(bright upbeat music) >> Hello everyone, and welcome to this exclusive Cube Conversation. We have the pleasure today to welcome, Wim Coekaerts, senior vice president of software development at Oracle. Wim, it's good to see you. How you been, sir? >> Good, it's been a while since we last talked but I'm excited to be here, as always. >> It was during COVID though and so I hope to see you face to face soon. But so Wim, since the Barron's Article declared Oracle a Cloud giant, we've really been sort of paying attention and amping up our coverage of Oracle and asking a lot of questions like, is Oracle really a Cloud giant? And I'll say this, we've always stressed that Oracle invests in R&D and of course there's a lot of D in that equation. And over the past year, we've seen, of course the autonomous database is ramping up, especially notable on Exadata Cloud@Customer, we've covered that extensively. We covered the autonomous data warehouse announcement, the blockchain piece, which of course got me excited 'cause I get to talk about crypto with Juan. Roving Edge, which for everybody who might not be familiar with that, it's an edge cloud service, dedicated regions that you guys announced, which is a managed cloud region. And so it's clear, you guys are serious about cloud. These are all cloud first services using second gen OCI. So, Oracle's making some moves but the question is, what are customers doing? Are they buying this stuff? Are they leaning into these new deployment models for the databases? What can you tell us? >> You know, definitely. And I think, you know, the reason that we have so many different services is that not every customer is the same, right? One of the things that people don't necessarily realize, I guess, is in the early days of cloud lots of startups went there because they had no local infrastructure. It was easy for them to get started in something completely new. Our customers are mostly enterprise customers that have huge data centers in many cases, they have lots of real estate local. And when they think about cloud they're wondering how can we create an environment that doesn't cause us to have two ops teams and two ways of managing things. And so, they're trying to figure out exactly what it means to take their real estate and either move it wholesale to the cloud over a period of years, or they say, "Hey, some of these things need to be local maybe even for regulatory purposes." Or just because they want to keep some data locally within their own data centers but then they have to move other things remotely. And so, there's many different ways of solving the problem. And you can't just say, "Here's one cloud, this is where you go and that's it." So, we basically say, if you're on prem, we provide you with cloud services on-premises, like dedicated regions or Oracle Exadata Cloud@Customer and so forth so that you get the benefits of what we built for cloud and spend a lot of time on, but you can run them in your own data center or people say, "No, no, no. I want to get rid of my data centers, I do it remotely." Okay, then you do it in Oracle cloud directly. Or you have a hybrid model where you say, "Some stays local, some is remote." The nice thing is you get the exact same API, the exact same way of managing things, no matter how you deploy it. And that's a big differentiator. >> So, is it fair to say that you guys have, I think of it as a purpose built club, 'cause I talk to a lot of customers. I mean, take an insurance app like Claims, and customers tell me, "I'm not putting that into the public cloud." But you're making a case that it actually might make sense in your cloud because you can support those mission critical applications with the exact same experience, same API, same... I can get, you know, take Rack for instance, I can't get, you know, real application clusters in an Amazon cloud but presumably I can get them in your cloud. So, is it fair to say you have a purpose built cloud specifically for the most demanding applications? Is that a right way to look at it or not necessarily? >> Well, it's interesting. I think the thing to be careful of is, I guess, purpose built cloud might for some people mean, "Oh, you can only do things if it's Oracle centric." Right, and so I think that fundamentally, Oracle cloud provides a generic cloud. You can run anything you want, any application, any deployment model that you have. Whether you're an Oracle customer or not, we provide you with a full cloud service, right? However, given that we know and have known, obviously for a long time, how our products run best, when we designed OCI gen two, when we designed the networking stack, the storage layer and all that stuff, we made sure that it would be capable of running our more complex environments because our advantage is, Oracle customers have a place where they can run Oracle the best. Right, and so obviously the context of purpose-built fits that model, where yes, we've made some design choices that allow us to run Rack inside OCI and allow us to deploy Exadatas inside OCI which you cannot do in other clouds. So yes, it's purpose built in that sense but I would caution on the side of that it sometimes might imply that it's unique to Oracle products and I guess one way to look at it is if you can run Oracle, you can run everything else, right? Because it's such a complex suite of products that if you can run that then it it'll support any other (mumbling). >> Right. Right, it's like New York city. You make it there, you can make it anywhere. If I can run the most demanding mission critical applications, well, then I can run a web app for instance, okay. I got a question on tooling 'cause there's a lot of tooling, like sometimes it makes my eyes bleed when I look at all this stuff and doesn't... Square the circle for me, doesn't autonomous, an autonomous database like Autonomous Linux, for instance, doesn't it eliminate the need for all these management tools? >> You know, it does. It eliminates the need for the management at the lower level, right. So, with the autonomous Linux, what we offer and what we do is, we automatically patch the operating system for you and make sure it's secure from a security patching point of view. We eliminate the downtime, so when we do it then you don't have to restart applications. However, we don't know necessarily what the app is that is installed on top of it. You know, people can deploy their own applications, they can run third party applications, they can use it for development environments and so forth. So, there's sort of the core operating system layer and on the database side, you know, we take care of database patching and upgrades and storage management and all that stuff. So the same thing, if you run your own application inside the database, we can manage the database portion but we don't manage the application portion just like on the operating system. And so, there's still a management level that's required, no matter what, a level above that. And the other thing and I think this is what a lot of the stuff we're doing is based on is, you still have tons of stuff on-premises that needs full management. You have applications that you migrate that are not running Autonomous Linux, could be a Windows application that's running or it could be something on a different Linux distribution or you could still have some databases installed that you manage yourself, you don't want to use the autonomous or you're on a third-party. And so we want to make sure that we can address all of them with a single set of tools, right. >> Okay, so I wonder, can you give us just an overview, just briefly of the products that comprise into the cloud services, your management solution, what's in that portfolio? How should we think about it? >> Yeah, so it basically starts with Enterprise Manager on-premises, right? Which has been the tool that our Oracle database customers in particular have been using for many years and is widely used by our customer base. And so you have those customers, most of their real estate is on-premises and they can use enterprise management with local. They have it running and they don't want to change. They can keep doing that and we keep enhancing as you know, with newer versions of Enterprise Manager getting better. So, then there's the transition to cloud and so what we've been doing over the last several years is basically, looking at the things, well, one aspect is looking at things people, likes of Enterprise Manager and make sure that we provide similar functionality in Oracle cloud. So, we have Performance Hub for looking at how the database performance is working. We have APM for Application Performance Monitoring, we have Logging Analytics that looks at all the different log files and helps make sense of it for you. We have Database Management. So, a lot of the functionality that people like in Enterprise Manager mentioned the database that we've built into Oracle cloud, and, you know, a number of other things that are coming Operations Insights, to look at how databases are performing and how we can potentially do consolidation and stuff. So we've basically looked at what people have been using on-premises, how we can replicate that in Oracle cloud and then also, when you're in a cloud, how you can make make use of all the base services that a cloud vendor provides, telemetry, logging and so forth. And so, it's a broad portfolio and what it allows us to do with our customers is say, "Look, if you're predominantly on-prem, you want to stay there, keep using Enterprise Manager. If you're starting to move to Oracle cloud, you can first use EM, look at what's happening in the cloud and then switch over, start using all the management products we have in the cloud and let go of the Enterprise Manager instance on-premise. So you can gradually shift, you can start using more and more. Maybe you start with analytics first and then you start with insights and then you switch to database management. So there's a whole suite of possibilities. >> (indistinct) you mentioned APM, I've been watching that space, it's really evolved. I mean, you saw, you know, years ago, Splunk came out with sort of log analytics, maybe simplified that a little bit, now you're seeing some open source stuff come out. You're seeing a lot of startups come out, you saw Cisco made an acquisition with AppD and that whole space is transforming it seems that the future is all about that end to end visibility, simplifying the ability to remediate problems. And I'm thinking, okay, you just mentioned, you guys have a lot of these capabilities, you got Autonomous, is that sort of where you're headed with your capabilities? >> It definitely is and in fact, one of the... So, you know, APM allows you to say, "Hey, here's my web browser and it's making a connection to the database, to a middle tier" and it's hard for operations people in companies to say, hey, the end user calls and says, "You know, my order entry system is slow. Is it the browser? Is it the middle tier that they connect to? Is it the database that's overloaded in the backend?" And so, APM helps you with tracing, you know, what happens from where to where, where the delays are. Now, once you know where the delay is, you need to drill down on it. And then you need to go look at log files. And that's where the logging piece comes in. And what happens very often is that these log files are very difficult to read. You have networking log files and you have database log files and you have reslog files and you almost have to be an expert in all of these things. And so, then with Logging Analytics, we basically provide sort of an expert dashboard system on top of that, that allows us to say, "Hey! When you look at logging for the network stack, here are the most important errors that we could find." So you don't have to go and learn all the details of these things. And so, the real advantages of saying, "Hey, we have APM, we have Logging Analytics, we can tie the two together." Right, and so we can provide a solution that actually helps solve the problem, rather than, you need to use APM for one vendor, you need to use Logging Analytics from another vendor and you know, that doesn't necessarily work very well. >> Yeah and that's why you're seeing with like the ELK Stack it's cool, you're an open source guy, it's cool as an open source, but it's complicated to set up all that that brings. So, that's kind of a cool approach that you guys are taking. You mentioned Enterprise Manager, you just made a recent announcement, a new release. What's new in that new release? >> So Enterprise Manager 13.5 just got released. And so EM keeps improving, right? We've made a lot of changes over over the years and one of the things we've done in recent years is do more frequent updates sort of the cloud model frequent updates that are not just bug fixes but also introduce new functionality so people get more stuff more frequently rather than you know, once a year. And that's certainly been very attractive because it shows that it's a lively evolving product. And one of the main focus areas of course is cloud. And so a lot of work that happens in Enterprise Manager is hybrid cloud, which basically means I run Enterprise Manager and I have some stuff in Oracle cloud, I might have some other stuff in another cloud vendors environment and so we can actually see which databases are where and provide you with one consolidated view and one tool, right? And of course it supports Autonomous Database and Exadata in cloud servers and so forth. So you can from EM see both your databases on-premises and also how it's doing in in Oracle cloud as you potentially migrate things over. So that's one aspect. And then the other one is in terms of operations and automation. One of the things that we started doing again with Enterprise Manager in the last few years is making sure that everything has a REST API. So we try to make the experience with Enterprise Manager be very similar to how people work with a cloud service. Most folks now writing automation tools are used to calling REST APIs. EM in the early days didn't have REST APIs, now we're making sure everything works that way. And one of the advantages is that we can do extensibility without having to rewrite the product, that we just add the API clause in the agent and it makes it a lot easier to become part of the modern system. Another thing that we introduced last year but that we're evolving with more dashboards and so forth is the Grafana plugin. So even though Enterprise Manager provides lots of cool tools, a lot of cloud operations folks use a tool called Grafana. And so we provide a plugin that allows customers to have Grafana dashboards but the data actually comes out of Enterprise Manager. So that allows us to integrate EM into a more cloudy world in a cloud environment. I think the other important part is making sure that again, Enterprise Manager has sort of a cloud feel to it. So when you do patching and upgrades, it's near zero downtime which basically means that we do all the upgrades for you without having to bring EM down. Because even though it's a management tool, it's used for operations. So if there were downtime for patching Enterprise Manager for an hour, then for that hour, it's a blackout window for all the monitoring we do. And so we want to avoid that from happening, so now EM is upgrading, even though all the events are still happening and being processed, and then we do a very short switch. So that help our operations people to be more available. >> Yes. I mean, I've been talking about Automated Operations since, you know, lights out data centers since the eighties back in (laughs). I remember (indistinct) data center one-time lights out there were storage tech libraries in there and so... But there were a lot of unintended consequences around, you know, automated ops, and so people were sort of scared to go there, at least lean in too much but now with all this machine intelligence... So you're talking about ops automation, you mentioned the REST APIs, the Grafana plugins, the Cloud feel, is that what you're bringing to the table that's unique, is that unique to Oracle? >> Well, the integration with Oracle in that sense is unique. So one example is you mentioned the word migration, right? And so database migration tends to be something, you know, customers obviously take very serious. We go from one place, you have to move all your data to another place that runs in a slightly different environment. And so how do you know whether that migration is going to work? And you can't migrate a thousand databases manually, right? So automation, again, it's not just... Automation is not just to say, "Hey, I can do an upgrade of a system or I can make sure that nothing is done by hand when you patch something." It's more about having a huge fleet of servers and a huge fleet of databases. How can you move something from one place to another and automate that? And so with EM, you know, we start with sort of the prerequisite phase. So we're looking at the existing environment, how much memory does it need? How much storage does it use? Which version of the database does it have? How much data is there to move? Then on the target side, we see whether the target can actually run in that environment. Then we go and look at, you know, how do you want to migrate? Do you want to migrate everything from a sort of a physical model or do you want to migrate it from a logical model? Do you want to do it while your environment is still running so that you start backing up the data to the target database while your existing production system is still running? Then we do a short switch afterwards, or you say, "No, I want to bring my database down. I want to do the migrate and then bring it back up." So there's different deployment models that we can let our customers pick. And then when the migration is done, we have a ton of health checks that can validate whether the target database will run through basically the exact same way. And then you can say, "I want to migrate 10 databases or 50 databases" and it'll work, It's all automated out of the box. >> So you're saying, I mean, you've looked at the prevailing way you've done migrations, historically you'd have to freeze the code and then migrate, and it would take forever, it was a function of the number of lines of code you had. And then a lot of times, you know, people would say, "We're not going to freeze the code" and then they would almost go out of business trying to merge the two. You're saying in 2021, you can give customers the choice, you can migrate, you could change the, you know, refuel the plane while you're in midair? Is that essentially what you're saying? >> That's a good way of describing it, yeah. So your existing database is running and we can do a logical backup and restore. So while transactions are happening we're still migrating it over and then you can do a cutoff. It makes the transition a lot easier. But the other thing is that in the past, migrations would typically be two things. One is one database version to the next, more upgrades than migration. Then the second one is that old hardware or a different CPU architecture are moving to newer hardware in a new CPU architecture. Those were sort of the typical migrations that you had prior to Cloud. And from a CIS admin point of view or a DBA it was all something you could touch, that you could physically touch the boxes. When you move to cloud, it's this nebulous thing somewhere in a data center that you have no access to. And that by itself creates a barrier to a lot of admins and DBA's from saying, "Oh, it'll be okay." There's a lot of concern. And so by baking in all these tests and the prerequisites and all the dashboards to say, you know, "This is what you use. These are the features you use. We know that they're available on the other side so you can do the migration." It helps solve some of these problems and remove the barriers. >> Well that was just kind of same same vision when you guys came up with it. I don't know, quite a while ago now. And it took a while to get there with, you know, you had gen one and then gen two but that is, I think, unique to Oracle. I know maybe some others that are trying to do that as well, but you were really the first to do that and so... I want to switch topics to talk about security. It's hot topic. You guys, you know, like many companies really focused on security. Does Enterprise Manager bring any of that over? I mean, the prevailing way to do security often times is to do scripts and write, you know, custom security policy scripts are fragile, they break, what can you tell us about security? >> Yeah. So there's really two things, you know. One is, we obviously have our own best security practices. How we run a database inside Oracle for our own world, we've learned about that over the years. And so we sort of baked that knowledge into Enterprise Manager. So we can say, "Hey, if you install this way, we do the install and the configuration based on our best practice." That's one thing. The other one is there's STIG, there's PCI and they're ShipBob, those are the main ones. And so customers can do their own way. They can download the documentation and do it manually. But what we've done is, and we've done this for a long time, is basically bake those policies into Enterprise Manager. So you can say, "Here's my database this needs to be PCI compliant or it needs to be HIPAA compliant and you push a button and then we validate the policies in those documents or in those prescript described files. And we make sure that the database is combined to that. And so we take that manual work and all that stuff basically out of the picture, we say, "Push this button and we'll take care of it." >> Now, Wim, but just quick sidebar here, last time we talked, it was under a year ago. It was definitely during COVID and it's still during COVID. We talked about the state of the penguin. So I'm wondering, you know, what's the latest update for Linux, any Linux developments that we should be aware of? >> Linux, we're still working very hard on Autonomous Linux and that's something where we can really differentiate and solve a problem. Of course, one of the things to mention is that Enterprise Manager can can do HIPAA compliance on Oracle Linux as well. So the security practices are not just for the database it can also go down to the operating system. Anyway, so on the Autonomous Linux side, you know, management in an Oracle Cloud's OS management is evolving. We're spending a lot of time on integrating log capturing, and if something were to go wrong that we can analyze a log file on the fly and send you a notification saying, "Hey, you know there was this bug and here's the cause." And it was potentially a fix for it to Autonomous Linux and we're putting a lot of effort into that. And then also sort of IT/operation management where we can look at the different applications that are running. So you're running a web server on a Linux environment or you're running some Java processes, we can see what's running. We can say, "Hey, here's the CPU utilization over the past week or the past year." And then how is this evolving? Say, if something suddenly spikes we can say, "Well, that's normal, because every Monday morning at 10 o'clock there's a spike or this is abnormal." And then you can start drilling this down. And this comes back to overtime integration with whether it's APM or Logging Analytics, we can tie the dots, right? We can connect them, we can say, "Push this thing, then click on that link." We give you the information. So it's that integration with the entire cloud platform that's really happening now >> Integration, there's that theme again. I want to come back to migration and I think you did a good job of explaining how you sort of make that non-disruptive and you know, your customers, I think, you know, generally you're pushing you know, that experience which makes people more comfortable. But my question is, why do people want to migrate if it works and it's on prem, are they doing it just because they want to get out of the data center business? Or is it a better experience in the cloud? What can you tell us there? >> You know, it's a little bit of everything. You know, one is, of course the idea that data center maintenance costs are very high. The other one is that when you run your own data center, you know, we obviously have this problem but when you're a cloud vendor, you have these problems but we're in this business. But if you buy a server, then in three years that server basically is depreciated by new versions and they have to do migration stuff. And so one of the advantages with cloud is you push a button, you have a new version of the hardware, basically, right? So the refreshes happen on a regular basis. You don't have to go and recycle that yourself. Then the other part is the subscription model. It's a lot easier to pay for what you use rather than you have a data center whether it's used or not, you pay for it. So there's the cost advantages and predictability of what you need, you pay for, you can say, "Oh next year we need to get x more of EMs." And it's easier to scale that, right? We take care of dealing with capacity planning. You don't have to deal with capacity planning of hardware, we do that as the cloud vendor. So there's all these practical advantages you get from doing it remotely and that's really what the appeal is. >> Right. So, as it relates to Enterprise Manager, did you guys have to like tear down the code and rebuild it? Was it entire like redo? How did you achieve that? >> No, no, no. So, Enterprise Manager keeps evolving and you know, we changed the underlying technologies here and there, piecemeal, not sort of a wholesale replacement. And so in talking about five, there's a lot of new stuff but it's built on the existing EM core. And so we're just, you know, improving certain areas. One of the things is, stability is important for our customers, obviously. And so by picking things piecemeal, we replace one engine rather than the whole thing. It allows us to introduce change more slowly, right. And then it's well-tested as a unit and then when we go on to the next thing. And then the other one is I mentioned earlier, a lot of the automation and extensibility comes from REST APIs. And so instead of basically re-writing everything we just provide a REST endpoint and we make all the new features that we built automatically be REST enabled. So that makes it a lot easier for us to introduce new stuff. >> Got it. So if I want to poke around with this new version of Enterprise Manager, can I do that? Is there a place I can go, do I have to call a rep? How does that work? >> Yeah, so for information you can just go to oracle.com/enterprise manager. That's the website that has all the data. The other thing is if you're already playing with Oracle Cloud or you use Oracle Cloud, we have Enterprise Manager images in the marketplace. So if you have never used EM, you can go to Oracle Cloud, push a button in the marketplace and you get a full Enterprise Manager installation in a matter of minutes. And then you can just start using that as well. >> Awesome. Hey, I wanted to ask you about, you know, people forget that you guys are the stewards of MySQL and we've been looking at MySQL Database Cloud service with HeatWave Did you name that? And so I wonder if you could talk about what you're doing with regard to managing HeatWave environments? >> So, HeatWave is the MySQL option that helps with analytics, right? And it really accelerates MySQL usage by 100 x and in some cases more and it's transparent to the customer. So as a MySQL user, you connect with standard MySQL applications and APIs and SQL and everything. And the HeatWave part is all done within the MySQL server. The engine itself says, "Oh, this SQL query, we can offload to the backend HeatWave cluster," which then goes in memory operations and blazingly fast returns it to you. And so the nice thing is that it turns every single MySQL database into also a data warehouse without any change whatsoever in your application. So it's been widely popular and it's quite exciting. I didn't personally name it, HeatWave, that was not my decision, but it sounds very cool. >> That's very cool. >> Yeah, It's a very cool name. >> We love MySQL, we started our company on the lamp stack, so like many >> Oh? >> Yeah, yeah. >> Yeah, yeah. That's great. So, yeah. And so with HeatWave or MySQL in general we're basically doing the same thing as we have done for the Oracle Database. So we're going to add more functionality in our database management tools to also look at HeatWave. So whether it's doing things like performance hub or generic database management and monitoring tools, we'll expand that in, you know, in the near future, in the future. >> That's great. Well, Wim, it's always a pleasure. Thank you so much for coming back in "The Cube" and letting me ask all my Colombo questions. It was really a pleasure having you. (mumbling) >> It's good be here. Thank you so much. >> You're welcome. And thank you for watching, everybody, this is Dave Vellante. We'll see you next time. (bright music)

>>welcome to our session on security titled Securing Your Cloud. Everywhere With Me is Brian Langston, senior solutions engineer from Miranda's, who leads security initiatives from Renta's most security conscious customers. Our topic today is security, and we're setting the bar high by talking in some depth about the requirements of the most highly regulated industries. So, Brian four Regulated industries What do you perceive as the benefits of evolution from classic infra za service to container orchestration? >>Yeah, the adoption of container orchestration has given rise to five key benefits. The first is accountability. Think about the evolution of Dev ops and the security focused version of that team. Deb. SEC ops. These two competencies have emerged to provide, among other things, accountability for the processes they oversee. The outputs that they enable. The second benefit is audit ability. Logging has always been around, but the pervasiveness of logging data within container or container environments allows for the definition of audit trails in new and interesting ways. The third area is transparency organizations that have well developed container orchestration pipelines are much more likely to have a higher degree of transparency in their processes. This helps development teams move faster. It helped operations teams operations teams identify and resolve issues easier and help simplify the observation and certification of security operations by security organizations. Next is quality. Several decades ago, Toyota revolutionized the manufacturing industry when they implemented the philosophy of continuous improvement. Included within that philosophy was this dependency and trust in the process as the process was improved so that the quality of the output Similarly, the refinement of the process of container orchestration yields ah, higher quality output. The four things have mentioned ultimately points to a natural outcome, which is speed when you don't have to spend so much time wondering who does what or who did what. When you have the clear visibility to your processes and because you can continuously improve the quality of your work, you aren't wasting time in a process that produces defects or spending time and wasteful rework phases. You can move much faster than we've seen this to be the case with our customers. >>So what is it specifically about? Container orchestration that gives these benefits, I guess. I guess I'm really asking why are these benefits emerging now around these technologies? What's enabling them, >>right? So I think it boils down to four things related to the orchestration pipelines that are also critical components. Two successful security programs for our customers and related industry. The first one is policy. One of the core concepts and container orchestration is this idea of declaring what you want to happen or declaring the way you want things done? One place where declarations air made our policies. So as long as we can define what we want to happen, it's much easier to do complementary activities like enforcement, which is our second enabler. Um, tools that allow you to define a policy typically have a way to enforce that policy. Where this isn't the case, you need to have a way of enforcing and validating the policies objectives. Miranda's tools allow custom policies to be written and also enforce those policies. The third enabler is the idea of a baseline. Having a well documented set of policies and processes allows you to establish a baseline. Um, it allows you to know what's normal. Having a baseline allows you to measure against it as a way of evaluating whether or not you're achieving your objectives with container orchestration. The fourth enabler of benefits is continuous assessment, which is about measuring constantly back to what I said a few minutes ago. With the toilet away measuring constantly helps you see whether your processes and your target and state are being delivered as your output deviates from that baseline, your adjustments can be made more quickly. So these four concepts, I think, could really make or break your compliance status. >>It's a really way interesting way of thinking about compliance. I had thought previously back compliance, mostly as a as a matter of legally declaring and then trying to do something. But at this point, we have methods beyond legal boilerplate for asserting what we wanna happen, as you say, and and this is actually opening up new ways to detect, deviation and and enforce failure to comply. That's really exciting. Um, so you've you've touched on the benefits of container orchestration here, and you've provided some thoughts on what the drivers on enablers are. So what does Miranda's fit in all this? How does how are we helping enable these benefits, >>right? Well, our goal and more antis is ultimately to make the world's most compliant distribution. We we understand what our customers need, and we have developed our product around those needs, and I could describe a few key security aspects about our product. Um, so Miranda's promotes this idea of building and enabling a secure software supply chain. The simplified version of that that pertains directly to our product follows a build ship run model. So at the build stage is doctor trusted registry. This is where images are stored following numerous security best practices. Image scanning is an optional but highly recommended feature to enable within D T R. Image tags can be regularly pruned so that you have the most current validated images available to your developers. And the second or middle stage is the ship stage, where Miranda's enforces policies that also follow industry best practices, as well as custom image promotion policies that our customers can write and align to their own internal security requirements. The third and final stages to run stage. And at this stage, we're talking about the engine itself. Docker Engine Enterprise is the Onley container, run time with 51 40 dash to cryptography and has many other security features built in communications across the cluster across the container platform are all secure by default. So this build ship stage model is one way of how our products help support this idea of a secure supply chain. There are other aspects of the security supply chain that arm or customer specific that I won't go into. But that's kind of how we could help our product. The second big area eso I just touched on the secure supply chain. The second big area is in a Stig certification. Um, a stick is basically an implementation or configuration guide, but it's published by the U. S government for products used by the US government. It's not exclusive to them, but for customers that value security highly, especially in a regulated industry, will understand the significance and value that the Stig certification brings. So in achieving the certification, we've demonstrated compliance or alignment with a very rigid set of guidelines. Our fifth validation, the cryptography and the Stig certification our third party at two stations that our product is secure, whether you're using our product as a government customer, whether you're a customer in a regulated industry or something else, >>I did not understand what the Stig really Waas. It's helpful because this is not something that I think people in the industry by and large talk about. I suspect because these things are hard to get and time consuming to get s so they don't tend to bubble up to the top of marketing speak the way glitzy new features do that may or may not >>be secure. >>The, uh so then moving on, how has container orchestration changed? How your customers approach compliance assessment and reporting. >>Yeah, This has been an interesting experience and observation as we've worked with some of our customers in these areas. Eso I'll call out three areas. One is the integration of assessment tooling into the overall development process. The second is assessment frequency and then the third is how results are being reported, which includes what data is needed to go into the reporting. There are very likely others that could be addressed. But those are three things that I have noticed personally and working with customers. >>What do you mean exactly? By integration of assessment tooling. >>Yeah. So our customers all generally have some form of a development pipeline and process eso with various third party and open source tools that can be inserted at various phases of the pipeline to do things like status static source would analysis or host scanning or image scanning and other activities. What's not very well established in some cases is how everything fits within the overall pipeline framework. Eso fit too many customers, ends up having a conversation with us about what commands need should be run with what permissions? Where in the environment should things run? How does code get there that does this scanning? Where does the day to go? Once the out once the scan is done and how will I consume it? Thies Real things where we can help our customers understand? Um, you know what? Integration? What? Integration of assessment. Tooling really means. >>It is fascinating to hear this on, baby. We can come back to it at the end. But what I'm picking out of this Ah, this the way you speak about this and this conversation is this kind of re emergence of these Japanese innovations in product productivity in in factory floor productivity. Um, like, just in time delivery and the, you know, the Toyota Miracle and, uh, and that kind of stuff. Fundamentally, it's someone Yesterday, Anders Wahlgren from cloud bees, of course. The C I. C D expert told me, um, that one of the things he likes to tell his, uh consult ease and customers is to put a GoPro on the head of your code and figure out where it's going and how it's spending its time, which is very reminiscent of these 19 fifties time and motion studies, isn't it that that that people, you know pioneered accelerating the factory floor in the industrial America of the mid century? The idea that we should be coming back around to this and doing it at light speed with code now is quite fascinating. >>Yeah, it's funny how many of those same principles are really transferrable from 50 60 70 years ago to today. Yeah, quite fascinating. >>So getting back to what you were just talking about integrating, assessment, tooling, it sounds like that's very challenging. And you mentioned assessment frequency and and reporting. What is it about those areas that that's required? Adaptation >>Eso eso assessment frequency? Um, you know, in legacy environments, if we think about what those look like not too long ago, uh, compliance assessment used to be relatively infrequent activity in the form of some kind of an audit, whether it be a friendly peer review or intercompany audit. Formal third party assessments, whatever. In many cases, these were big, lengthy reviews full of interview questions, Um, it's requests for information, periods of data collection and then the actual review itself. One of the big drawbacks to this lengthy engagement is an infrequent engagement is that vulnerabilities would sometimes go unnoticed or unmitigated until these reviews at it. But in this era of container orchestration, with the decomposition of everything in the software supply chain and with clearer visibility of the various inputs to the build life cycle, our customers can now focus on what tooling and processes can be assembled together in the form of a pipeline that allows constant inspection of a continuous flow of code from start to finish. And they're asking how our product can integrate into their pipeline into their Q A frameworks to help simplify this continuous assessment framework. Eso that's that kind of addresses the frequency, uh, challenge now regarding reporting, our customers have had to reevaluate how results are being reported and the data that's needed in the reporting. The root of this change is in the fact that security has multiple stakeholder groups and I'll just focus on two of them. One is development, and their primary focus, if you think about it, is really about finding and fixing defects. That's all they're focused on, really, is there is there pushing code? The other group, though, is the Security Project Management Office, or PMO. This group is interested in what security controls are at risk due to those defects. So the data that you need for these two stakeholder groups is very different. But because it's also related, it requires a different approach to how the data is expressed, formatted and ultimately integrated with sometimes different data sources to be able to appease both use cases. >>Mhm. So how does Miranda's help improve the rate of compliance assessment? Aziz? Well, as this question of the need for differential data presentation, >>right, So we've developed on exposed a P I S that helped report the compliance status of our product as it's implemented in our customers on environment. So through these AP eyes, we express the data and industry standard formats using plastic out Oscar is a relatively new project out of the mist organization. It's really all about standardizing a set of standards instead of formats that expresses control information. So in this way our customers can get machine and human readable information related to compliance, and that data can then be massaged into other tools or downstream processes that our customers might have. And what I mean by downstream processes is if you're a development team and you have the inspection tools, the process is to gather findings defects related to your code. A downstream process might be the ticketing system with the era that might log a formal defect or that finding. But it all starts with having a common, standard way of expressing thes scan output. And the findings such that both development teams and and the security PMO groups can both benefit from the data. So essentially we've been following this philosophy of transparency, insecurity. What we mean by that is security isn't or should not be a black box of information on Lee, accessible and consumable by security professionals. Assessment is happening proactively in our product, and it's happening automatically. We're bringing security out of obscurity by exposing the aspects of our product that ultimately have a bearing on your compliance status and then making that information available to you in very user friendly ways. >>It's fascinating. Uh uh. I have been excited about Oscar's since, uh, since first hearing about it, Um, it seems extraordinarily important to have what is, in effect, a ah query capability. Um, that that let's that that lets different people for different reasons formalize and ask questions of a system that is constantly in flux, very, very powerful. So regarding security, what do you see is the basic requirements for container infrastructure and tools for use in production by the industries that you are working with, >>right? So obviously, you know, the tools and infrastructure is going to vary widely across customers. But Thio generalize it. I would refer back to the concept I mentioned earlier of a secure software supply chain. There are several guiding principles behind us that are worth mentioning. The first is toe have a strategy for ensuring code quality. What this means is being able to do static source code analysis, static source code analysis tools are largely language specific, so there may be a few different tools that you'll need to have to be able to manage that, um, second point is to have a framework for doing regular testing or even slightly more formal security assessments. There are plenty of tools that can help get a company started doing this. Some of these tools are scanning engines like open ESCAP that's also a product of n'est open. ESCAP can use CS benchmarks as inputs, and these tools do a very good job of summarizing and visualizing output, um, along the same family or idea of CS benchmarks. There's many, many benchmarks that are published. And if you look at your own container environment, um, there are very likely to be many benchmarks that can form the core platform, the building blocks of your container environment. There's benchmarks for being too, for kubernetes, for Dr and and it's always growing. In fact, Mirante is, uh, editing the benchmark for container D, so that will be a formal CSCE benchmark coming up very shortly. Um, next item would be defining security policies that line with your organization's requirements. There are a lot of things that come out of box that comes standard that comes default in various products, including ours, but we also give you through our product. The ability to write your own policies that align with your own organization's requirements, uh, minimizing your tax surface. It's another key area. What that means is only deploying what's necessary. Pretty common sense. But sometimes it's overlooked. What this means is really enabling required ports and services and nothing more. Um, and it's related to this concept of least privilege, which is the next thing I would suggest focusing on these privileges related to minimizing your tax service. It's, uh, it's about only allowing permissions to those people or groups that excuse me that are absolutely necessary. Um, within the container environment, you'll likely have heard this deny all approach. This denial approach is recommended here, which means deny everything first and then explicitly allow only what you need. Eso. That's a very common, uh uh, common thing that sometimes overlooked in some of our customer environments. Andi, finally, the idea of defense and death, which is about minimizing your plast radius by implementing multiple layers of defense that also are in line with your own risk management strategy. Eso following these basic principles, adapting them to your own use cases and requirements, uh, in our experience with our customers, they could go a long way and having a secure software supply chain. >>Thank you very much, Brian. That was pretty eye opening. Um, and I had the privilege of listening to it from the perspective of someone who has been working behind the scenes on the launch pad 2020 event. So I'd like to use that privilege to recommend that our listeners, if you're interested in this stuff certainly if you work within one of these regulated industries in a development role, um, that you may want to check out, which will be easy for you to do today, since everything is available once it's been presented. Matt Bentley's live presentation on secure Supply Chain, where he demonstrates one possible example of a secure supply chain that permits image. Signing him, Scanning on content Trust. Um, you may want to check out the session that I conducted with Andres Falcon at Cloud Bees who talks about thes um, these industrial efficiency factory floor time and motion models for for assessing where software is in order to understand what policies can and should be applied to it. Um, and you will probably want to frequent the tutorial sessions in that track, uh, to see about how Dr Enterprise Container Cloud implements many of these concentric security policies. Um, in order to provide, you know, as you say, defense in depth. There's a lot going on in there, and, uh, and it's ah, fascinating Thio to see it all expressed. Brian. Thanks again. This has been really, really educational. >>My pleasure. Thank you. >>Have a good afternoon. >>Thank you too. Bye.

>>Welcome everyone. Good morning. Good evening to all of you around the world. I am so excited to welcome you to launch bad our annual conference for customers, for partners, for our own colleagues here at Mirandes. This is meant to be a forum for learning, for sharing for discovery. One of openness. We're incredibly excited. Do you have you here with us? I want to take a few minutes this morning and opened the conference and share with you first and foremost where we're going as a company. What is our vision then? I also want to share with you on update on what we have been up to you for the past year. Especially with two important acquisitions, Doc Enterprise and then container and lens. And what are some of the latest developments at Mirandes? And then I'll close also with an exciting announcement that we have today, which we hope is going to be interesting and valuable for all of you. But let me start with our mission. What are we here to Dio? It's very simple. We want to help you the ship code faster. This is something that we're very excited about, something that we have achieved for many of you around the world. And we just want thio double down on. We feel this is a mission that's very much worthwhile and relevant and important to you. Now, how do we do that? How do we help you ship code faster? There are three things we believe in. We believe in this world of cloud. Um, choice is incredibly important. We all know that developers want to use the latest tools. We all know that cloud technology is evolving very quickly and new innovations appear, um, very, very quickly, and we want to make them available to you. So choice is very important. At the same time, consuming choice can be difficult. So our mission is to make choice simple for you to give developers and operators simplicity and then finally underpinning everything that we dio is security. These are the three big things that we invest in and that we believe that choice, simplicity and security and the foundation technology that we're betting on to make that happen for you is kubernetes many of you, many of our customers use kubernetes from your aunties today and they use it at scale. And this is something we want to double down on the fundamental benefit. The our key promise we want to deliver for you is Speed. And we feel this is very relevant and important and and valuable in the world that we are in today. So you might also be interested in what have been our priorities since we acquired Doc Enterprise. What has happened for the past year at Miranda's And there are three very important things we focused on as a company. The first one is customer success. Um, when we acquired Doc Enterprise, the first thing we did is listen to you connect with the most important customers and find out what was your sentiment. What did you like? What were you concerned about? What needed to improve? How can we create more value and a better experience for you? So, customers success has been a top of our list of priorities ever since. And here is what we've heard here is what you've told us. You've told us that you very much appreciated the technology that you got a lot of value out of the technology, but that at the same time, there are some things that we can do better. Specifically, you wanted better. Sele's better support experience. You also wanted more clarity on the road map. You also wanted to have a deeper alignment and a deeper relationship between your needs and your requirements and our our technical development that keep people in our development organization are most important engineers. So those three things are were very, very important to you and they were very important to us here. So we've taken that to heart and over the past 12 months, we believe, as a team, we have dramatically improved the customer support experience. We introduced new SLS with prod care. We've rolled out a roadmap to many many of our customers. We've taken your requirements of the consideration and we've built better and deeper relationships with so many of you. And the evidence for that that we've actually made some progress is in a significant increase off the work clothes and in usage of all platforms. I was so fortunate that we were able to build better and stronger relationships and take you to the next level of growth for companies like Visa like soc T general, like nationwide, like Bosch, like Axa X l like GlaxoSmithKline, like standard and Poor's, like Apple A TNT. So many, many off you, Many of all customers around the world, I believe over the past 12 months have experienced better, better, better support strong s L. A s a deeper relationship and a lot more clarity on our roadmap and our vision forward. The second very big priority for us over the last year has been product innovation. This is something that we are very excited about that we've invested. Most of our resource is in, and we've delivered some strong proof points. Doc Enterprise 3.1 has been the first release that we have shipped. Um, as Mirant is as the unified company, Um, it's had some big innovative features or Windows support or a I and machine learning use cases and a significant number off improvements in stability and scalability earlier this year. We're very excited to have a quiet lens and container team, which is by far the most popular kubernetes. I'd, um, in the world today and every day, 600 new users are starting to use lens to manage the community's clusters to deploy applications on top of communities and to dramatically simplify the experience for communities for operators and developers alike. That is a very big step forward for us as a company. And then finally, this week at this conference, we announcing our latest product, which we believe is a huge step forward for Doc Enterprise and which we call Doc Enterprise, Container Cloud, and you will hear a lot more about that during this conference. The third vector of development, the third priority for us as a company over the past year was to become mawr and Mawr developer centric. As we've seen over the past 10 years, developers really move the world forward. They create innovation, they create new software. And while our platform is often managed and run and maybe even purchased by RT architects and operators and I T departments, the actual end users are developers. And we made it our mission a za company, to become closer and closer to developers to better understand their needs and to make our technology as easy and fast to consume as possible for developers. So as a company, we're becoming more and more developers centric, really. The two core products which fit together extremely well to make that happen, or lens, which is targeted squarely at a new breed off kubernetes developers sitting on the desktop and managing communities, environments and the applications on top on any cloud platform anywhere and then DACA enterprise contain a cloud which is a new and radically innovative, contain a platform which we're bringing to market this week. So with this a za background, what is the fundamental problem which we solve for you, for our customers? What is it that we feel are are your pain points that can help you resolve? We see too very, very big trends in the world today, which you are experiencing. On one side, we see the power of cloud emerging with more features mawr innovation, more capabilities coming to market every day. But with those new features and new innovations, there is also an exponential growth in cloud complexity and that cloud complexity is becoming increasingly difficult to navigate for developers and operators alike. And at the same time, we see the pace of change in the economy continuing to accelerate on bits in the economy and in the technology as well. So when you put these two things together on one hand, you have MAWR and Mawr complexity. On the other hand, you have fast and faster change. This makes for a very, very daunting task for enterprises, developers and operators to actually keep up and move with speed. And this is exactly the central problem that we want to solve for you. We want to empower you to move with speed in the middle off rising complexity and change and do it successfully and with confidence. So with that in mind, we are announcing this week at LAUNCHPAD a big and new concept to take the company forward and take you with us to create value for you. And we call this your cloud everywhere, which empowers you to ship code faster. Dr. Enterprise Container Cloud is a lynch bit off your cloud everywhere. It's a radical and new container platform, which gives you our customers a consistent experience on public clouds and private clouds alike, which enables you to ship code faster on any infrastructure, anywhere with a cohesive cloud fabric that meets your security standards that offers a choice or private and public clouds and offer you a offers you a simple, an extremely easy and powerful to use experience. for developers. All of this is, um, underpinned by kubernetes as the foundation technology we're betting on forward to help you achieve your goals at the same time. Lens kubernetes e. It's also very, very well into the real cloud. Every concept, and it's a second very strong linchpin to take us forward because it creates the developing experience. It supports developers directly on their desktop, enabling them Thio manage communities workloads to test, develop and run communities applications on any infrastructure anywhere. So Doc, Enterprise, Container, Cloud and Lens complement each other perfectly. So I'm very, very excited to share this with you today and opened the conference for you. And with this I want to turn it over to my colleague Adam Parker, who runs product development at Mirandes to share a lot more detail about Doc Enterprise Container Cloud. Why we're excited about it. Why we feel is a radical step forward to you and why we feel it can add so much value to your developers and operators who want to embrace the latest kubernetes technology and the latest container technology on any platform anywhere. I look forward to connecting with you during the conference and we should all the best. Bye bye. >>Thanks, Adrian. My name is Adam Parco, and I am vice president of engineering and product development at Mirant ISS. I'm extremely excited to be here today And to present to you Dr Enterprise Container Cloud Doc Enterprise Container Cloud is a major leap forward. It Turpal charges are platform. It is your cloud everywhere. It has been completely designed and built around helping you to ship code faster. The world is moving incredibly quick. We have seen unpredictable and rapid changes. It is the goal of Docker Enterprise Container Cloud to help navigate this insanity by focusing on speed and efficiency. To do this requires three major pillars choice, simplicity and security. The less time between a line of code being written and that line of code running in production the better. When you decrease that cycle, time developers are more productive, efficient and happy. The code is higher, quality contains less defects, and when bugs are found are fixed quicker and more easily. And in turn, your customers get more value sooner and more often. Increasing speed and improving developer efficiency is paramount. To do this, you need to be able to cycle through coding, running, testing, releasing and monitoring all without friction. We enabled us by offering containers as a service through a consistent, cloudlike experience. Developers can log into Dr Enterprise Container Cloud and, through self service, create a cluster No I T. Tickets. No industry specific experience required. Need a place to run. A workload simply created nothing quicker than that. The clusters air presented consistently no matter where they're created, integrate your pipelines and start deploying secure images everywhere. Instantly. You can't have cloud speed if you start to get bogged down by managing, so we offer fully automated lifecycle management. Let's jump into the details of how we achieve cloud speed. The first is cloud choice developers. Operators add mons users they all want. In fact, mandate choice choice is extremely important in efficiency, speed and ultimately the value created. You have cloud choice throughout the full stack. Choice allows developers and operators to use the tooling and services their most familiar with most efficient with or perhaps simply allows them to integrate with any existing tools and services already in use, allowing them to integrate and move on. Doc Enterprise Container Cloud isn't constructive. It's open and flexible. The next important choice we offer is an orchestration. We hear time and time again from our customers that they love swarm. That's simply enough for the majority of their applications. And that just works that they have skills and knowledge to effectively use it. They don't need to be or find coop experts to get immediate value, so we will absolutely continue to offer this choice and orchestration. Our existing customers could rest assure their workloads will continue to run. Great as always. On the other hand, we can't ignore the popularity that growth, the enthusiasm and community ecosystem that has exploded with communities. So we will also be including a fully conforming, tested and certified kubernetes going down the stock. You can't have choice or speed without your choice and operating system. This ties back to developer efficiency. We want developers to be able to leverage their operating system of choice, were initially supporting full stack lifecycle management for a bun, too, with other operating systems like red hat to follow shortly. Lastly, all the way down at the bottom of stack is your choice in infrastructure choice and infrastructure is in our DNA. We have always promoted no locking and flexibility to run where needed initially were supporting open stock AWS and full life cycle management of bare metal. We also have a road map for VM Ware and other public cloud providers. We know there's no single solution for the unique and complex requirements our customers have. This is why we're doubling down on being the most open platform. We want you to truly make this your cloud. If done wrong, all this choice at speed could have been extremely complex. This is where cloud simplification comes in. We offer a simple and consistent as a service cloud experience, from installation to day to ops clusters Air created using a single pane of glass no matter where they're created, giving a simple and consistent interface. Clusters can be created on bare metal and private data centers and, of course, on public cloud applications will always have specific operating requirements. For example, data protection, security, cost efficiency edge or leveraging specific services on public infrastructure. Being able to create a cluster on the infrastructure that makes the most sense while maintaining a consistent experience is incredibly powerful to developers and operators. This helps developers move quick by being able to leverage the infra and services of their choice and operators by leveraging, available, compute with the most efficient and for available. Now that we have users self creating clusters, we need centralized management to support this increase in scale. Doc Enterprise Container cloud use is the single pane of glass for observe ability and management of all your clusters. We have day to ops covered to keep things simple and new. Moving fast from this single pane of glass, you can manage the full stack lifecycle of your clusters from the infra up, including Dr Enterprise, as well as the fully automated deployment and management of all components deployed through it. What I'm most excited about is Doc Enterprise Container Cloud as a service. What do I mean by as a service doctor? Enterprise continue. Cloud is fully self managed and continuously delivered. It is always up to date, always security patched, always available new features and capabilities pushed often and directly to you truly as a service experience anywhere you want, it run. Security is of utmost importance to Miranda's and our customers. Security can't be an afterthought, and it can't be added later with Doctor and a price continued cloud, we're maintaining our leadership and security. We're doing this by leveraging the proven security and Dr Enterprise. Dr. Enterprise has the best and the most complete security certifications and compliance, such as Stig Oscar, How and Phipps 1 $40 to thes security certifications allows us to run in the world's most secure locations. We are proud and honored to have some of the most security conscious customers in the world from all industries into. She's like insurance, finance, health care as well as public, federal and government agencies. With Dr Enterprise Container Cloud. We put security as our top concern, but importantly, we do it with speed. You can't move fast with security in the way so they solve this. We've added what we're calling invisible security security enabled by default and configured for you as part of the platform. Dr Price Container Cloud is multi tenant with granular are back throughout. In conjunction with Doc Enterprise, Docker Trusted Registry and Dr Content Trust. We have a complete end to end secured software supply chain Onley run the images that have gone through the appropriate channels that you have authorized to run on the most secure container engine in the >>industry. >>Lastly, I want to quickly touch on scale. Today. Cluster sprawl is a very real thing. There are test clusters, staging clusters and, of course, production clusters. There's also different availability zones, different business units and so on. There's clusters everywhere. These clusters are also running all over the place. We have customers running Doc Enterprise on premise there, embracing public cloud and not just one cloud that might also have some bare metal. So cloud sprawl is also a very real thing. All these clusters on all these clouds is a maintenance and observe ability. Nightmare. This is a huge friction point to scaling Dr Price. Container Cloud solves these issues, lets you scale quicker and more easily. Little recap. What's new. We've added multi cluster management. Deploy and attach all your clusters wherever they are. Multi cloud, including public private and bare metal. Deploy your clusters to any infra self service cluster creation. No more I T. Tickets to get resources. Incredible speed. Automated Full stack Lifecycle management, including Dr Enterprise Container, cloud itself as a service from the in for up centralized observe ability with a single pane of glass for your clusters, their health, your APs and most importantly to our existing doc enterprise customers. You can, of course, add your existing D clusters to Dr Enterprise Container Cloud and start leveraging the many benefits it offers immediately. So that's it. Thank you so much for attending today's keynote. This was very much just a high level introduction to our exciting release. There is so much more to learn about and try out. I hope you are as excited as I am to get started today with Doc Enterprise. Continue, Cloud, please attend the tutorial tracks up Next is Miska, with the world's most popular Kubernetes E Lens. Thanks again, and I hope you enjoy the rest of our conference.

>> Announcer: Live from Washington, DC, it's CUBEConversations with John Furrier. (techy music playing) >> Welcome back everyone, here to a special CUBEConversation in Washington, DC. We're actually in Arlington, Virginia, at Amazon Web Services Public Sector Headquarters. We're here with Sri Vasireddy, who is with REAN Cloud and recently won a big award for $950 million for the Department of Defense contract to partner with Amazon Web Services, really kind of changing the game in the cloud space with Amazon, among other partners. Thanks for joining me today. >> Thank you. >> So, obviously we love cloud. I mean, we actually, we have all of our stuff in Amazon, so we're kind of a little bit biased, but we're open minded to any cloud that we don't provision any infrastructure, so we love the idea of horizontally disrupting markets. We're just kind of doing it on a media business. You're taking an approach with REAN Cloud that's different. What's different about what you guys are doing and why are you winning so much? >> Yeah, I mean, I guess that is, you know, the key word being disruption. You know, I'm hearing more and more as this news spreads out about why, you know, we've disrupted, so they're proven the disruption, and when I mean disruption, you know, I'll explain what the disruption, you know, we're creating in the service industry is if you take a typical, like a services company-- >> John: Mm-hm. >> They integrate products using people to integrate products to solve a problem, but in the cloud world you can create those integrations with programmatic or APIs, so we can create turnkey solutions. With that, what we're able to do is really sell outcome based. We go to the customer and say it's not time and material, it's not fixed price, it's pure outcome based. So, to give you an example, let's say if you went to a theme park and while you're on a ride somebody just takes a picture, and then after you're done with the ride they put a picture in front of you and say, "Do you want to buy this?" And if you don't buy it they throw it away, so we literally have the ability to create those outcomes on the fly like that, and that's the disruption because that kind of outcome based allows customers to meet their goals much quicker. So, one of the secrets to do that, if I can get this right, is you have to have a really software driven, data driven environment. >> Sri: Absolutely. >> So, that's fundamental, so I want to explore how you do that, and then what does it mean for the customers because what you're essentially doing is kind of giving a little predictive solution management to them. Say you want to connect to this service-- >> Sri: Yeah. >> Is that microservices, is this where it's going to be wired, take us through how that works, because there's tech involved. I'm not saying you don't want to throw anything away, but if it's digital (chuckling) what does it mean to turn it on or off, so is this what people are referring to with microservices and cloud? >> Yeah, so I'll get to the microservices part. The disruption, the way, you know... The innovation that we created is if you take 20 years ago, when you look at people transforming to the internet, right, so their first time they're going on the internet, at the time they were paying a HTML developer that would develop a webpage. >> Mm-hm. >> You know, hundreds of dollars an hour, right, and today high school kids can create their own webpages. That's the outcome focus, because the technology matured to a point where it auto-generates those HTML pages. So, fast forward 20 years, today people are looking for devops engineer as a talent, and whatever that devops engineer produces, we've figured out a way to outcome base. We can drag and drop and create my architectures and we are to produce that code, right. That's what makes us very unique. Now, coming to your question about microservices, when we are going to large customers we're taking this phased approach, right. First they will do lift and shift based-- >> John: Mm-hm. >> Move to cloud, which actually doesn't even give them a lot of their features. It doesn't give them better response. It doesn't optimize for cloud and give the benefits. Say they put in the effort to apply devops to become very responsive to customers. Say if I'm a bank I have my checking business and savings business, and each line of business got very efficient by using cloud, but they have not disrupted an industry because they have not created a platform across lines of business. >> John: Mm-hm. >> Right, so what they really need to do is to take these services they are providing across lines of business and create a platform of microservices. >> So, you basically provide an automation layer for things that are automated, but you allow glue to bring them together. >> Absolutely. >> That then kicks off microservices on top of it. >> Absolutely, right. >> So, very innovative, so you essentially, it's devops in a box. (laughing) >> That's it and what-- >> Or in the cloud. >> Yeah, what normally takes three years, so most of our customers when they tell this story they tell us, "Oh, that's five years down the road." So, we knock out three years off the mark, right. There are companies that, for example, DOD is one of our customers. >> Mm-hm. >> There are some other companies that have been working with DOD for the last two, three years and they have not been able to accomplish what we accomplished in three months. >> You guys see a more holistic approach. I can imagine just you basically break it down, automate it, put it in a library, use the overlay to drag and drop. >> Exactly, plug and play and that's it. >> So, question for you, so this makes sense in hardened environments like DOD, probably locked and solid, pretty solid but what about unknown, new processes. How do you guys look at that, do you take them as they come or use AI, so if you have unknown processes that can morph out of this, how do you deal with that use case? >> So, yeah, those unfortunately, you know, so what... There's this notion of co-creation-- >> John: Yeah. >> So, there's unknown processes where we put out best engineers is what drives to this commoditization or legos that-- >> So, you're always feeding the system with new, if you will, recipes. I use that word as more of a chef thing, but you know, more-- >> Sri: Exactly. >> Modules, if you will. >> Sri: Yeah. >> As a bit of an automated way, so it's really push button cloud. >> Absolutely. >> So, no integration, you don't have to hire coders to do anything. >> No. >> At best hit a rest API-- >> Sri: Yeah. >> Or initiate a microservice. >> Yeah, so what, I mean, the company started with Amazon.com as a, sorry Amazon Web Services as our first customer, and they retained us for software companies like Microsoft, SAP, and they went to Amazon and said, "We want to create a turnkey solution," like email as a solution, for example, for Microsoft, exchanging software. Email as a solution is spam filters plus, you know, four or five other things that we have to click button and launch, and Amazon, then we were servicing Amazon to create these turnkey solutions. >> So, talk about the DOD deal, because now this is interesting because I can see how they could like this. What does it mean for the customer, your customer, in this case the DOD, when you won this new contract was announced a couple days ago, how'd that go down? >> Yeah, so you know, I think we're super happy. Actually, again, 2010-- >> All your friends calling you and saying, "Hey, that $950 million check clear yet?" (laughing) That doesn't work that way, does it? >> It doesn't, it doesn't quite work that way, but although, you know, just some history, 10 years ago I had to choose between joining as a lead cloud architect for DISA versus first architect for Amazon Web Services, and I made the choice to go to Amazon Web Services, although I really loved servicing DOD because I think DOD's very mature in what you're calling microservices. >> John: Mm-hm. Back in the day, they had to be on the forefront of net-centric enterprise services, modern day microservices, because the Information Sharing Act required them to create so many services across the department, right, but there wasn't a technology like Amazon Web Services to make them so successful. >> John: Yeah. >> So, we're coming back now and we're able to do this, and I was with a company called MITRE at the time-- >> John: Yeah. >> And we, you know, I was the lead on the first infrastructure as a service BPA. If I compare to what that infrastructure as a service BPA was, the blanket purchase agreement, to what this OTA I think it's a night and day difference. >> What's OTA? >> OTA stands for other transaction agreements. >> Okay, got it. >> Which is how-- >> It's a contract thing. >> It's a contract thing, it's outside of federal acquisition regulation. >> Okay, got it. >> Which is beautiful, by the way, because unlike if you are doing such a deal, $950 million deal, probably companies that spend millions of dollars to write paper to win the deal, OTA's a little different. DIUx, who has the charter for the OTA, they need to find a real customer and a real problem to bring commercial entities and the commercial innovation to solve a theory problem, and then we have to prove ourselves. Thereabout, I'm told 29 companies competed and we, you know, we won the first phase, but there were two consequent phases where we have to provide our services, our platform, to the customer's satisfaction, and the OTA can only be the services we already provide. So, it's a very proven technology. >> John: Mm-hm. >> And as I see some of the social media responses, I look at those responses that people are talking about, you know, small companies winning this big deal and somebody was responding like, okay, we spent, you know, hundreds of millions on large companies, did nothing, and this small company already did a lot with $6 million. >> Well, that's the flattening of the world we're living in. You're doing with devops, you've automated away a lot of their inefficiencies. >> Absolutely, yeah. >> And this is really what cloud's about. That's the promise that you're getting to the DOD. >> Sri: Yeah, absolutely. >> So, the question for you is, okay, now as you go into this, and they could've added another $50 million just to get a nice billion dollar, get a unicorn feature in there, but congratulations. >> Sri: Thank you. >> You got to go in and automate. How do you roll this out, how big is the company, what are your plans, are you... Where do you go from here? >> Our company today is, you know, about 300 plus people, but we're not rolling this out on a people basis, obviously, right. You know, usually we have at least 10x more productivity than a normal company because especially servicing someone like DOD, it's very interesting because they do follow standards set by DISA. >> Mm-hm. >> So, what that means is if I'm building applications or microservices, which is a collection of instances, I have, DISA has something called STIG. You know, it's security guidelines, so everybody is using these STIG components. Now we create this drag and drop package of those components, and at that point it's variations of, you know, those components that you drag and drop and create, right, and the best thing is you get very consistent quality, secure, you know, deployment. >> I mean, you and I are on the same page on this whole devops valuation, and certainly Mark and Teresa wrote that seminal common about the 10x engineer. >> Sri: Yeah. >> This is really the scale we're talking about here. >> Sri: Absolutely. >> You know, so for the folks that don't get this, how do you explain to them that they, like what Oracle and IBM and the other guys are trying to do there. All the old processes are like they got stacks of binders of paper, they have their strategies to go win the deals, and then they're scratching their heads saying, "Why didn't we win?" What are they missing, what are the competitors that failed in the bid, what are they missing with cloud in your opinion? Is it the architecture, is it the automation, is it the microservices, or are they just missing the boat on the sales motion? >> Yeah, I think the biggest thing that people need to know is being on their toes. When Andy talks about being on the toes, when companies like Amazon at scale being on their toes, which means gone are those days where you can have roadmaps that you plan year, you know, year from now and you know, you do it, you're away from the customer by then, right, but if you're constantly focusing on the customer and innovating every day, right, we have a vision and a backlog. We don't have a roadmap, right. What we work on is what our next customer needs. >> John: Mm-hm. >> Right, and you're constantly servicing customers and you have stories to tell about customers being successful. >> What's your backlog look like? (laughing) >> Backlog could be a zillion things. Like what-- >> Features. >> Yeah, exactly. >> Feature requests or just whatever the customer might need. >> Feature requests, user stories, really understanding the why part of it. We try to emphasize the why of, you know, why you're doing and whose pain are you solving type of things, but the important thing is, you know, are we focusing on what matters to the customer next. >> How hard is multi-cloud to do, because if you take devops and you have this abstraction layer that you're providing on top of elastic resources, like say Amazon Web Services, when you start taking multi-cloud, isn't that just an API call or does it kind of change because you have, Amazon's got S3 and EC2 and a variety of other services, Azure and Google have their own file system. How hard is it code-based-wise to do what you're doing across multiple clouds? >> It's not at all difficult because every cloud has their infrastructure as code language, just like I talked about, you know, HTML to be generated to get a webpage. We use a technology called Terraform-- >> Mm-hm. >> That is inherently multi-cloud, so when we generate that cord I could change the provider and make it, you know, another cloud, right. >> Just a whole nother language conversion. >> Sri: A whole nother language, yes, exactly. >> So, you guys, do you have to do that heavy lifting upfront? >> Again, we don't, and it so happened that it will look at our platform that automates all these-- >> Yeah. >> The Amazon part of it grew so much because of what I just said. Like, the customer demand, even the enterprise customers that do have a multi-cloud strategy-- >> Mm-hm. >> You know, they end up more of what is good. >> Yeah. >> Sri: Right, so we end up building more of what is good. >> So, the lesson is, besides be on your toes, which I would agree with Andy on that one, is to be devops, automate, connect via APIs. >> Yeah. >> Anything else you would add to that? >> Devops is a, it's a principle of being very agile, experimenting in small batches, being very responsive to customers, right. It is all principles that, you know, that we embody and just call it devops, it's a culture. >> Managing partner of REAN Cloud. Sri, thanks so much for coming in. Congratulations on your $950 million, this close to a billion, almost, and congratulations on your success. Infrastructures, code, devops, going to the next level is all about automation and really making things connect and easily driven by software and data. It's theCUBE bringing you the data here in Washington, DC, here in Arlington, Virginia, AWS's Public Sector World Headquarters. I'm John Furrier, thanks for watching. (techy music playing)