(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

>>Okay, welcome back to everyone. Cube's live coverage of VMware Explorer, 2022. I'm John fur, host of the cube. Two sets three days of live coverage. Dave Ante's here. Lisa Martin, Dave Nicholson, all host of the cube 12 interviews today, just we're with Rocklin and rolling, getting down to the end of the show. As we wind down and look back and look at the future. We've got Steven Jones. Here's the general manager of the VMware cloud on AWS. He's with Amazon web service. Steven Jones. Welcome to the cube. >>Thanks John. >>Welcome back cube alumni. I've been on many times going back to 2015. Yeah. >>Pleasure to be here. Great >>To see you again. Thanks for coming on. Obviously 10 years at AWS, what a ride is that's been, come on. That's fantastic. Tell me it's been crazy. >>Wow. Learned a lot of stuff along the way, right? I mean, we, we, we knew that there was a lot of opportunity, right? Customers wanting the agility and flexibility of, of the cloud and, and we, we still think it's early days, right? I mean, you'll hear Andy say that animals say that, but it really is. Right. If you look at even just the amount of spend that's being spent on, on clouds, it's in the billions, right. And the amount of, of spend in it is still in the trillion. So there's, there's a long way to go and customers are pushing us hard. Obviously >>It's been interesting a lot going on with VM. We're obviously around with them, obviously changing the strategy with their, their third generation and their narrative. Obviously the Broadcom thing is going on around them. And 10 years at abs, we've been, we've been, this'll be our ninth year, no 10th year at reinvent coming up for us. So, but it's 10 years of everything at Amazon, 10 years of S three, 10 years of C two. So if you look at the, the marks of time, now, the history books are starting to be written about Amazon web services. You know, it's about 10 years of full throttle cube hyperscaler in action. I mean, I'm talking about real growth, like >>Hardcore, for sure. I'll give you just one anecdote. So when I first joined, I think we had maybe two EC two instances back in the day and the maximum amount of memory you could conversion into one of these machines was I think 128 gig of Ram fast forward to today. You literally can get a machine with 24 terabytes of Ram just in insane amounts. Right? My, my son who's a gamer tells me he's got 16 gig in his, in his PC. You need to, he thinks that's a lot. >>Yeah. >>That's >>Excited about that. That's not even on his graphics card. I mean, he's, I know it's coming next. The GPU, I mean, just all >>The it's like, right? >>I mean, all the hardware innovation that you guys have done, I mean, look at every it's changed. Everyone's changed their strategy to copy AWS nitro, Dave ante. And I talk about this all the time, especially with James Hamilton and the team over there, Peter DeSantos, these guys have, are constantly going at the atoms and innovating at the, at the level. I mean that, that's how hardcore it is over there right now. I mean, and the advances on the Silicon graviton performance wise is crazy. I mean, so what does that enabling? So given that's continuing, you guys are continuing to do great work there on the CapEx side, we think that's enabling another set of new net new applications because we're starting to see new things emerge. We saw snowflake come on, customer of AWS refactor, the data warehouse, they call it a data cloud. You're starting to see Goldman Sachs. You see capital one, you see enterprise customers building on top of AWS and building a cloud business without spending the CapEx >>Is exactly right. And Ziggy mentioned graviton. So graviton is one of our fastest growing compute families now. And you know, you mentioned a couple of ISVs and partners of ours who are leaning in heavily on porting their own software. Every event Adam announced that we're working with SAP to, to help them port their HANA cloud, which is a, a database of service offering HANA flagship to graviton as well. So it's, it's definitely changing. >>And I think, you know, one of the, and we're gonna circle back to VMware is kind of a point to this. This conversation is that, is that if you look at the trends, right, okay. VMware really tried hard to do cloud and they had a good shot at it V cloud air, but it just, they didn't have the momentum that you guys had at AWS. We saw a lot, lot of other stragglers try to do cloud. They fell off the road, OpenStack, HP, and the list goes on and on. I don't wanna get into that, but the point is, as you guys become more powerful and you're open, right? So you have open ecosystem, you have people now coming back, taking advantage and refactoring and picking up where they left off. VMware was the one of the first companies that actually said, you know what pat Gelsinger said? And I was there, let's clear up the positioning. Let's go all in with AWS. That's >>Right >>At that time, 2016. >>Yeah. This was new for us, for >>Sure. And then now that's set the standard. Now everybody else is kind of doing it. Where is the VMware cloud relationship right now? How is that going out? State's worked. >>It's working well very well. It's I mean, we're celebrating, I think we made the announcement what, five years ago at this conference. Yeah. 2016. So, I mean, it's, it's been a tremendous ride. The best part are the customers who were coming and adopting and proving to us that our vision back then was the right vision. And, and, and what's been different. I think about this relationship. And it was new for us was that we, we purposely went after a jointly engineered solution. This wasn't a, we've got a, a customer or a partner that's just going to run and build something on us. This is something where we both bring muscle and we actually build a, a joint offering together. Talk about, about the main difference. >>Yeah. And that, and that's been working, but now here at this show, if you look at, if you squint through the multi-cloud thing, which is like just, I think positioning for, you know, what could happen in, in a post broad Broadcom world, the cloud native has traction they're Tansu where, where customers were leaning in. So their enterprise customer is what I call the classic. It, you know, mainstream enterprise, which you guys have been doing a lot of business with. They're now thinking, okay, I'm gonna go on continu, accelerate on, in the public cloud, but I'm gonna have hybrid on premise as well. You guys have that solution. Now they're gonna need cloud native. And we were speculating that VMware is probably not gonna be able to get 'em all of it. And, and that there's a lot more cloud native options as customers want more cloud native. How do you see that piece on Amazon side? Because there's a lot of benefits between the VMware cloud on AWS and the services that you guys have natively in your cloud. So we see customers really taking advantage of the AWS goodness, as well as expanding the cloud side at VMware cloud on AWS. >>Yeah. There's probably two ways I would look at this. Right? So, so one is the combination of VMware cloud on AWS. And then both native services just generally brings more options to customers. And so typically what we're seeing now is customers are just able to move much faster, especially as it comes to data center, evacuations, migrating all their assets, right? So it used to be that, and still some customers they're like, I I've gotta think through my entire portfolio of applications and decide what to refactor. And the only way I can move it to cloud is to actually refactor it into some net new application, more and more. We're actually seeing customers. They've got their assets. A lot of them are still on premises in a VMware state, right. They can move those super quick and then modernize those. And so I think where you'll see VMware and AWS very aligned is on this, this idea of migrate. Now you need to get the benefits of TCO and, and the agility that comes with being in the cloud and then modernize. We took a step further, which is, and I think VMware would agree here too, but all of the, the myriad of services, I think it's 200 plus now AWS native services are for use right alongside any that a customer wants to run in VMware. And so we have examples of customers that are doing just, >>And that's, that's how you guys see the native and, and VMware cloud integrating in. Yeah, that's, that's important because this, I mean, if I always joke about, you know, we've been here 12 years listening in the hallways and stuff, you know, on the bus to the event last night, walking the parties and whatnot, listening in the streets, there's kind of two conversations that rise right to the top. And I wanna get your reaction to this Steven, because this seems to be representative of this demographic here at VMware conference, there's conversations around ransomware and storage and D dub and recovery. It's all, a lot of those happen. Yeah. Clearly a big crowd here that care about, you know, Veeam and NetApp and storage and like making sure stuff's secure and air gapped. And a lot of that kind of, I call nerdy conversations and then the other one is, okay, I gotta get the cloud story. >>Right. So there's kind of the operational security. And then there's like, okay, what's my path to true cloud. I need to get this moving. I need to have better applications. My company is the application now not it serves some sort of back office function. Yeah. It's like, my company is completely using technology as its business. So the app is the business. So that means everything's technology driven, not departmental siloed. So there's a, that's what I call the true cloud conversation. How do you, how do you see that evolving because VMware customers are now going there. And I won't say, I won't say they're behind, but they're certainly going there faster than ever before. >>I think, I think, I mean, it's an interesting con it's an interesting way to put it and I, I would completely agree. I think it's, it's very clear that I think a lot of customer companies are actually being disrupted. Right. And they have to move fast and reinvent themselves. You said the app is now becoming the company. Right. I mean, if, if you look at where not too many years back, there were, you know, big companies like Netflix that were born in the cloud. Right. Airbnb they're disruptors. >>There's, that's the >>App, right? That's the app. Yeah. So I, I would exactly agree. And, and that's who other companies are competing with. And so they have to move quickly. You talked about some, some technology that allows them to do that, right? So this week we announced the general availability of a NetApp on tap solution. It's been available on AWS for some time as a fully managed FSX storage solution. But now customers can actually leverage it with, with VMC. Now, why is that important? Well, there's tens of thousands of customers running VMware. On-premises still, there's thousands of them that are actually using NetApp filers, right? NetApp, NetApp filers, and the same enterprise features like replication. D do you were talking about and Snapp and clone. Those types of things can be done. Now within the V VMware state on AWS, what's even better is they can actually move faster. So consider replicating all this, you know, petabytes and petabytes of data that are in these S from on-premises into AWS, this, this NetApp service, and then connected connecting that up to the BMC option. So it just allows customers much, much. >>You guys, you guys have always been customer focus. Every time I sat down with the Andy jazzy and then last year with Adam, same thing we worked back from, I know it's kind of a canned answer on some of the questions from media, but, but they do really care. I've had those conversations. You guys do work backwards from the customer, actually have documents called working backwards. But one of the things that I observed, we talked about here yesterday on the cube was the observations of reinvent versus say, VM world. Now explore is VM world's ecosystem was very partner-centric in the sense of the partners needed to rely on VMware. And the customers came here for both more of the partners, not so much VMware in the sense there wasn't as much, many, many announcements can compare that to the past, say eight years of reinvent, where there's so much Amazon action going on the partners, I won't say take as a second, has a backseat to Amazon, but the, the attendees go there generally for what's going on with AWS, because there's always new stuff coming out. >>And it's, it's amazing. But this year it starts to see that there's an overlap or, or change between like the VMware ecosystem. And now Amazon there's, a lot of our interviews are like, they're on both ecosystems. They're at Amazon's show they're here. So you start to see what I call the naturalization of partners. You guys are continuing to grow, and you'll probably still have thousands of announcements at the event this year, as you always do, but the partners are much more part of the AWS equation, not just we're leasing all these new services and, and oh, for sure. Look at us, look at Amazon. We're growing. Cause you guys were building out and look, the growth has been great. But now as you guys get to this next level, the partners are integral to the ecosystem. How do you look at that? How has Amazon thinking about that? I know there's been some, some, a lot of active reorgs around AWS around solving this problem or no solve the problem, addressing the need and this next level of growth. What's your reaction to >>That? Well, I mean, it's, it's a, it's a good point. So I have to be honest with you, John. I, I, I spent eight of my 10 years so far at AWS within the partner organization. So partners are very near and dear to my heart. We've got tens of thousands of partners and you are you're right. You're starting to see some overlap now between the VMware partner ecosystem and what we've built now in AWS and partners are big >>By the way, you sell out every reinvent. So it's, you have a lot of partners. I'm not suggesting that you, that there's no partner network there, but >>Partners are critical. I mean, absolutely naturally we want a relationship with a customer, but in order to scale the way we need to do to meet the, the needs of customers, we need partners. Right. We, we can't, we can't interact with every single customer as much as we would like to. Right. And so partners have long built teams and expertise that, that caters to even niche workloads or opportunity areas. And, and we love partners >>For that. Yeah. I know you guys do. And also we'll point out just to kind of give props to you guys on the partner side, you don't, you keep that top of the stack open on Amazon. You've done some stuff for end to end where customers want all Amazon, but for the most part, you let competition come in, even on, so you guys are definitely partner friendly. I'm just observing more the maturization of partners within the reinvent ecosystem, cuz we're there every year. I mean, it's, I mean, first of all, they're all buzzing. I mean, it's not like there's no action. There's a lot of customers there it's sold out as big numbers, but it just seems that the partners are much more integrated into the value proposition of at a AWS because of the, the rising tide and, and now their enablement, cuz now they're part of the, of the value proposition. Even more than ever before >>They, they really are. And they, and they're building a lot of capabilities and services on us. And so their customers are our customers. And like you say, it's rising tide, right. We, we all do better together. >>Okay. So let's talk about the VMware cloud here. What's the update here in terms of the show, what's your, what's your main focus cuz a lot of people here are doing, doing sessions. What's been some of the con content that you guys are producing here. >>Yeah. So the best part obviously is a always the customer conversations to partner conversations. So a, a lot of, a lot of sessions there, we did keynote yesterday in Ryan and I, where we talked about a number of announcements that are, I think pretty material now to the offering a joint announcement with NetApp yesterday as well around the storage solution I was talking about. And then some, some really good technical deep dives on how the offering works. Customers are still interested in like how, how do I take what I've got on premises and easily move into AWS and technology like HSX H CX solution with VMware makes it really easy without having to re IP applications. I mean, you know, it is super difficult sometimes to, to move an application. If you've got figure out where all the firewall rules are and re iPing those, those things source. But yeah, it's, it's been fantastic. >>A lot of migrations to the cloud too. A lot of cloud action, new cloud action. You guys have probably seen an uptake on services right on the native side. >>Yes. Yes. For sure. So maybe I just outlined some of the, some of the assets we made this week. So absolutely >>Go ahead. >>We, we announced a new instance family as a, a major workhorse underneath the VMware cloud offering called I, I, you mentioned nitro earlier, this is on, based on our latest generation of nitro, which allows us to offer as you know, bare metal instances, which is, which is what VMware actually VMware was our first partnership and customer that I would say actually drove us to really get Nira done and out the door. And we've continued to iterate on that. And so this I four, I instance, it's based on the, the latest Intel isolate processor with more than double the Ram double the compute, a whopping 75 gigabytes per second network. So it's a real powerhouse. The cool thing is that with the, with the NetApp storage solution that we, we discussed, we're now disaggregating the need to provision, compute and storage at the same time. It used to be, if you wanted to add more storage to your VSAN array, that was on a V VMware cloud. Yeah. You'd add another note. You might not need more compute for memory. You'd have to add another note. And so now customers can simply start adding chunks of storage. And so this opens up customers. I had a customer come to me yesterday and said, there's no reason for us not to move. Now. We were waiting for something that like this, that allowed us to move our data heavy workloads yeah. Into VMware cloud. It's >>Like, it's like the, the alignment. You mentioned alignment earlier. You know, I would say that VMware customers are lined up now almost perfectly with the hybrid story that's that's seamless or somewhat seems it's never truly seamless. But if you look at like what Deepak's doing with Kubernetes and open source, you, you guys have that there talking that big here, you got vs a eight vSphere, eight out it's all cloud native. So that's lined up with what you guys are doing on your services and the horsepower. They have their stuff, you have yours that works better together. So it seems like it's more lined up than ever before. What's your take on that? Do you agree? And, and if so, what folks watching here that are VMware customers, what's, what's the motivation now to go faster? >>Look, it is, it is absolutely lined up. We are, as, as I mentioned earlier, we are jointly engineering and developing this thing together. And so that includes not just the nuts and bolts underneath, but kind of the vision of where it's going. And so we're, we're collectively bringing in customer feedback. >>What is that vision real quick? >>So that vision has to actually help an under help meet even the most demanding customer workloads. Okay. So you've got customer workloads that are still locked in on premises. And why is that? Well, it used to be, there was big for data and migration, right? And the speed. And so we continue to iterate this and that again is a joint thing. Instead of say, VMware, just building on AWS, it really is a, a tight partnership. >>Yeah. The lift and shift is a, an easy thing to do. And, and, and by the way, that could be a hassle too. But I hear most people say the reason holding us back on the workloads is it's just a lot of work, a hassle making it easier is what they want. And you guys are doing that. >>We are doing that. Absolutely. And by the way, we've got not just engineering teams, but we've got customer support teams on both sides working together. We also have flexible commercial options, right? If a customer wants to buy from AWS because they've negotiated some kind of deal with us, they can do that. They wanna buy from VMware for a similar reason. They could buy from VMware. So are >>They in the marketplace? >>They are in the market. There, there are some things in the marketplace. So you talked about Tansu, there's a Tansu offering in the marketplace. So yes. Customers can >>Contract. Yeah. Marketplaces. I'm telling you that's very disruptive. I'm Billy bullish on the market AIOS marketplace. I think that's gonna be a transformative way. People have what they procure and fully agree, deploy and how, and channel relationships are gonna shift. I think that's gonna be a disruptive enabler to the partner equation and, and we haven't even seen it yet. We're gonna be up there in September for their inaugural event. I think it's a small group, but we're gonna be documenting that. So even final question for you, what's next for you? What's on the agenda. You got reinvent right around the corner. Your P ones are done. Right? I know. Assuming all that, I turn that general joke. That's an internal Amazon joke. FYI. You've got your plan. What's next for the world. Obviously they're gonna go this, take this, explore global. No matter what happens with Broadcom, this is gonna be a growth wave with hybrid. What's next for you and your team with AWS and VMware's relationship? >>Yeah. So both of us are hyper focused on adding additional options, both from a, an instance compute perspective. You know, VMware announced some, some, some additional offerings that we've got. We've got a fully complete, like, so they're, they announce things like VMware flex compute V VMware flex storage. You mentioned earlier, there was a conversation around ransomware. There's a new ransomware based offering. So we're hyper focused on rounding out, continuing to round out the offering and giving customers even more choice >>Real quick. Jonathan made me think about the ransomware we were at reinforce Steven Schmidtz now the CSO. Now you got a CSO. AJ's the CSO. You got a whole focus, huge emphasis on security right now. I know you always have, but now it's much more public. It's PO more positive, I think, than some of the other events I've been to. It's been more Lum and doom. What's the security tie in here with VMware. Can you share a little bit real quick on the security piece update around this relationship? >>Yeah, you bet. So as you know, security for us is job zero. Like you don't have anything of security. And so what are the things that, that we're excited about specifically with VMware is, is the latest offering that, that we put together and it's called this, this ransomware offering. And it's, it's a little bit different than other ransomware. I mean, a lot of people have ransomware offerings today, just >>Air gap. >>Right, right, right. Exactly. No, that's easy. No, this one is different. So on the back end, so within VMC, there's this, this option where CU we can be to be taking iterative snapshots of a customer environment. Now, if an event were to occur, right. And a customer is like, I have to know if I'm compromised, we can actually spin up super easy. This is cloud. Remember? Yeah. We can spin up a, a copy of this environment, throw a switch, pick a snapshot with NSX. So VMware NSX firewall it off and then use some custom tooling from VMware to actually see if it's been compromised or not. And then iterate through that until you actually know you're clean. And that's different than just tools that do maybe a >>Little bit of scam. We had Tom gills on yesterday and, and one of the things Dave ante had to leave is taking the sun to college is last one in the house and B nester now, but Tom Gill was on. We were talking about how good their security story is ware. And they really weren't showboating it as much as they could have here. I thought they could have done a better job, but this is an example of kind of them really leaning in with you guys. That's the key part of the relationship. >>Yeah, it really is. And I think this is something is materially different than what you can get elsewhere. And it's exciting for, >>Okay. Now the, the real question I want to know is what's your plans for AWS reinvent the blockbuster end of the year, Amazon surf show that gets bigger and bigger. I know it's still hybrid now, but it's looking be hybrid, but people are back in person last year. You guys were the first event really come back and still had massive numbers. AWS summit, New York at 19,000. I heard last week in Chicago, big numbers. So we're expecting reinvent to be pretty large this year. What are you, what are you gonna do there? What's your role there? >>We are expecting, well, I'll be there. I cover multiple businesses. Obviously. We're, we're planning on some additional announcements, obviously in the VMware space as well. And one of the other businesses I run is around SAP. And you should look for some things there as well. Yeah. Really looking forward to reinvent, except for the fact that it's right after Thanksgiving. But I think it >>Always ruins my, I always get an article out. I like, why are you we're having, we're having Thanksgiving dinner. I gotta write this article. It's gotta get Adam, Adam. Leski exclusive. We, every year we do a, a CEO sit down with Andy was the CEO and then now Adam. But yeah, it's a great event to me. I think it sets the tone. And it's gonna be very interesting to see the big clouds are coming to the big cloud. You guys, and you guys are now called hyperscalers. Now, multiple words. It's interesting. You guys are providing the CapEx goodness for everybody else now. And that relationship seems to be the new, the new industry standard of you guys provide the enablement and then everyone you get paid, cuz it's a service. A whole nother level of cloud is emerging in the partner network, GSI other companies. Yeah. >>Yeah. I mean we're really scaling. I mean we continue to iterate and release regions at a fast clip. We just announced support for VMware in Hong Kong. Yeah. So now we're up to 21 regions for this service, >>The sovereign clouds right around the corner. Let's we'll talk about that soon. Steven. Thanks for coming. I know you gotta go. Thank you for your valuable time. Coming in. Put Steven Jones. Who's the general manager of the VMware cloud on AWS business. Four AWS here inside the cube day. Three of cube coverage. I'm John furrier. Thanks for watching. We'll be right back.

>>Welcome back everyone Cube's live coverage here. Day two, two sets, three days of cube coverage here at VMware Explorer. This is our 12th year covering VMware's annual conference, formally called world I'm Jean Dave ante. We'd love seeing the progress and we've got great security comes Tom Gill, senior rights, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. Thanks >>For having me. Yeah, really happy we could have you on, you know, I think, I think this is my sixth edition on the cube. Like, do I get freaking flyer points or anything? >>Yeah, you get first get the VIP badge. We'll make that happen. You can start getting credits. >>Okay. There we go. >>We won't interrupt you. No, seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not like called out and, and blown up and talked specifically about on stage. It's kind of in all the narratives in, in the VM world for this year. Yeah. But you guys have an amazing security story. So let's just step back into set context. Tell us the security story for what's going on here at VMware and what that means to this super cloud multi-cloud and ongoing innovation with VMware. Yeah, >>Sure thing. So, so probably the first thing I'll point out is that, that security's not just built in at VMware it's built differently, right? So we're not just taking existing security controls and cut and pasting them into, into our software. But we can do things because of our platform because of the virtualization layer that you really can't do with other security tools and where we're very, very focused is what we call lateral security or east west movement of an attacker. Cuz frankly, that's the name of the game these days. Right? Attackers, you gotta assume that they're already in your network. Okay. Already assume that they're there, then how do we make it hard for them to get to what the, the stuff that you really want, which is the data that they're, they're going after. Right. And that's where we, >>We really should. All right. So we've been talking a lot coming into world VMware Explorer and here the event about two things security as a state. Yeah. I'm secure right now. Yeah. Or I, I think I'm secure right now, even though someone might be in my network or in my environment to the notion of being defensible. Yeah. Meaning I have to defend and be ready at a moment's notice to attack, fight, push back red team, blue team, whatever you're gonna call it, but something's happening. I gotta be a to defend. Yeah. >>So you, what you're talking about is the principle of zero trust. So the, the, when we, when I first started doing security, the model was we have a perimeter and everything on one side of the perimeter is dirty, ugly, old internet and everything on this side known good, trusted what could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So zero trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? Cuz for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine, but they're not gonna find 250 million credit cards. Right. Or the, the script of a new movie or the super secret aircraft plans, right. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done. Yeah. And that's where VMware shines. If they don't >>Have the right to get to that database, they're >>Not >>In and it's not even just the right, like, so they're so clever. And so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So it's like they have the key to unlock each one of these doors and we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key where like, wait a minute, that's not a real CIS admin making a change. That's ransomware. Yeah. Right. And that's, that's where we, you have to earn your way in. That's right. That's >>Right. Yeah. And we're all, there's all kinds of configuration errors. But also some, some I'll just user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guy's scour, the dark web for passwords that have been exposed. Correct. And go test them against different accounts. Oh one hit over here. Correct. And people don't change their passwords all the time. Correct? Correct. That's a known, known vector. We, >>We just, the idea that users are gonna be perfect and never make mistake. Like how long have we been doing this? Like humans with the weakest link. Right. So, so, so people are gonna make mistakes. Attackers are gonna be in here's another way of thinking about it. Remember log for J. Remember that whole ago, remember that was a Christmas time. That was nine months ago. And whoever came up with that, that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that was said, oh yeah, I wasn't impacted by log for J. So seers, some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one. Right? We haven't heard anything. So the point is the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. Like it's untenable, the real world. Right, right. >>We don't even go in there. They're still in there >>Watching your closet. Exactly. Moving around, nibbling on your ni line, your cookies. You know what I mean? Drinking your beer. >>Yeah. So, so let's talk about how this translates into the new reality of cloud native, because now know you hear about, you know, automated pen testing is a, a new hot thing right now you got antivirus on data. Yeah. Is hot is hot within APIs, for instance. Yeah. API security. So all kinds of new hot areas, cloud native is very iterative. You know, you, you can't do a pen test every week. Right. You gotta do it every second. Right. So this is where it's going. It's not so much simulation. It's actually real testing. Right. Right. How do you view that? How does that fit into this? Cuz that seems like a good direction to me. >>Yeah. It, it, it fits right in. And you were talking to my buddy AJ earlier about what VMware can do to help our customers build cloud native applications with, with Zu, my team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within looking at the individual piece parts and how they talk to each other and figuring out, wait a minute. That, that, that, that, that should never happen by like almost having an x-ray machine on the ins of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based and we, and we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with the hypervisor, with NSX, we see all the inner workings in a container world. >>We have this thing called a service me that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. You know, this API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit card that doesn't make any sense. Right? The anomalies stick out like a sore thumb. If you can see them. And VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that east west or lateral >>Security. Yeah. You don't belong in this room, get out or that that's right. Some weird call from an in-memory database, something over >>Here. Exactly. Where other, other security solutions won't even see that. Right. It's not like there algorithms aren't as good as ours or, or better or worse. It's that, it's the access to the data. We see the, the, the, the inner plumbing of the app. And therefore we can protect >>The app from, and there's another dimension that I wanna get in the table here, cuz to my knowledge only AWS, Google, I, I believe Microsoft and Alibaba and VMware have this, it nitro the equivalent of a nitro. Yes. Project Monterey. Yeah. That's unique. It's the future of computing architectures. Everybody needs a nitro. I've I've written about this. Yeah. Right. So explain your version. Yeah. Project. It's now real. It's now in the market right. Or soon will be. Yeah. Here. Here's our mission salient aspects. Yeah. >>Here's our mission of VMware is that we wanna make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud >>And secure >>And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Right. Not just on the edges of it. So, so, so, okay. How do we go on that journey? As you pointed out, the public cloud providers realized, you know, five years ago that the right way to build computers was not just a CPU and a GPU graphics process, unit GPU, but there's this third thing that the industry's calling a DPU data processing unit. So there's kind of three pieces of a computer. And the DPU is sometimes called a smart Nick it's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So, so with vSphere eight, we have the ability to take the network processing that east west inspection. I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that AJ and team are building. >>So no performance degradation at all, correct. >>To CPU >>Offload. So even the opposite, right? I mean you're running it basically bare metal speeds. >>Yes, yes. And yes. >>And, and, and you're also isolating the, the storage right from the, from the, the, the security, the management. And >>There's an isolation angle to this, which is that firewall that we're putting everywhere. Not just that the perimeter, we put it in each little piece of the server is running when it runs on one of these DPU, it's a different memory space. So even if, if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >>So who has access to that? That, that resource >>Pretty much just the infrastructure layer, the cloud provider. So it's Google Microsoft, you know, and the enterprise, the >>Application can't get in, >>Can't get in there. Cause it, you would've to literally bridge from one memory space to another, never say never, but it would be very, very, >>It hasn't earned the trust >>To get it's more than Bob wire. It's, it's, it's multiple walls and, and >>It's like an air gap. It puts an air gap in the server itself so that if the server's compromised, it's not gonna get into the network really powerful. >>What's the big thing that you're seeing with this super cloud transition we're seeing, we're seeing, you know, multicloud and this new, not just SAS hosted on the cloud. Yeah. You're seeing a much different dynamic of combination of large scale CapEx, cloud native. And then now cloud native develops on premises and edge kind of changing what a cloud looks like if the cloud's on a cloud. So rubber customer, I'm building on a cloud and I have on-prem stuff. So I'm getting scale CapEx relief from the, from the cap, from the hyperscalers. >>I, I think there's an important nuance on what you're talking about, which is, is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really gonna work. And some people realize >>It's not secure. Yeah. >>It, it's not secure that one's like, no, no, no, it's secure. It works. And it, and it's good. So then there was this sort of over rush. Like let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm gonna move those onto the cloud. You gotta take 'em all apart, put 'em on the cloud and put 'em all back together again. And little tiny details, like changing an IP address. It's actually much harder than it looks. So my argument is for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. Right. We pretty much every, and >>The benefit of the customer is what you >>Can literally vMotion and just pick it up and move it from private to public public, to private, private, to public, public, back and forth. >>Remember when we called VMO BS years ago. Yeah, yeah, yeah. >>We were really, skeptic is >>Powerful. We were very skeptical. We're like, that'll never happen. I mean, we were, I mean, it's supposed to be pat ourselves on the back. We, well, >>Because it's alchemy, it seems like what you can't possibly do that. Right. And so, so, so, and now we do it across clouds, right? So we can, you know, it's not quite VMO, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine, things got super tense, super fast, and they had to go from their private cloud data center in the Ukraine to a public cloud data center outta harm's way. They did it over a weekend, 48 hours. If you've ever migrated data, that's usually six months, right? And a lot of heartburn and a lot of angst, boom. They just drag and drop, moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructure's defined in software. >>If you're relying on hardware, load, balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, really, really expensive. And by the way, they eat a lot of power, right? So that was an architecture from the nineties in the cloud operating model, your data center. And this goes back to what you were talking about is just racks and racks of X 86 with these magic DPU or smart necks to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >>We just said, AJ taking us to school and everyone else to school on applications, middleware abstraction layer. Yeah. And kit Culver was also talking about this across cloud. We're talking super cloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It has. It feels to me. And again, this is, this is your wheelhouse. If super cloud happens with this kind of past layer where there's B motioning going on, all kinds of yeah. Spanning applications and data. Yeah. Across environments. Yeah. Assume there's an operating system working on behind the scenes. Right. What's the security posture in all this. Yeah. >>So remember my narrative about like VA guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff is you've gotta understand it at what, you know, we call layer seven at the application layer the in, you know, trying to do security, the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible, right. It's buried in some cloud provider. So layer seven, understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Right. Nothing to do with >>The infras. And where's the progress bar on that, that paradigm early one at the 10, 10 being everyone's doing it >>Right now. Well, okay. So we, as a vendor can do this today. All the stuff I talked about about reading APIs, understanding the, the individual services looking at, Hey, wait a minute. This credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle, early days, 10%. So, so there's a whole lot of headroom. We, for people to understand, Hey, I can put these controls in place. There's software based. They don't require appliances. It's layer seven. So it has contextual awareness and it's works on every single cloud. >>You know, we talk about the pandemic. Being an accelerator really was a catalyst to really rethink. Remember we used to talk about pat his security a do over. He's like, yes, if it's the last thing I'm due, I'm gonna fix security. Well, he decided to go try to fix Intel instead, but, >>But, but he's getting some help from the government, >>But it seems like, you know, CISOs have totally rethought, you know, their security strategy. And, and at least in part is a function of the pandemic. >>When I started at VMware four years ago, pat sat me down in his office and he said to me what he said to you, which is like Tom, he said, I feel like we have fundamentally changed servers. We fundamentally changed storage. We fundamentally changed networking. The last piece of the puzzle of security. I want you to go fundamentally change it. And I'll argue that the work that we're doing with this, this horizontal security understanding the lateral movement east west inspection, it fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so pat, thanks for the mission. We delivered it and available >>Those, those wet like web applications firewall for instance are, are around. I mean, but to your point, the perimeter's gone. Exactly. And so you gotta get, there's no perimeter. So it's a surface area problem. Correct. And access and entry, correct. They're entering here easy from some manual error or misconfiguration or bad password that shouldn't be there. They're >>In. Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall bad guys, come in the window. Right. And >>Then the window's open and the window with a ladder room. Oh my >>God. Cause it's hot, bad user behavior. Trump's good security >>Every time. And then they move around room to room. We're the room to room people. Yeah. We see each little piece of the thing. Wait, that shouldn't happen. Right. >>I wanna get you a question that we've been seeing and maybe we're early on this, or it might be just a, a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CSOs and CSOs, two roles, chief information security officer, and then chief security officer Amazon, actually, Steven Schmidt is now CSO at reinforced. They actually called that out. Yeah. And the, and the interesting point that he made, we've had some other situations that verified. This is that physical security is now tied to online to your point about the service area. If I get a password, I still at the keys to the physical goods too. Right. Right. So physical security, whether it's warehouse for them is, or store or retail digital is coming in there. Yeah. So is there a CSO anymore? Is it just CSO? What's the role or are there two roles you see that evolving or is that just, >>Well, >>I circumstance, >>I, I think it's just one. And I think that, that, you know, the stakes are incredibly high in security. Just look at the impact that these security attacks are having on it. It, you know, companies get taken down, Equifax market cap was cut, you know, 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. Right. It determines the fate of nations. I know that sounds grand, but it's true. Yeah. And so, so, so companies care so much about it. They're looking for one liter, one throat to choke, you know, one person that's gonna lead security in the virtual domain, in the physical domain, in the cyber domain, in, in, you know, in the actual, well, it is, >>I mean, you mentioned that, but I mean, mean you look at Ukraine. I mean the, the, that, that, that cyber is a component of that war. I mean, that's very clear. I mean, that's, that's new, we've never seen >>This. And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. Yeah, yeah. Right. So the us, we have a policy of, of strategic deterrents where we develop some of the most sophisticated cyber weapons in the world. We don't use them and we hope never to use them because the, the, our adversaries who could do stuff like, oh, I don't know, wipe out every bank account in north America, or turn off the lights in New York city. They know that if they were to do something like that, we could do something back. >>I, this discuss, >>This is the red line conversation I wanna go there. So >>I had this discussion with Robert Gates in 2016 and he said, we have a lot more to lose, which is really >>Your point. So this brand, so I agree that there's the, to have freedom and Liberty, you gotta strike back with divorce and that's been our way to, to balance things out. Yeah. But with cyber, the red line, people are already in banks. So they're addresses are operating below the red line, red line, meaning before we know you're in there. So do we move the red line down because Hey, Sony got hacked the movie because they don't have their own militia. Yeah. If they were physical troops on the shores of LA breaking into the file cabinets. Yeah. The government would've intervened. >>I, I, I agree with you that it creates, it creates tension for us in the us because our, our adversaries don't have the clear delineation between public and private sector here. You're very, very clear if you're working for the government or you work for an private entity, there's no ambiguity on that. And so, so we have different missions in each department. Other countries will use the same cyber capabilities to steal intellectual, you know, a car design as they would to, you know, penetrate a military network. And that creates a huge hazard for us on the us. Cause we don't know how to respond. Yeah. Is that a civil issue? Is that a, a, a military issue? And so, so it creates policy ambiguity. I still love the clarity of separation of, you know, sort of the various branches of government separation of government from, >>But that, but, but bureau on multinational corporation, you then have to, your cyber is a defensible. You have to build the defenses >>A hundred percent. And I will also say that even though there's a clear D mark between government and private sector, there's an awful lot of cooperation. So, so our CSO, Alex toshe is actively involved in the whole intelligence community. He's on boards and standards and we're sharing because we have a common objective, right? We're all working together to fight these bad guys. And that's one of the things I love about cyber is that that even direct competitors, two big banks that are rivals on the street are working together to share security information and, and private, is >>There enough? Is collaboration Tom in the vendor community? I mean, we've seen efforts to try to, that's a good question, monetize private data, you know? Yeah. And private reports and, >>And, you know, like, so at VMware, we, we, I'm very proud of the security capabilities we've built, but we also partner with people that I think of as direct competitors, we've got firewall vendors and endpoint vendors that we work with and integrate. And so cooperation is something that exists. It's hard, you know, because when you have these kind of competing, you know, so could we do more? Of course we probably could, but I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera, you know, and, you know, as the threats get worse, you'll probably see us continue to do more. >>And the governments is gonna trying to force that too. >>And, and the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called quantum processing, calling out. Yeah. Yeah. Quantum, quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. Right. That's not good at all because our whole system is built around these private communications. So, so the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption? So when the day quantum becomes available, we can change them and stay ahead of these quantum people. Well, >>Didn't this just put out a quantum proof algo that's being tested right now by the, the community. >>There's a lot of work around that. Correct. And, and, and this is taking the lead on this, but you know, Google's working on it, VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is like a, it's a, it's a x-ray machine. You know, it's like, it's like a, a, a di lithium crystal that can power a whole ship. Right. It's a really, really, really powerful >>Tool. It's bad. Things will happen. >>Bad things could happen. >>Well, Tom, great to have you on the cube. Thanks for coming. Take the last minute to just give a plug for what's going on for you here at world this year, VMware explore this year. Yeah. >>We announced a bunch of exciting things. We announced enhancements to our, our NSX family, with our advanced load balancer, with our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and zero trust built into everything you do. And that's, that's what we're working on and pushing that further and further. >>Tom Gill, senior vices president head of the networking at VMware. Thanks for coming up for you. Appreciate >>It. Yes. Thanks for having guys >>Always getting the security data. That's killer data and security of the two ops that get the most conversations around dev ops and cloud native. This is the queue bringing you all the action here in San Francisco for VMware. Explore 2022. I'm John furrier with Dave, Alan. Thanks for watching.