, let's not run before we can walk. Let's start with application-aware networks. How about that as an idea? Where at least the network doesn't think it's just passing packets, but actually knows what application it's using and is applying policies in an automatic fashion, whether it's to choose the optimal path for traffic or whether it's to apply security policies based on who the user is and what they're trying to do. So you should be able to do all that. And that is something that we built in our new product. >> Okay, so I would say that in hearing you, complexity is addressed by automation and software. >> Paul: Mm-hmm. >> The agility is really the application awareness of that. >> Yeah, I think that's a reasonable characterization of how to think about the future of networking, sure. >> Okay, so I want to get your thoughts on SD-WAN. We're hearing about that. With the cloud, and whether you're running true private cloud and hybrid and public, it's all an operating model. It's all a new way to think about provisioning networks and managing it. Isn't everything a WAN now? I mean, if you almost conceptually as a mind exercise say, the notion of local area networks and wide area networks are kind of, with the whole cloud thing, with the perimeter being decimated, and APIs flying around and microservices. I mean isn't everything a WAN now? >> Sure, I mean the whole concept of the WAN feels a little dated right now. I mean, if you think about it, if your kids are on the web or using their favorite social networking, and for some reason they can't get on the Internet, they rarely come down to you and say, "Hey Dad, the WAN's broken." So I mean clearly, people who live in the enterprise world still think in terms of wide area networks. But more and more, you're right. If you think about it, all of the different users who are coming on your network, whether employees or whether they're customers or partners, they're coming on using WiFi. There's a blurring of the line between the Internet, between the private enterprise network, traditionally referred to as the WAN, and the LAN. All of that is merging. And a lot of the technologies that Riverbed has been developing are really around this concept of SD-WAN, not just SD-WAN, but SD-LAN as well, and the ability to provide a single connectivity fabric across LAN, WAN, Cloud, and to the extent you still have data centers, most large enterprises will have those, data center as well. >> Great. And so competition. Let's talk about competition. You mentioned the CLI. Cisco's a market leader in all this. Your position vis-a-vis Cisco and how you look at the competition? >> Yeah, so Riverbed as a company has competed in various ways with large networking companies like Cisco for many, many years, since we started as a company. It is interesting that Cisco is trying to reposition itself, sees a need to change the way it delivers solutions for enterprise networking. It started by developing some of those capabilities within the organization and then more recently has made an acquisition of a startup, which we think is interesting, because it really validates the market now for SD-WAN. And we welcome it many ways, 'cause we think it's really the beginning of a shakeout and a maturing of the whole space. We think we're going to see that. >> You can't talk about the future of networking without talking about WiFi, because everyone who goes to a sporting event or concert, they lose their LTE, they go to the WiFi. And connectivity is like the lifeblood. You guys recently had an acquisition. What's the future like with you guys and WiFi? >> Yeah, we recently acquired a company called Xirrus, which was a company that had set out to build the fastest, most scalable, most, and this is really the key point, densest WiFi in the world in a very secure manner as well. And it was started by some of the pioneers of the WiFi industry, people who were in WiFI before it was even called WiFi. And so we thought they had an extraordinarily interesting technology. And what was particularly exciting about it is that they had also developed a cloud management approach to managing WiFi. As you said, WiFi is, on one hand you could think that WiFi is kind of a solved problem. It's been around for quite a while. But it's also become incredibly critical to not just enterprise networks, but to everyday life. We sometimes say that WiFi has become the inalienable right of every global citizen, good WiFi. If you think about the last time you checked in a hotel, what's probably the first thing you'd do is see if you can get on the WiFi. And if you have a bad WiFi experience, it doesn't matter how soft the Egyptian cotton on the sheets, on the bed is, >> John: It's plumbing. >> or how delicious the chocolate is on the pillow. >> People complain most about WiFi. >> Exactly. So if you think about it, some of our biggest customers now that we've entered the WiFi, and particularly the cloud-managed WiFi, business, our education, K through 12 and universities, on many university campuses, the users can have six, eight, 10 devices per person. Now, in the typical enterprise, maybe you don't have quite that many. But we're certainly all heading in that direction. And then you combine that with IOT and how people would like to put a lot of sensors and other devices on the network, then you're getting to a point where you really need incredibly dense WiFi. >> I mean IOT is about power and connectivity. WiFi gives great connectivity. Future of networking. Just summarize as we wrap this segment up for the folks watching who are practitioners in their jobs every day, trying to figure out the future, what's the bottom line of the future of networking? If you can give that statement and an example of how you guys are working with other practitioners. >> Sure. Well, first of all, I think the transformation that's occurring in the broader IT industry with the rise of the cloud and cloud networking and cloud computing is really extending now to the networking industry. A lot of the simplicity, the workflows, the automation and policy-based approaches is now extending to the space that network administrators have traditionally lived in. And I think that's really an opportunity for practitioners, as you call them, to really start using a set of more interesting and more capable tools that then will allow them to free themselves up from some of the lower-value-added activities to doing some really interesting things in the organization and to be an enabler of some of these new digital strategies and cloud strategies that their organizations are trying to execute. >> An example of companies you've worked with that might be a case study that you can share real quick? >> Well, what we're seeing is an awful lot of retailers, for example. So it's interesting. You see all the pressure that traditional retailers are experiencing from online e-commerce retailers. And what we're seeing is that more and more, they are using in-store WiFi. They're looking to put a lot more band-width into the stores to give customers in the store an incredibly compelling online experience while they're shopping. For two purposes. One is because they want to engage that customer while they're in the store. And also because they may want to do analytics and understand their behavior while they're in a store. But they want to do that at the same time as ensuring that some of their business-critical applications are up and running. So if you think about SD-WAN or cloud networking, it really provides the ability for us to do that, augment the WAN, deliver more band-width, lower cost band-width, into the store, but also give an incredibly compelling experience and have it all managed centrally with a simple policy-based approach. >> All right, the future of networking here at the CUBE Studio. Paul O'Farrell, Senior Vice President, General Manager at Riverbed. I'm John Furrier with the Cube. Thanks for watching.

(bright music) >> Hello, everyone. Welcome to theCUBE Studio here in Palo Alto. We're here for our next segment, The Future of Networking. We're going to experience the future of networking through a demo of SD-WAN in action with Riverbed. I'm here with Josh Dobies, the vice president of product marketing, and Vivek Ganti, senior technical marketing engineer. We're going to give a demo of SteelConnect in action. Guys, thanks for joining me on this segment. Let's get into what are we going to show here, showing SD-WAN in action. This is experiencing the future of networking. >> Thanks, John. So what's exciting about this next wave of networking is just how much you can do with minimal effort in a short amount of time. So in this segment, we're actually going to show a typical transformation of a company that's going from a traditional, 100% on-premises world into something that's going to be going into the cloud. And so we're going to kind of basically go in timelapse fashion through those phases that a company will go through to bring the internet closer to their business. >> Great, Vivek, you're going to show a demo, set up the demo, what is the state? It's a real demo, is it a canned demo, what's going on under the hood? Tell us through what's going to happen. >> It's an absolutely real demo. Everything you'll see in today's demo is going to be real, the real appliances, the links you'll see are going to be real. The traffic is going to be real. And it's going to be a fun demo. >> Well the future of networking, and experiencing it is going to be exciting. Let's get through in the demo. I'll just say, as someone who's looking at all the complexity out there, people want to be agile. There's so much complexity with IoT and AI and all this network connections, people want simplicity. >> Right. >> So you can show simplicity and ease of use and value, I'm all interested. >> That's exactly it. Step one is we have to get out of the world of managing boxes. And we have to get into a software-defined world that's based on policies. So one of the first things that a company needs to do to start realizing these benefits of efficiency is to get away from the provisioning work that's involved in bringing up a new site. So that's the first thing that Vivek's going to show right now. >> John: Vivek, jump into it, show us the demo. >> Absolutely, so what you're looking at right now is the web console of SteelConnect manager. This Riverbed's SD-WAN solution. You're looking at a bunch of sites for a company called Global Retail, which is spread all over the world. What I'm going to do now is bring up a new site, really zero touch provisioning in Dallas, sitting here in Palo Alto. So let's get started. I'm going to jump right into network design and look at sites. I'll click here on add sites and really just enter a few physical location details for my site in Dallas. And the moment I click here on submit, not only is a pointer being created on the map for me, but there's a lot of automation and orchestration happening in the backend. What I mean by that is that there's a default uplink created for my Dallas site, and there's also a VLAN created for my site in Dallas. Of course I can go and add more uplinks and VLANS for my site, but then a lot of this heavy lifting in terms of creating these is automatically done for me by SteelConnect. But right now it's just a pointer on the map. It's not a real site. We don't have an appliance. But that's the beauty of it, John. What SteelConnect lets me do is it gives me the flexibility and the freedom to deploy my entire site from ground up, my entire network from ground up, before I deploy the first piece of hardware. The way I'm able to do that is with this concept called shadow appliance, which is really a cardboard cutout of what will be once I have the hardware appliance. So I'm going to click here on add appliances. I'm going to say create shadow appliance. >> So shadow appliance, the customer knows the appliance, they might have the serial number. >> Yeah. >> But it's not connected, it's not even there yet. >> No, it's not even there yet. >> They're doing all the heavy lifting, preparing for it to drop in. >> Yeah, think of it as just designing it or drawing it on white paper, except you get to see what your network's going to look like before you deploy anything. So I'm going to drop, let's say an SDI-130 gateway, add my site in Dallas, which I just created, and click here on submit. And that's the beauty of this, that now with this shadow appliance, I can click on this and really configure everything, right down to the very port level. And once I do have the hardware, which I ship to someone and have someone plug it in. >> So now you're configured. Now the appliance gets shipped there, someone, it could be anybody, could be a non-employee, just says, instructions: plug it in and put this ethernet cable in. >> Yeah, and sitting here in Palo Alto, I'm entering my appliance serial number. Click here on submit, and now that the appliance is connected to the internet, it knows to contact core services in the cloud, download its configuration, it knows what organization it belongs to, and it comes online in a matter of seconds, really. You'll see that it's already online as I was talking to you. >> John: Let's look at that, hold on. Dallas, right there, online, okay. >> Vivek: Yeah, and when it says pending, it means that it's actually downloading its current configuration. It's going to be up to date in less than a minute. And once it does that, when I look at the dashboard, this checkmark will be green, and it's going to start forming all those IPSec VPN tunnels, there you go. It's going to now start forming all those IPSec VPN tunnels to all my other existing sites, automatically forming so that I don't have to do any of the heavy lifting. >> John: So it does a self-discovery of the network. It just went red there, real quick. >> Josh: That's okay, this is where it's going to start creating the VPN tunnels. >> Vivek: Right, it's basically associating all those, it's negotiating all the security associations with all my other appliances. >> So no one's involved? No humans involved, this is the machine, get plugged in, downloads the code, then goes out and says where do I got to connect to my other networks. >> Yeah, the power of this is what you're not doing, right? So you could do all this by hand. And this is the way that legacy networks are configured, if you're still, you know, hardware-based approach. You have to go in and really think hard about the IP addresses, the subnets for each individual box, if you're going to create that full mesh connectivity, you're going to have to do that at an exponential level every time you deploy a new piece of hardware. So with this approach, with the design first, you don't have to do any staging. And when you deploy, the connectivity is going to happen, you know, for you automatically. >> John: Let's take a look at the site, see if it turned green. >> Vivek: Yeah, it's right now, if I click on it, you'll see that my appliance is online, but right now all the lines are red because it's still in the process of creating those IPSec VPN tunnels. But you'll see that in the next couple of minutes or so, all these lights will turn green, and what that means is now I have a single unified fabric of my entire network. But while we're waiting on that, let's actually move ahead and do something even cooler. Let's say our company called Global Network, Global Retail, wants to transition some of its applications to the cloud, because as we know, John, a lot of companies want to do that. For a few pennies on the dollar, you can make a lot of things somebody else's problem. So we've worked really hard with AWS and Microsoft to make that integration really work well. What I mean by that is when I click here on network design and AWS, I have a cross-account access going between my SteelConnect manager and AWS Marketplace so that I don't ever have to log back into the AWS Marketplace again. Once I do that, I can see all of my VPCs across all of my regions so that with a single click, and that's what I'm going to do here, I'm going to say connect to all my subnets in Frankfurt, I can choose to deploy a gateway of instance of my choice in the Frankfurt site. So what I'm going to do now- >> John: So you're essentially telling Frankfurt, connect to my Amazon. >> Vivek: Yes. >> John: And I'm going to set up some cloud stuff for you to work with. >> Vivek: So you already have your VPC infrastructure or your VNet infrastructure on AWS or Azure. What I'm doing is I'm providing optimized, automated connectivity for you. So I can choose to deploy- [John] All with just one click of the button. >> Vivek: All with one click of the button. So you see that I can choose an EC2 instance of my choice for the gateway. I'm going to leave it to t2.medium, and then SteelHead, because, WAN optimization because the moment we start migrating huge data sets to the cloud in Frankfurt or, say, Ireland in Azure, latency becomes a real issue. So we want to be sure that we're also optimizing the traffic end to end. I'm going to leave redundancy to on so that there's high availability, and I'll leave AWS routing to auto, and I'll talk about that in just a bit. So when I click here on subnet, what's happening is SteelConnect is logging into my AWS account. It's looking at all my VPCs, it knows what subnets it has to connect to, it's going to plop a gateway appliance as well as a WAN optimization appliance, do all the plumbing between those appliances, and make sure that all traffic is routed through the SteelHeads for WAN optimization, and it creates all those downloads for me automatically. And the beauty of this solution, again, is that not only does it provide automated connectivity for me between, say, different regions of AWS but also between AWS and Azure. We've suddenly become the cloud brokers of the world. We can provide automated, optimized connectivity between AWS and Azure. So let me show that to you also. >> John: Yeah, show me the Azure integration. >> Vivek: So I'm going to search for maybe subnets in Europe, Ireland, I'm going to connect to that. The workflow is exactly the same. Once I do connect, it gives me the option to deploy an instance of my gateway and my SteelHead. So I'm going to select that and then click on submit. So now when I go back to my dashboard, you'll see that, oh by the way, my Dallas site is now online. And when I click on it, you'll see all my tunnels have also come online. >> John: Beautiful. >> Vivek: Going back to what we just talked about- >> John: Frankfurt and Ireland are up an running. >> Vivek: Exactly. >> John: With Amazon and Azure piece there. >> Vivek: Yeah, it does take about four or seven minutes for those appliances to come online, they download their latest firmware, but that's nothing- >> John: Minutes aren't hours, and that's not days. >> Vivek: Exactly, not hours, not days, not weeks. >> Right, I mean a key use case here, when you think about cloud connectivity today, it's still rather tedious to connect your on-premise location into these cloud-based, virtual environments. And so what network operators do is they do that in as few locations as possible, typically in a data center. And what that means is now you're limited, because all the traffic that you need to go into those environments has to get backhauled into your data center before going there. So now, because this is automated, and it's all part of that same secure VPN, if you have some developers that are working on an app and they're using infrastructure as a service, you know, as part of their work, they can do that from whichever remote office they're sitting at or their home office or at a coffee shop. And there's no need to create that additional latency by backhauling them to the data center before going to the cloud. >> So all that stuff gets done automatically, on the networking side, with you guys. >> Exactly, exactly. So step one is really creating this easy button to have connectivity, both on premises and in the cloud. >> Connectivity with all those benefits of the tunneling and stuff, that's either pre-existing or that's been set up by an instance. >> Exactly, secure VPN, full mesh connectivity across all the places where you're doing business or you need assets to run in the cloud. Then the second phase is, okay, how do you want to dictate which applications are running over which circuits in this environment? And this is where, again, with a legacy approach, it's been really tedious to define which applications should be steered across one link, if you can identify those applications at all. So what Vivek's going to show next is the power of policy and how you can make it easy to do some things that are very common: steering video, steering voice and dealing with, you know, SaaS applications in the cloud. So you want to give them a taste of that? >> Vivek: Absolutely. So let's go to rules, and let's create a new traffic rule, say, I want to make sure that across all my sites for my organization, I want video, which is a bandwidth-intensive application, as you all know, doesn't really choke up my MPLS link, which is my most precious link across all my sites. I should be able to configure that with as much ease as I just said it. So let's do that. We can do that with the software defined intelligence of SteelConnect. I can apply that rule to all my sites, all my users, and I'm going to select applications, where I search for video. There's already a pre-configured application group for video. I'm going to select online collaboration and video. And under path preference, I'm going to say that for this application, don't use my MPLS as my primary, but use my internet link as the primary. >> John: And the reason for that is to split traffic between the value of the link's cost or >> Vivek: Exactly. >> John: Importance. >> Vivek: Exactly. Load balance gets really important. So I'm going to save that as my primary- >> John: So plenty of people that are watching YouTube videos or, you know. >> Vivek: (laughs) Right, exactly. >> Exactly, video is one of the biggest hogs of bandwidth. It's basically creating an insatiable demand, right, so you definitely need to look for your best option in terms of capacity. And with internet broadband, maybe you're going to sacrifice a little bit on quality, but video, you know, deals with that pretty well. But it's just hard to configure that at each and every single box where you're trying to do that, so. >> Vivek: Yeah, as opposed to configuring that on each and every individual box or every individual site, I'm creating this globally applied rule to all my sites. And I'm going to select MPLS as a secondary. I'm going to select a path quality profile, which means that if there's some severe degradation in my internet link, go ahead and use my MPLS link. So I'm going to say latency sensitive metrics, and I'm going to apply a DSCP tag of high, click here on submit, and the moment I turn this rule on, it automatically updates all of the IPs, all of the uplinks, all of the routes across my entire organization. >> John: So you're paying the quality of service concept to all dimensions of apps. >> Vivek: Absolutely, whether it's video- >> John: Video, Snapchat, livestreaming, to downloading, uploading. >> Vivek: Yeah, and I can create the same kind of rule even for voice, where maybe I have my MPLS, since that's my primary and most precious link available for all my sites, have that as a primary and my secondary as my route VPN, which is my- [John] If you're a call center, you want to have it probably go over the best links, right? >> Vivek: Exactly. And assign it the DSCP tag of urgent so that that traffic gets sent at the expense of all my other traffic. >> John: Awesome, that's great stuff. Policy is great for cloud. What about security? Take us through a demo of security. >> So that's a really good question. I mean, as soon as you're starting to use internet broadband connectivity in these remote locations, one of the first things you think about is security. With the secure VPN connectivity, you're assuring that that traffic is encrypted, you know, end to end, if it's going from branch to data center or even branch into cloud. And that was really step one that Vivek showed earlier. Step two is when you realize, you know what, there are certain applications that are living in the cloud, things like Office 365 or Salesforce.com that truly are a trusted extension of your business. So let's turn that spigot up a little bit, and let's steer those applications that we trust direct from branch to the internet, and by doing that we can avoid, again, that backhaul into the data center. And with an application-defined approach, this becomes really easy. >> Vivek: Yeah, and I can do that with a very simple rule here, too. I'm going to apply that rule to all my sites. I'm going to say for applications, let's say trusted SaaS apps like Salesforce, Dropbox, and Box, I'm going to select a group called trusted SaaS apps, and now under path preference, I'm going to say for these applications, I know that I've set an organizational default that for all my traffic, go over my MPLS link and break out to the internet that way, but for some applications that I've defined as trusted SaaS apps, break out to the internet directly. >> John: Those are apps that they basically say are part of our business operation. >> Vivek: Yeah. >> John: Salesforce, Workday, whatever they might be. >> Vivek: Absolutely. So you're opening that spigot just a little bit, as Josh was talking about. And I can choose to apply a path quality profile so that there's a dynamic path quality-based path selection and apply a QoS priority. I'm going to leave it to high and submit. And the powerful thing about this is even though I've applied this to all my sites, I can choose to apply this to individual sites or maybe an individual VLAN in a site or an individual user group or even a single user for follow the user policies. And that's the entire essence of the software-defined intelligence of SteelConnect. The ease with which we can deploy these rules across our entire organization or go as granular to a single user is a very powerful concept. >> Josh: One of the things too, John, in terms of security, which you were asking about earlier, is that not only is a policy-based approach helping you be efficient at how you configure this but it's also helping you be efficient in how you audit that your security policies are in place because if you were doing this on a box-by-box basis, if you really, truly wanted to do an audit with the security team, you're going to have to look at every single box, make sure there's no typo whatsoever in any of those commands. But here we've just made a policy within the company that there are certain applications that are trusted. We have one policy, we see that it's on, and we know that our default is to backhaul everything else. And so that becomes the extent of the audit. The other thing that's interesting is that by just turning off this policy, that becomes your roll back, right? The other thing that's really hard about configuring boxes with lots of commands is that it's almost sometimes impossible to roll things back. So here you have a really easy button on a policy-by-policy basis to roll back if you need to. >> John: And just go, you know, clean sheet. But this path-based steering is an interesting concept. You go global, across all devices, you have the roll back, and go in individually to devices as well. >> Josh: That's right, that's right. Now, this next click of bringing that internet closer to you, is where you say, you know what? In addition to trusted SaaS applications, let's go ahead and have even recreational internet traffic go straight from the branch out to the internet at large. >> John: Love that term, recreational internet. (laughing) It's basically the playground, go play out there in the wild. (laughing) >> Josh: Exactly. >> John: There's bad guys out there. But that's what you mean, is traffic that's essentially, you're basically saying, this is classified as, assume the worst, hope for the best. >> Right, exactly. And that's where you do have to protect yourself from a network security standpoint. So that next step is to say okay, well instead of backhauling all of that recreational, dangerous internet traffic, what if we could put some more powerful IDS, IPS capabilities out there at the edge? And you can do that by deploying traditional firewall, more hardware, at those edge devices. But there's also cloud-based approaches to security today. So what Vivek is going to show next is some of the power of automation and policy that we've integrated with one cloud security broker named Zscaler. >> Vivek: Zscaler, yeah, so- >> John: Jump into it. >> Vivek: Our engineers have been working very closely with engineers from Zscaler, and really the end result is this, where we do a lot of the heavy lifting in terms of connecting to the Zscaler cloud. What I mean by that is what you're looking at on the SteelConnect interface, going back to that entire concept of single pane of glass, is that you can see all your Zscaler nodes from SteelConnect right here. And on a site-by-site basis, we will automatically select for you what Zscaler nodes are the closest to you based on minimum latency. And we select a primary and a secondary. We also give you the option of manually selecting that, but by default, we'll select that for you so that any traffic that you want to break out to the internet will go to the Zscaler cloud like it's a WAN cloud by itself. So I can go to my organization and networking default and say that hey, you know what, for all of my traffic, break out by default to the Zscaler cloud as the primary so that it's all additionally inspected over there for all those IDS and IPS capabilities that Josh was talking about. And then break out to the internet from there. And that's, again, a very powerful concept. And just to remind you though, the traffic path rule that we just created for trusted SaaS apps will still bypass the Zscaler cloud because we've asked those applications to go directly out to the internet. >> John: Because of the path information. But Zscaler, talk about how that works because you mentioned it's a cloud. >> Vivek: Yes. >> John: Is it truly a cloud, is it always on? What's the relationship with- >> I mean, this is what's interesting. And the cloud is basically a collection of, you know, data centers that are all connected together. And so some of the complexity and effort involved in integrating a cloud-based security solution like Zscaler is still often very manual. So without this type of integration, this collaboration we've done with them, you would still have to go into each box and basically manually select and choose which, you know, data center of Zscaler's should we be redirecting to. And you know, if they add a new data center that's closer, you would have to go and reconfigure it. So there's a lot of automation here where the system is just checking, what's my best access into Zscaler's cloud, over and over again and making sure that traffic is going to be routed that way. >> John: And Zscaler's always on, is an always-on security model. >> Yeah, active backup, exactly. There's many of those locations. >> Alright, so visibility. Now, as the internet connections are key to the, you know, zero touch provisioning you guys demoed earlier, IoT is coming around the corner, and it's bringing new devices to the network. That's more network connections. >> Josh: Right. >> Usually they're who is that person out there, what's that device, a lot of unknown, autonomous, so how do I use the visibility of all this data? >> Yeah, visibility's important to every organization, and once we start talking about autonomous networks, it becomes even more important for us to dive deeper and make sure that our networks are performing the way we want them to perform. It goes back to that entire concept of trust but verify. So I'm creating all these policy rules, but how do I know that it's actually working? So if you look at my interface now, actually, let's pause for a second and just enjoy what we've done so far. (laughing) >> John: A lot of green. >> Vivek: You'll see that my, a lot of green, and a lot of green lines. So this is my site in AWS, which I just brought up, and this is my site in Ireland. So if I click on the tunnel between- >> John: Are those the only two cloud sites? Are the rest on premise? >> Vivek: The rest are all on premise, exactly. So if I want to, say, click on the tunnel over here between my Azure site and my AWS site, which I just brought up, it gives me some basic visibility parameters, like what's my outbound and inbound throughput, what's my latency and packet loss. We don't see any real values here because we're not sending any data right now. >> John: But if you would, you would see full connection points so you can make decisions or like, workloads to be there, so as you look at- >> Vivek: Absolutely. >> John: Connection to the cloud. >> Vivek: It's all real time data. But if you want to dive in deeper, we can look at what we call SteelCentral Insights for SteelConnect so you can look at- >> John: Hold on, you're going too fast. Back up for a second. This is an Insight's dashboard. >> Vivek: Yes. >> John: Powered by what data? >> Vivek: Powered by the data that is being pulled from all of those- >> John: Those green- >> Vivek: All those gateways. >> John: All those points. >> Vivek: All those green points. >> John: So this is where the visualization of the data gives the user some information to act on, understand, make course corrections. >> Vivek: Exactly. >> John: Okay, now take us through this again. >> Vivek: So you can look at what your top uplinks are. So I'm looking at my site in New York City. So I can look at what my top uplinks are, what my top applications are, who are my top users? Who's using BitTorrent? I can see here that Nancy Clark is using the BitTorrent. So I might have to go ahead and create a rule to block that. >> John: You know what kind of movie she just downloaded, you know, music? >> Josh: Exactly, exactly. >> John: So you can actually look at the application type. So you mentioned BitTorrent. So same with the video, even though you're path steering, you still see everything through this? >> Vivek: Absolutely. >> Exactly, I mean this is application defined networking in action, where, you know, the new primitives that network administrators and architects are now able to use are things like application, user, location, you know, performance SLA, like the priority of that application, any security constraint. And that's very much aligned to the natural language of business. You know, when the business is talking about, you know, which users are really important for which applications that they're sending to which locations, I mean, now you have a pane of glass that you can interact with that is basically aligned to that. And that's some of the power there. >> John: Alright, so what are you showing here now? Back to the demo. >> Vivek: Back to the demo. The next part of the demo is, it's actually a bonus segment. We're going to talk about our integration with Xirrus Wifi. We recently announced that we are working with Xirrus. We bought them, and we're really excited to show how these two products, Xirrus access points, Xirrus wifi, and SteelConnect, can work hand in glove with each other. Because this goes back to the entire concept of not just SD-WAN but SD-LAN for an end-to-end software-defined network. So what I want to show you next is really hot off the presses. >> John: This is new tech you're showing, new technology? >> Vivek: Yes. >> Josh: So when SteelConnect was launched last year, there are wifi capabilities in the gateways that Vivek showed during the zero touch provisioning part. Xirrus is well regarded as having some of the, you know, most dense capabilities for accessing- >> John: Like stadiums, we all know that, we all lived that nightmare. >> Josh: Exactly. >> John: I got all these bars on wifi but no connectivity. >> Josh: Exactly, so stadiums, conventions, you know, when you think about the world of IoT that's coming and just how many devices are going to be vying for that local area wifi bandwidth, you need to have an architecture like Xirrus that has multiple radios that can service all of those things. And so what we've been doing is taking, you know, the steps as quickly as possible to bring the Xirrus wifi, in addition with the wifi that SteelConnect already had, into the same policy framework, right? Cause you don't want to manage those things, necessarily, going forward as different and distinct entities. >> John: So SteelConnect has the wifi in the demo. >> Exactly, so I'm now moving to a different org, where we have about four or five sites, and I'm going to go ahead and add an appliance. And I'm going to add this Xirrus access point and deploy it in my site at Chicago. So I just click here on submit, and you'll see that the access point will come online within, in less than a minute. And once it does come online, I can actually start controlling this Xirrus access point, not just from the XMS cloud, which is the Xirrus dashboard, but also from SteelConnect manager, going back to that concept of single pane of glass, so- >> John: So we have another example of zero touch provisioning. >> Vivek: Zero touch provisioning. >> John: Send the device, and someone just plugs it in and installs it, doesn't have to be an expert. Could be the UPS guy, could be anybody. >> Vivek: Yeah, anybody. Just connect it to the right port and you're done. And that's what it is here, so you see that this appliance in Chicago, which is a Xirrus access point, is online. And now I can go ahead and play with it. I can choose to deploy an SSID and broadcast it at my site in Chicago. You see that I'm only broadcasting Riverbed dash two, and when I go to my XMS dashboard, and can see that one access point is actually up. This is the same access point that we just deployed in the Chicago site, and that profile called Chicago is already configured. So when I click on it, I can see that my SSID is also displaying over here, and I can do so much more with this interface. >> John: It really brings network management into the operational realm of networking. >> Vivek: Absolutely. >> John: Future experience of networking is not making it as a separate function, but making it an integral part of deploying, provisioning, configuring. >> Exactly, and the policies to automate how it's all used, right, so if we just take a step back, what we literally did in just a few minutes, we deployed a new location in Dallas without anybody needing to be there other than to plug in the box. We extended the connectivity from on premises, not only into one cloud but two clouds, AWS and Azure. We started leveraging public internet in these remote sites to offload our MPLS for video. We steered SaaS applications that were trusted out there directly to the internet. And then we pulled in a third-party capability of Zscaler to do additional security scrubbing in these remote locations. That applies to every single site that's in this environment. And we literally did it while we were talking about the value in the use cases, you know? >> Great demo, great SD-WAN in action. Josh, Vivek, thanks for taking the time to give the demo. Experiencing the future of networking in real time, thanks for the demo, great stuff. >> Thanks, John. >> This is theCUBE, watching special SD-WAN in action with Riverbed, thanks for watching. I'm John Furrier. (bright music)

(energetic electronic music) >> Hello and welcome to a special CUBE presentation of the future of networking with Riverbed. I'm John Furrier, host of the CUBE. We're here with Paul O'Farrell, Senior Vice President and General Manager of SteelHead, Steelhead Connect. SD-WAN in action. Well, good to have you on The CUBE. Thanks for joining us. >> Great to be here. >> So, future of networking. This is something that we talk a lot about in our conversations, because the cloud's exploding, cloud business model. On-premise, true, private cloud. Hybrid, connecting to public clouds, is changing the game for app developers and large enterprises and how they do business. But it always comes back down to networking, 'cause everyone wants to know what's going on with networking. What is the future of networking? What's your perspective? >> Yeah, well John, as you said, everything's going to the cloud. But if you're a large multinational organization, you can't just click your finger and move your entire infrastructure to the cloud. But for the workloads that you do manage to move to AWS or Google Cloud or Azure, the good thing is that your IT organization is able to get out of the low-value-added activity of managing boxes and get into more strategic higher-impact activities and projects. So, if you think about moving a workload to the cloud, all of a sudden your organization is out of the business of managing boxes, managing servers, storage, and backup. But the challenge is that networking and the infrastructure required to connect all of that is still stuck in the past. And much of the way you manage a network really hasn't changed that much since the, certainly in enterprise networks, since the mid-90's when routers first really became popular. >> Give an example of why it's so hard, because I mean everyone wants networking to be faster. You have still move packets around the network. I mean boxes are changing. We know that the surveys are all pointing to non-differentiated labor being automated away. And that's clearly from the research. It's not a question of when, it's a question of when will, I mean not a question of how, when it's going to happen. So that puts pressure on the companies. When do they move from the manual networking to more automation? So give an example of some of the use cases. >> Yeah, so for a long time, as I said, the way you manage a network hasn't really changed. And in the last couple of years, we've seen the growth of a new market segment, or a new market, called software-defined WAN. So, taking some of the concepts of software-defined networking that had been trapped in the data center and then bringing those out onto the wide area network. And one of the big drivers was around the idea of, since there's so much more traffic going to the Internet, going to the cloud, I need a simpler way of managing that traffic. And I'd like to do it at a software level. I'd like to manage it based on policies and simple configurations that I could apply centrally as opposed to going down to the level of IP addresses and port numbers, as you have to in the sort of more traditional approach. So I think a lot of the initial impetus for people to look at new ways and new approaches to networking has been around this concept of direct-to-net, the desire to use more Internet transport, lower-cost Internet transport in the network. And that's sort of where it starts. And after that, you get to, what we at Riverbed believe is a bigger transformation of networking, which sort of begins with SD-WAN, but probably ultimately is more about really cloud networking. >> Some will say, and I'll get your reaction to this, that networking is outdated. Your thoughts? Is it outdated? Is it just moving too slow? Is it advanced? What are some of the, where's the progress bar on this conversation that's been kicking around the industry around networking needs to get updated and modernized? And is it outdated? What's your thoughts? >> Yeah, so as you said, at some level, you're always going to need networking, right? You've got to move packets around the network. You've got to connect applications with people and resources across the network. And it's particularly true in enterprises. But where I think the network has become stuck somewhat in terms of its evolution is that the traditional approach to configuring and managing devices, pre-staging routers and then shipping to a location where you have to do some more configuration on them, that piece of it I think has not evolved enough. But we're at a point now where a lot of the simplicity, the policy-based approach that you see in other parts of cloud infrastructure can now be applied to networking, that you can abstract away some of the complexity of the underlying network and then present that to an admin in a very simple fashion that looks very similar in terms of the experience to what happens when you deploy an application in the cloud, in AWS or Amazon. If you think about it, you can spin up an application and get it up and running in a matter of hours, if not minutes. You can deploy applications all over the world. Now, if you had asked somebody to do that 10 years ago, they would have looked at you like you're crazy. I want an application running in Frankfurt. And I want an application running in Seattle. And I want you to have it done by this afternoon, and by the way. Where it all falls down though is when I ask you to connect every root in my organization to those applications and have it done in a matter of hours or minutes. That's where it gets really hard using the traditional approaches. And, by the way, just to put in a point of clarification. I remember back when I was living in the 90's, 'cause what you described sounds like the 90's, that's a six-week project. Not like hours. That's like weeks. I got to make sure that the routers, we've got to configure the tables. All these manual efforts. But you're hitting on one of the things that is the future that people talk about, is really balancing the agility of doing something really fast, that's what the cloud is bringing to the table, with managing complexity. So that's one thread. So I want to talk about that. But also can I talk about the elephant in the room, which is, is my job going to go away? 'Cause, you know, a lot of those guys that are doing this command line interface stuff have built a job around their knowledge around configuring, which is not an agile. So they've got to be agile. So they're potentially at risk. So, future career. But the mandate of managing the complexity with agility. >> Yeah, so the industry obviously evolves over time. And, as you look at, again, go back to different parts of the infrastructure stack or the IT environment, you could have said just exactly the same, made exactly the same argument to me about servers and storage and backup administrators. Now, to my knowledge, those people haven't gone away. The total number of people working in the IT industry has not shrunk. If anything, it's grown significantly. So I think it's much more about freeing people from some of these laborious tasks that really don't add a lot of value and then redirecting those people to delivering on higher-impact initiatives. You know, a lot of talk in the industry these days, no matter actually what vertical you're in, about digital strategies, about transforming your business, and really what you want is to take your IT resources and your IT personnel and have them work on those projects and not have them-- >> John: The high-yield projects. >> Exactly. And to the extent possible, to automate a lot of the workflows and the way you manage day-to-day administration of the network, whether it's in the design phase, the deployment phase, or the management phase, of your network infrastructure, make that simpler and more intuitive and ultimately more like a consumer application, the types of workflows we're used to when we use web-based applications. Or perhaps, more reasonably, make it more like how you manage an application in AWS or Google Cloud or Azure. >> So your point about the server guys, the storage guys, their jobs never went away. First of all, there's more data coming than ever before, so they're always going to have a good job. So you're saying that is also applied to networking. >> Paul: Mm-hmm. >> It's still super important. >> Paul: Absolutely. >> And there's going to be more network, certainly with IOT on the horizon. You're going to have more connection points than ever before. So you're saying that tasks may go away, but the job will shift to other things, whether it's up the stack or other function that's related to adding value. >> Absolutely. So, the individual components that are deployed in the network that make the traffic, that allow the traffic to flow, that allow you to get the packets around the network, allow you to connect different parts of your enterprise, none of that goes away. But it just maybe takes a different form. And you mentioned IOT, for example. I mean that's a big question and a big challenge for a lot of organizations. How do you manage a network environment where you have more and more devices coming on the network? And instead of having, 10's, 100's of clients on a wireless network, for example, you could have 100's or 1,000's in a facility. And that's the type of new networking challenges that would be interesting to address as opposed to doing things that are, by their nature, manual and arguably can be done with a lot more automation. >> So I'm going to make a statement. And I want you to either agree or disagree or add some color to it. The future of networking is about automation, embracing automation to add value. And just as a point of validation, IOT, whatever trend that's happening right now that people get excited about, are all probably about machine learning. And everyone's saying that AI is going to solve the problem, which is simply just saying, technology's going to help with the automation. That's kind of my take on it. Your thoughts on that? Because that essentially is the validation. So the future of networking is, get used to automation. It's coming down the road pretty fast. >> So I think the first step towards taking some of that machine learning know-how and AI and applying it to networking is to automate networking. Make it easier. Make it policy-based. Don't make it about CLI commands. Make it about more manual configuration about scripting. The next step will be to apply machine learning and be able to have self-healing networks, being able to have networks which are aware of the types of-- >> Self-healing networks? Self-healing networks for having self-healing cars. Self-driving everything. I mean this is essentially the automation of what we're seeing. >> Sure, but let's start, let's not run before we can walk. Let's start with application-aware networks. How about that as an idea? Where at least the network doesn't think it's just passing packets, but actually knows what application it's using and is applying policies in an automatic fashion, whether it's to choose the optimal path for traffic or whether it's to apply security policies based on who the user is and what they're trying to do. So you should be able to do all that. And that is something that we built in our new product. >> Okay, so I would say that in hearing you, complexity is addressed by automation and software. >> Paul: Mm-hmm. >> The agility is really the application awareness of that. >> Yeah, I think that's a reasonable characterization of how to think about the future of networking, sure. >> Okay, so I want to get your thoughts on SD-WAN. We're hearing about that. With the cloud, and whether you're running true private cloud and hybrid and public, it's all an operating model. It's all a new way to think about provisioning networks and managing it. Isn't everything a WAN now? I mean, if you almost conceptually as a mind exercise say, the notion of local area networks and wide area networks are kind of, with the whole cloud thing, with the perimeter being decimated, and APIs flying around and microservices. I mean isn't everything a WAN now? >> Sure, I mean the whole concept of the WAN feels a little dated right now. I mean, if you think about it, if your kids are on the web or using their favorite social networking, and for some reason they can't get on the Internet, they rarely come down to you and say, "Hey Dad, the WAN's broken." So I mean clearly, people who live in the enterprise world still think in terms of wide area networks. But more and more, you're right. If you think about it, all of the different users who are coming on your network, whether employees or whether they're customers or partners, they're coming on using WiFi. There's a blurring of the line between the Internet, between the private enterprise network, traditionally referred to as the WAN, and the LAN. All of that is merging. And a lot of the technologies that Riverbed has been developing are really around this concept of SD-WAN, not just SD-WAN, but SD-LAN as well, and the ability to provide a single connectivity fabric across LAN, WAN, Cloud, and to the extent you still have data centers, most large enterprises will have those, data center as well. >> Great. And so competition. Let's talk about competition. You mentioned the CLI. Cisco's a market leader in all this. Your position vis-a-vis Cisco and how you look at the competition? >> Yeah, so Riverbed as a company has competed in various ways with large networking companies like Cisco for many, many years, since we started as a company. It is interesting that Cisco is trying to reposition itself, sees a need to change the way it delivers solutions for enterprise networking. It started by developing some of those capabilities within the organization and then more recently has made an acquisition of a startup, which we think is interesting, because it really validates the market now for SD-WAN. And we welcome it many ways, 'cause we think it's really the beginning of a shakeout and a maturing of the whole space. We think we're going to see that. >> You can't talk about the future of networking without talking about WiFi, because everyone who goes to a sporting event or concert, they lose their LTE, they go to the WiFi. And connectivity is like the lifeblood. You guys recently had an acquisition. What's the future like with you guys and WiFi? >> Yeah, we recently acquired a company called Xirrus, which was a company that had set out to build the fastest, most scalable, most, and this is really the key point, densest WiFi in the world in a very secure manner as well. And it was started by some of the pioneers of the WiFi industry, people who were in WiFI before it was even called WiFi. And so we thought they had an extraordinarily interesting technology. And what was particularly exciting about it is that they had also developed a cloud management approach to managing WiFi. As you said, WiFi is, on one hand you could think that WiFi is kind of a solved problem. It's been around for quite a while. But it's also become incredibly critical to not just enterprise networks, but to everyday life. We sometimes say that WiFi has become the inalienable right of every global citizen, good WiFi. If you think about the last time you checked in a hotel, what's probably the first thing you'd do is see if you can get on the WiFi. And if you have a bad WiFi experience, it doesn't matter how soft the Egyptian cotton on the sheets, on the bed is, >> John: It's plumbing. >> or how delicious the chocolate is on the pillow. >> People complain most about WiFi. >> Exactly. So if you think about it, some of our biggest customers now that we've entered the WiFi, and particularly the cloud-managed WiFi, business, our education, K through 12 and universities, on many university campuses, the users can have six, eight, 10 devices per person. Now, in the typical enterprise, maybe you don't have quite that many. But we're certainly all heading in that direction. And then you combine that with IOT and how people would like to put a lot of sensors and other devices on the network, then you're getting to a point where you really need incredibly dense WiFi. >> I mean IOT is about power and connectivity. WiFi gives great connectivity. Future of networking. Just summarize as we wrap this segment up for the folks watching who are practitioners in their jobs every day, trying to figure out the future, what's the bottom line of the future of networking? If you can give that statement and an example of how you guys are working with other practitioners. >> Sure. Well, first of all, I think the transformation that's occurring in the broader IT industry with the rise of the cloud and cloud networking and cloud computing is really extending now to the networking industry. A lot of the simplicity, the workflows, the automation and policy-based approaches is now extending to the space that network administrators have traditionally lived in. And I think that's really an opportunity for practitioners, as you call them, to really start using a set of more interesting and more capable tools that then will allow them to free themselves up from some of the lower-value-added activities to doing some really interesting things in the organization and to be an enabler of some of these new digital strategies and cloud strategies that their organizations are trying to execute. >> An example of companies you've worked with that might be a case study that you can share real quick? >> Well, what we're seeing is an awful lot of retailers, for example. So it's interesting. You see all the pressure that traditional retailers are experiencing from online e-commerce retailers. And what we're seeing is that more and more, they are using in-store WiFi. They're looking to put a lot more band-width into the stores to give customers in the store an incredibly compelling online experience while they're shopping. For two purposes. One is because they want to engage that customer while they're in the store. And also because they may want to do analytics and understand their behavior while they're in a store. But they want to do that at the same time as ensuring that some of their business-critical applications are up and running. So if you think about SD-WAN or cloud networking, it really provides the ability for us to do that, augment the WAN, deliver more band-width, lower cost band-width, into the store, but also give an incredibly compelling experience and have it all managed centrally with a simple policy-based approach. >> All right, the future of networking here at the CUBE Studio. Paul O'Farrell, Senior Vice President, General Manager at Riverbed. I'm John Furrier with the Cube. Thanks for watching.

>> Announcer: Live from Washington D.C., it's theCUBE covering AWS Public Sector Summit 2017. Brought to you by Amazon Web Services and its partner, Ecosystem. >> Welcome back to our nation's capitol where we continue our coverage here on theCUBE of the AWS Public Sector Summit 2017. Some 10,000 strong in attendance this week here in the Walter Washington Convention Center. It's just about a mile from the U.S. Capitol. John Walsh, this is John Furrier. John, do you feel the energy of the centerpiece of the political universe. >> It's hot here in D.C. >> It is hot. >> It's a pressure cooker, the humidity. >> But, it's not global warming we know that because, ya know, climate change is >> Climate change is not real. That's from what I heard. >> That's what we've been told. >> The problem with D.C. is it's a data lake that's turned into a data swamp. So, someone really needs to drain that data swamp. >> Well, ya know, to help us do that. You know who's going to help us do that? >> Amazon Web Services. >> Marlin McFate's going to help us do that. He is the technical leader of the Advanced Technology Group in the office of the CTO and Riverbed. And Marlin, thank you for being with us here on theCUBE. Your first time, I believe. >> Yes, it is my first time on theCUBE. >> So, you're a Cube rookie? >> Yes, Cube rookie. >> Good to have you aboard. >> I appreciate it, thanks. >> Tell us a little bit first about Riverbed, about what you do there specifically, what you do there and what the company's mission is overall. >> Absolutely, so I work for the Advanced Technology Group, the Advanced Technology Group works underneath the office of the CTO. There's actually two groups that work under the office of the CTO, my group, the Advanced Technology Group and another one called the Strategic Technology Group. The ATT Group, the one that I belong to, we focus on being the subject matter experts of our products. I think there's about nine of us now and we all focus on different products. Riverbed's grown from a company of being just the WAN Optimization Company to really being the performance company, right, whether that be visibility, whether it be optimization, whether it be network optimization. Each one of us focuses on a different piece. I, predominantly focus on our WAN optimization, our SteelConnect product and at times our SteelFusion project, which is the combined Edge product. >> SteelConnect, yeah, tell us what that's all about. >> SteelConnect, SteelConnect is not actually our most recent product to come to market. We have a couple of visibility products that have come out recently, but SteelConnect addresses the idea that we have been doing networking for the same way say, you know, 1993 beyond, right. We are still doing it the same way. Everything within our industry, whether you take a look at virtualization, whether you take a look at Cloud, whether or not you take a look at storage, everything has changed substantially in how we do it and this brings that change to networking. The idea is that when you think about servers you say, I no longer want to think about you know, hardware. I never want to think about that. I never want to think about resources. Maybe I don't even want to worry about operating systems. I only want to worry about containers, right. Now, when it comes to networking I don't necessarily want to have to worry about each individual piece within my network. I want it to be orchestrated and controlled centrally and what I tell it to do, I want it to do. I shouldn't have to do that. >> You missed a challenged. We heard Vernon Vogel on stage here at Amazon a couple of seconds ago say, I'm here in D.C. say hey, it's a new normal. We had another entrepreneur on just before you from FUGE who said, hey, it's inevitably the world of the future and it's inherently different, or intrinsically different in Cloud than it is on premise with enterprises, so the question for you is, what is the use case that you guys are winning at because the Cloud is impacting federal government and public sector, but a lot of times they have old, antiquated systems like back in 1993, '94. So, they're moving fast to commercialize, to modernize, that's the focus. How do you guys help them? What's the big lynch pen for you guys and that goal mission to the customer? >> Alright, so you're absolutely right. The government has been here, or the government or public sector as a whole has been moving to the Cloud quite quickly here recently, right. We've seen this move more on the commercial side first, obviously, and now in the public sector. One of the very large use cases that we address is the ability to provision for your applications, right. Some of the characteristics that you find in commercial world, such as, I want to use internet as transport. You don't see as much in public sector. But, you do see, I can spin up an application in the Cloud. If you go to your Cloud person and say, how would it take me to get application B, they could possibly come back to you and say, well, would this afternoon be okay, right. Can you provision in hours like that? Can you get the policy in place for users? Could you get the connectivity? Could you get any of that in place in the same amount of time? That is a use case that SD WAN addresses without having to rip up, take out the network that you already have, which is the physical network, or what we refer to as the underlay. Being able to give you that flexibility on top of that network. >> The big thing that customers have a challenge on is that other focus it's DebOps trend programmable infrastructure is another one, so that they want to make it programmable. >> Right. >> So, how do you guys fit into that? Because one of the things that we hear is, could I have develop 'cause all I want to do is have infrastructure just works as code. That's all I need for whatever use case. >> Yeah, we usually see that DebOps is actually one that'll probably be the first movers to the Cloud for the public sector, right. With our, really it's every single one of our products, whether or not we're talking about SteelConnect, SteelHead, SteelEssential, any one of them, there's a RESTful API for every single one of them. So, you can actually go in and utilizing a very easy scripting a RESTful API directly itself and spin up whole environments and then spin them down if you wanted to do that. So, it fits very, very nicely into that DebOps world. >> Do you have SteelEdge yet? >> SteelEdge? >> Copyright on theCUBE. >> It might be a razor company that might have that. I don't know. >> Well, the Edge in the network is huge and this is where we're talking about as you guys do it, you know SD WAN, I mean, come on, why the area networks? You don't beat, you can't get any more edgier than that. You guys have a core competency in this. How do you guys look at the Edge and IOT and all these use cases popping around? >> Well, we do actually have a product that has Edge in it, it was SteelFusion Edge. We could address that in a couple of different ways. I want to make sure that I understood your question, though. Your question was around IOT, specifically? >> Well, how do you guys look at the Edge? The trends right now are super hyped up right now, Intelligent Edge is a big message we're hearing from others. IOT is an Edge application with its Industrial Edge with Genery Censor networks, help with safety, surveillance, all this is Edge devices. >> It still ends up in the end being you know, and that has, we've heard the change from people calling it Branch to calling it Edge, which is probably pretty appropo, right. But, really in the end, what it comes down to is connectivity, right. So, if I have IOT sensors in a warehouse, whether or not I have an application, whether or not I have a group of users, whether or not I have mobile users, in the end what it really comes down to is connectivity. And, we all especially with our cell phones, right, we have come pretty much to the point where we expect our data and our connectivity to be there at all times, right. That's one of the things SD WAN addresses. Whether it be our direct, our SD WAN products, SteelConnect, or whether or not it has works with some of the pieces that move further into the LAN architectural, like our wireless access points, our switching, right. So, you can imagine here, right, I can provide policy for my IOT devices. I can provide that policy one time at an organizational or agency level. I can have that policy filter down, all the way down to the axis point and now the axis point might be my axis point to my IOT or to my user. So, in the end, it still comes to connectivity. >> Marlin, what's some of the use cases or scenarios you've been involved with customers where it's been super exciting from an architectural standpoint, where you guys are doing some cutting edge things. Like, is it more the network size? Is it software? Is it Edge. I mean, I'm tryin' to get a sense of, could you share a personal perspective? >> Absolutely so. One of the ones that we're working on right now I think is probably the most exciting. It is combining some aspects, you could call it an FE. You could call it SD WAN. You could call it Grey Box. What I like to call it is just a combined Edge piece, right, which encompasses both the SteelConnect piece which handles your firewall characteristics, your identity management characteristics, built into that some switching, virtualization, so you can run other products on there. What the customer really wanted to end up doing was they had school systems that, a school system that was in a very far away place and that school system, they were putting in a router, a switch, an access point, you know, all these different little pieces and devices, right. What we did was we were able to take that design and crunch it down into basically one box, right. They have enough switchboards. They have the ability to run virtual machines 'cause they said that they had a server here or there. They have their virtualized SteelConnect gateway which gives them the firewall capability, gives them the routing capability and this is all combined in a box that already has the WAN Optimization built in. So, they get everything that they would have had onsite in one box. >> Is there something to working, you bring up education as an example, but in that space overall in the .gov, the .edu space that's separate and aside from commercial partners or commercial relationships like different concerns, different priorities and yet they're using the same technologies. >> Most certainly. The only thing that I could really say from a using technology, right, I mean there are some pockets where different technology, far off weird technologies is utilized. But, I would say that they are the public sector, schools, federal government, intel, they're all using a lot of the same technology, right. It's when they adopt it. When did they bring it into their environment? And then, what are the special characteristics of their environment? So for example, what I said earlier, right, your commercial customers are looking at utilizing SD WAN to move maybe completely off of MPLS. It's probably not something that we're going to see within the public sector, right. They're want to still use some sort of private networking. I do have some customers that are utilizing public internet, but then, they are tunneling an overlay back to an MPLS entry point to get back into their Cloud. We just have interesting requirements. Whether that be a trusted internet connection, whether or not that'd be JRSS, we have different security requirements in the public sector. >> Well, I love some of what you're doin'. Did you get all of that MPLS stuff there? >> Yeah, I got the first four. >> I want to jump in and double down on that. This is interesting conversation because the whole trend right now is hybrid Cloud on the Enterprise side which is a leading indicator to the government, a little bit lagging on that, so whatever that translates to in terms of Hybrid or Legacy, it's going to be somewhat similar, I believe. But, really multi-Cloud is a trend that people are talking about. It's super hyped up but it's not yet real. The thing that's holding multi-Cloud back not multi-Cloud in the sense I got to workload over hear and a workload over there, I'm talking about moving resources around the network, data, compute, what not, is latency, huge problem. You mentioned MPLS and all this tunneling, there's still the latency problem of how do you get the laws of physics down to the point where you can actually have those kinds of latencies? What is Riverbed doing? Can you share some insights to that direction 'cause that's the holy grail right now. That's the last hurdle. Then, well getting all the silicons is still the final hurdle, but latency's critical. >> So, problem number one there, right. Even if it is Cloud to Cloud in that example, right, is first how do I get a WAN Optimization device, something that can optimize that traffic for me. Something that can affect my latency for me into that environment. Riverbed has worked tirelessly to get that in there right. But, to your point, you can't change how an electron flies, right. The speed of light is the speed of light. You're not going to get an electron to move any faster. So, what Riverbed developed that's still very relevant today is the ability to, instead of change your latency, mitigate the negative affects of your latency, right. So, if I. >> Or work around it. >> Absolutely, and you can do that at the application level, absolutely, program around it, but there are a lot of protocols out there that aren't necessarily optimized for that longer latency environment, right. So, what we do is, or the adage is, the trip never taken, right, the shortest trip. So, if I have to, not to get into the weeds or anything like that, but if I have to make a thousand round trips to accomplish something, right, and I could put something in there that understands what I was getting, right, that data that I was getting each one of those times and I can take less trips, well then, that just made that faster. So, if I have a thousand round trips and it takes a minute to do, and now I can do ten round trips and it only took ten seconds, or six seconds if we're doing the math right. >> It's kind of like here in D.C., you're local. I noticed that coming from Dulles Airport they have Sirius pricing on the toll roads. That's basically private networking right there. >> That's right. >> These cost path routing opposed to the other side. I was in the, you know. >> Marlin was more describing my trips to the hardware store on the weekends, a thousand round trips, be a lot more economical. But you're right, it is private networking. >> If you're off the road, you're off the packets aren't on the network it saves some room for someone else. >> More traffic, you hear more traffic at the higher speeds. >> You actually could. So, you get two benefits. One is the increase of speed, but the other is the perceived capacity increase of your network. And, we accomplish these things through compression which is really, really simple. I think compression is a must, right. But, through our data duplication. Data duplication is I've seen these patterns before and it's a byte level. We're not talking about an object. I haven't seen a file. No, I've seen these byte level patterns before, I don't need to resend them. And, in traditional network or traditional applications you see pretty much in any organization, right, you typically can get somewhere between 50 and 80, if not sometimes 90% reduction total in traffic. >> My final question before we wrap up this segment here is, Share with the folks, take a minute to talk to the audience about what you're doing with Riverbed at the show and what they should know about the current Riverbed. I know you've guys trying a transformation of yourselves, give a quick plug. Go ahead. >> Absolutely. So, what we're specifically doing here or one of the pieces that is a differentiator for us and our SD WAN is, we went ahead and we thought why couldn't we make that an AWSPPC or a Cloud instance one of my Edge sites, right, connecting into the Cloud, there's many different ways to do it, but why couldn't we make a very simple way of doing that? Why couldn't I take the technology that I'm already putting in place at my data centers, I'm already putting in place at my branch offices, why can't I utilize that to create a secure connection into my BBCs. And, to your point, actually earlier one of the things that's also interesting was Cloud to Cloud. Why couldn't I take that same technology and connect multiple Clouds? Whether they be private Cloud or two public Clouds or connect them all together and take the best of all worlds, right, the best from each and make the best infrastructure that I possibly can. So, what we're showing off here from a SteelConnect perspective is our ability to do that. I can take an AWSVPC, actually I can take all, I think there's 16 regions within AWS and I can interconnect them in less than 10 minutes with the click of a button. And, then back into my infrastructure. So, that and then we also have brought Eternity, which is one of our visibility products that is basically rounded out on our visibility play within the market. We have the network. We have the app. We have the database. Now, we have the end users computer. >> Alright, well, if you could interconnect me to my home in 10 minutes I'm a client. I'd be sold, I'd be all over it. >> I'm going to be in the same traffic as you later. >> I'm not that far from here, but it might as well be another day. Marlin, thanks for the time. >> Absolutely, my pleasure. >> Good to have you on theCUBE, alright. >> Thanks, hope we get to do it again. >> Riverbed has joined us here on theCUBE. We'll be live with more from Washington D.C. right after this.