>>and hello, we're back. I've got my panel and we are doing things real time here. So sorry for the delay a few minutes late. So the way let's talk about things, the reason we're here and we're going around the room and introduce everybody. Got three special guests here. I got my evil or my john and the normal And we're going to talk about get ops I called it future office just because I want to think about what's the next thing for that at the end, we're gonna talk about what our ideas for what's next for getups, right? Um, because we're all starting to just get into get ups now. But of course a lot of us are always thinking about what's next? What's better? How can we make this thing better? So we're going to take your questions. That's the reason we're here, is to take your questions and answer them. Or at least the best we can for the next hour. And all right, so let's go around the room and introduce yourself. My name is Brett. I am streaming from Brett from that. From Brett. From Virginia Beach in Virginia beach, Virginia, United States. Um, and I talk about things on the internet, I sell courses on you, to me that talk about Docker and kubernetes Ive or introduce yourself. >>How's it going? Everyone, I'm a software engineer at axel Springer, currently based in Berlin and I happen to be Brett Brett's teaching assistant. >>All right, that's right. We're in, we're in our courses together almost every day. Mm john >>hey everyone, my name is john Harris, I used to work at Dhaka um, I now work at VM ware is a star field engineer. Um, so yeah, >>and normal >>awesome by the way, you are streaming from Brett Brett, >>I answered from breath to breath. >>Um I'm normal method. I'm a distinguished engineer with booz allen and I'm also a doctor captain and it's good to see either in person and it's good to see you again john it's been a little while. >>It has the pre covid times, right? You're up here in Seattle. >>Yeah. It feels, it feels like an eternity ago. >>Yeah, john shirt looks red and reminds me of the Austin T shirt. So I was like, yeah, so we all, we all have like this old limited edition doctor on E. >>T. That's a, that's a classic. >>Yeah, I scored that one last year. Sometimes with these old conference church, you have to like go into people's closets. I'm not saying I did that. Um, but you know, you have to go steal stuff, you to find ways to get the swag >>post post covid. If you ever come to my place, I'm going to have to lock the closets. That >>that's right, That's right. >>So the second I think it was the second floor of the doctor HQ in SAn Francisco was where they kept all the T shirts, just boxes and boxes and boxes floor to ceiling. So every time I went to HQ you just you just as many as you can fit in your luggage. I think I have about 10 of these. You >>bring an extra piece of luggage just for your your shirt shirt grab. Um All right, so I'm going to start scanning questions uh so that you don't have to you can you help you all are welcome to do that. And I'm going to start us off with the topic. Um So let's just define the parameters. Like we can talk about anything devops and here we can go down and plenty of rabbit holes. But the kind of, the goal here is to talk about get ups and get ups if you haven't heard about it is essentially uh using versioning systems like get like we've all been getting used to as developers to track your infrastructure changes, not just your code changes and then automate that with a bunch of tooling so that the robots take over. And essentially you have get as a central source of truth and then get log as a central source of history and then there's a bunch of magic little bits in the middle and then supposedly everything is wonderful. It's all automatic. The reality is is what it's often quite messy, quite tricky to get everything working. And uh the edges of this are not perfect. Um so it is a relatively new thing. It's probably three, maybe four years old as an official thing from. We've uh so we're gonna get into it and I'll let's go around the room and the same word we did before and um not to push on that, put you on the spot or anything. But what is, what is one of the things you either like or either hate about getups um that you've enjoyed either using it or you know, whatever for me. I really, I really love that I can point people to a repo that basically is hopefully if they look at the log a tracking, simplistic tracking of what might have changed in that part of the world or the environment. I remember many years past where, you know, I've had executive or some mid level manager wants to see what the changes were or someone outside my team went to see what we just changed. It was okay, they need access to this system into that dashboard and that spreadsheet and then this thing and it was always so complicated and now in a world where if we're using get up orbit bucket or whatever where you can just say, hey go look at that repo if there was three commits today, probably three changes happened. That's I love that particular part about it. Of course it's always more complicated than that. But um Ive or I know you've been getting into this stuff recently. So um any thoughts? Yeah, I think >>my favorite part about get ops is >>reproducibility. Um >>you know the ability to just test something and get it up and running >>and then just tear it down. >>Uh not >>being worried that how did I configure it the first time? I think that's my favorite part about >>it. I'm changing your background as we do this. >>I was going to say, did you just do it get ups pushed to like change his >>background, just a dialogue that different for that green screen equals false? Uh Change the background. Yeah, I mean, um and I mean I think last year was really my first year of actually using it on anything significant, like a real project. Um so I'm still, I still feel like I'm very new to john you anything. >>Yeah, it's weird getups is that thing which kind of crystallizes maybe better than anything else, the grizzled veteran life cycle of emotions with the technology because I think it's easy to get super excited about something new. And when I first looked into get up, so I think this is even before it was probably called getups, we were looking at like how to use guest source of truth, like everything sounds great, right? You're like, wait, get everyone knows, get gets the source of truth, There's a load of robust tooling. This just makes a sense. If everything dies, we can just apply the get again, that would be great. Um and then you go through like the trough of despair, right? We're like, oh no, none of this works. The application is super stateless if this doesn't work and what do we do with secrets and how do we do this? Like how do we get people access in the right place and then you realize everything is terrible again and then everything it equalizes and you're kind of, I think, you know, it sounds great on paper and they were absolutely fantastic things about it, but I think just having that measured approach to it, like it's, you know, I think when you put it best in the beginning where you do a and then there's a magic and then you get C. Right, like it's the magic, which is >>the magic is the mystery, >>right? >>Magic can be good and bad and in text so >>very much so yeah, so um concurrence with with john and ever uh in terms of what I like about it is the potential to apply it to moving security to left and getting closer to a more stable infrastructures code with respect to the whole entire environment. Um And uh and that reconciliation loop, it reminds me of what, what is old is new again? Right? Well, quote unquote old um in terms of like chef and puppet and that the reconciliation loop applied in a in a more uh in a cleaner interface and and into the infrastructure that we're kind of used to already, once you start really digging into kubernetes what I don't like and just this is in concurrence with the other Panelist is it's relatively new. It has um, so it has a learning curve and it's still being, you know, it's a very active um environment and community and that means that things are changing and constantly and there's like new ways and new patterns as people are exploring how to use it. And I think that trough of despair is typically figuring out incrementally what it actually is doing for you and what it's not going to solve for you, right, john, so like that's that trough of despair for a bit and then you realize, okay, this is where it fits potentially in my architecture and like anything, you have to make that trade off and you have to make that decision and accept the trade offs for that. But I think it has a lot of promise for, for compliance and security and all that good stuff. >>Yeah. It's like it's like the potentials, there's still a lot more potential than there is uh reality right now. I think it's like I feel like we're very early days and the idea of especially when you start getting into tooling that doesn't appreciate getups like you're using to get up to and use something else and that tool has no awareness of the concept so it doesn't flow well with all of the things you're trying to do and get um uh things that aren't state based and all that. So this is going to lead me to our first question from Camden asking dumb questions by the way. No dumb questions here. Um How is get apps? Not just another name for C. D. Anybody want to take that as an answer as a question. How is get up is not just another name for C. D. I have things but we can talk about it. I >>feel like we need victor foster kids. Yeah, sure you would have opinions. Yeah, >>I think it's a very yeah. One person replied said it's a very specific it's an opinionated version of cd. That's a great that's a great answer like that. Yeah. >>It's like an implement. Its it's an implementation of deployment if you want it if you want to use it for that. All right. I realize now it's kind of hard in terms of a physical panel and a virtual panel to figure out who on the panel is gonna, you know, ready to jump in to answer a question. But I'll take it. So um I'll um I'll do my best inner victor and say, you know, it's it's an implementation of C. D. And it's it's a choice right? It's one can just still do docker build and darker pushes and doctor pulls and that's fine. Or use other technologies to deploy containers and pods and change your, your kubernetes infrastructure. But get apps is a different implementation, a different method of doing that same thing at the end of the day. Yeah, >>I like it. I like >>it and I think that goes back to your point about, you know, it's kind of early days still, I think to me what I like about getups in that respect is it's nice to see kubernetes become a platform where people are experimenting with different ways of doing things, right? And so I think that encourages like lots of different patterns and overall that's going to be a good thing for the community because then more, you know, and not everything needs to settle in terms of only one way of doing things, but a lot of different ways of doing things helps people fit, you know, the tooling to their needs, or helps fit kubernetes to their needs, etcetera. Yeah, >>um I agree with that, the, so I'm gonna, since we're getting a load of good questions, so um one of the, one of the, one of the, I want to add to that real quick that one of the uh from the, we've people themselves, because I've had some on the show and one of things that I look at it is distinguishing is with continuous deployment tools, I sort of think that it's almost like previous generation and uh continuous deployment tools can be anything like we would consider Jenkins cd, right, if you if you had an association to a server and do a doctor pull and you know, dr up or dr composed up rather, or if it did a cube control apply uh from you know inside an ssh tunnel or something like that was considered considered C. D. Well get ops is much more rigid I think in terms of um you you need to apply, you have a specific repo that's all about your deployments and because of what tool you're using and that one your commit to a specific repo or in a specific branch that repo depends on how you're setting it up. That is what kicks off a workflow. And then secondly there's an understanding of state. So a lot of these tools now I have uh reconciliation where they they look at the cluster and if things are changing they will actually go back and to get and the robots will take over and will commit that. Hey this thing has changed um and you maybe you human didn't change it, something else might have changed it. So I think that's where getups is approaching it, is that ah we we need to we need to consider more than just a couple of commands that be runnin in a script. Like there needs to be more than that for a getups repo to happen anyway, that's just kind of the the take back to take away I took from a previous conversation with some people um >>we've I don't think that lost, its the last piece is really important, right? I think like for me, C d like Ci cd, they're more philosophical ideas, write a set of principles, right? Like getting an idea or a code change to environments promoting it. It's very kind of pipeline driven um and it's very imperative driven, right? Like our existing CD tools are a lot of the ways that people think about Cd, it would be triggered by an event, maybe a code push and then these other things are happening in sequence until they either fail or pass, right? And then we're done. Getups is very much sitting on the, you know, the reconciliation side, it's changing to a pull based model of reconciliation, right? Like it's very declarative, it's just looking at the state and it's automatically pulling changes when they happen, rather than this imperative trigger driven model. That's not to say that there aren't city tools which we're doing pull based or you can do pull based or get ups is doing anything creatively revolutionary here, but I think that's one of the main things that the ideas that are being introduced into those, like existing C kind of tools and pipelines, um certainly the pull based model and the reconciliation model, which, you know, has a lot in common with kubernetes and how those kind of controllers work, but I think that's the key idea. Yeah. >>Um This is a pretty specific one Tory asks, does anyone have opinions about get ops in a mono repo this is like this is getting into religion a little bit. How many repos are too many repose? How um any thoughts on that? Anyone before I rant, >>go >>for it, go for it? >>Yeah. How I'm using it right now in a monitor repo uh So I'm using GIT hub. Right, so you have what? The workflow and then inside a workflow? Yeah, mo file, I'll >>track the >>actual changes to the workflow itself, as well as a folder, which is basically some sort of service in Amman Arepa, so if any of those things changes, it'll trigger the actual pipeline to run. So that's like the simplest thing that I could figure out how to, you know, get it set up using um get hubs, uh workflow path future. Yeah. And it's worked for me for writing, you know? That's Yeah. >>Yeah, the a lot of these things too, like the mono repo discussion will, it's very tool specific. Each tool has various levels of support for branch branching and different repos and subdirectories are are looking at the defense and to see if there's changes in that specific directory. Yeah. Sorry, um john you're going to say something, >>I was just going to say, I've never really done it, but I imagine the same kind of downsides of mono repo to multiple report would exist there. I mean, you've got the blast radius issues, you've got, you know, how big is the mono repo? Do we have to pull does the tool have to pull that or cashier every time it needs to determine def so what is the support for being able to just look at directories versus you know, I think we can get way down into a deeper conversation. Maybe we'll save it for later on in the conversation about what we're doing. Get up, how do we structure our get reposed? We have super granular repo per environment, Perper out reaper, per cluster repo per whatever or do we have directories per environment or branches per environment? How how is everything organized? I think it's you know, it's going to be one of those, there's never one size fits all. I'll give the class of consultant like it depends answer. Right? >>Yeah, for sure. It's very similar to the code struggle because it depends. >>Right? >>Uh Yeah, it's similar to the to the code problem of teams trying to figure out how many repose for their code. Should they micro service, should they? Semi micro service, macro service. Like I mean, you know because too many repose means you're doing a bunch of repo management, a bunch of changes on your local system, you're constantly get pulling all these different things and uh but if you have one big repo then it's it's a it's a huge monolithic thing that you usually have to deal with. Path based issues of tools that only need to look at a specific directory and um yeah, it's a it's a culture, I feel like yeah, like I keep going back to this, it's a culture thing. Does your what is your team prefer? What do you like? What um what's painful for everyone and who's what's the loudest pain that you need to deal with? Is it is it repo management? That's the pain um or is it uh you know, is that that everyone's in one place and it's really hard to keep too many cooks out of the kitchen, which is a mono repo problem, you know? Um How do we handle security? So this is a great one from Tory again. Another great question back to back. And that's the first time we've done that um security as it pertains to get up to anyone who can commit can change the infrastructure. Yes. >>Yes. So the tooling that you have for your GIT repo and the authentication, authorization and permissions that you apply to the GIT repo using a get server like GIT hub or get lab or whatever your flavor of the day is is going to be how security is handled with respect to changes in your get ups configuration repository. So um that is completely specific to your implementation of that or ones implementation of of how they're handling that. Get repositories that the get ups tooling is looking at. To reconcile changes with respect to the permissions of the for lack of better term robot itself. Right? They get up tooling like flux or Argosy. D Um one kid would would create a user or a service account or uh other kind of authentication measures to limit the permissions for that service account that the Gaddafi's tooling needs to be able to read the repose and and send commits etcetera. So that is well within the realm of what you have already for your for your get your get um repo. Yeah. >>Yeah. A related question is from a g what they like about get apps if done nicely for a newbie it's you can get stuff done easily if you what they dislike about it is when you have too many get repose it becomes just too complicated and I agree. Um was making a joke with a team the other week that you know the developer used to just make one commit and they would pass pass it on to a QA team that would then eventually emerging in the master. But they made the commits to these feature branches or whatever. But now they make a commit, they make a pR there for their code then they go make a PR in the helm chart to update the thing to do that and then they go make a PR in the get ups repeal for Argo. And so we talked about that they're probably like four or five P. R. Is just to get their code in the production. But we were talking about the negative of that but the reality was It's just five or 4 or five prs like it wasn't five different systems that had five different methodologies and tooling and that. So I looked at it I was like well yeah that's kind of a pain in the get sense but you're also dealing with one type. It's a repetitive action but it's it's the one thing I don't have to go to five different systems with five different ways of doing it. And once in the web and one's on the client wants a command line that I don't remember. Um Yeah so it's got pros and cons I think when you >>I think when you get to the scale where those kind of issues are a problem then you're probably at the scale where you can afford to invest some time into automation into that. Right? Like what I've when I've seen this in larger customers or larger organizations if there ever at that stage where okay apps are coming up all the time. You know, there's a 10 X 100 X developer to operations folks who may be creating get repose setting up permissions then that stuff gets automated, right? Like, you know, maybe ticket based systems or whatever. Developers say I need a new app. It templates things or more often using the same model, right of reconciliation and operators and the horrific abuse of cogs that we're seeing in the communities community right now. Um You know, developers can create a crd which just says, hey, I'm creating a new app is called app A and then a controller will pick up that app a definition. It will go create a get a repo Programmatically it will add the right definitely will look up and held up the developers and the permissions that need to be able to get to that repo it will create and template automatically some name space and the clusters that it needs in the environments that it needs, depending on, you know, some metadata it might read. So I think, you know, those are definite problems and they're definitely like a teething, growing pain thing. But once you get to that scale, you kind of need to step back and say, well look, we just need to invest in time into the operational aspect of this and automating this pain away, I think. Yeah, >>yeah. And that ultimately ends in Yeah. Custom tooling, which it's hard to avoid it at scale. I mean, there's there's two, there's almost two conversations here, right. There is what I call the Solo admin Solo devops, I bought that domain Solo devops dot com because, you know, whenever I'm talking to dr khan in the real world, it's like I asked people to raise hands, I don't know how we can raise hands here, but I would ask people to raise hands and see how many of you here are. The sole person responsible for deploying the app that your team makes and like a quarter of the room would raise their hand. So I call that solo devops like those, that person can't make all the custom tooling in the world. So they really need dr like solutions where it's opinionated, the workflow is sort of built in and they don't have to wrangle things together with a bunch of glue, you know, in other words bash. Um and so this kind of comes to a conversation uh starting this question from lee he's asking how do you combine get ops with ci cd, especially the continuous bit. How do you avoid having a human uh sort of the complaint the team I was working with has, how do you avoid a human editing and get committing for every single deploy? They've settled on customized templates and a script for routine updates. So as a seed for this conference, this question I'm gonna ask you all uh instead of that specific question cause it's a little open ended. Um Tell me whether you agree with this. I I kind of look at the image, the image artifact because the doctor image or container image in general is an artifact that I I view it that way and that thing going into the registry with the right label or right part of the label. Um That tag rather not the label but the tag that to me is like one of the great demarche points of, we're kind of done with Ci and we're now into the deployment phase and it doesn't necessarily mean the tooling is a clear cut there, but that artifact being shipped in a specific way or promoted as we sometimes say. Um what do you think? Does anyone have opinions on that? I don't even know if that's the right opinion to have so mhm. >>So um I think what you're, what you're getting at is that get ups, models can trigger off of different events um to trigger the reconciliation loop. And one way to do that is if the image, if it notices a image change in the registry, the other is if there's a commit event on a specific rebo and branch and it's up to, you are up to the person that's implementing their get ups model, what event to trigger there, that reconciliation loop off of, You can do both, you can do one or the other. It also depends on the Templeton engine that you're using on top of um on top of kubernetes, such as helm or um you know, the other ones that are out there or if you're not even doing that, then, you know straight. Yeah, mo um so it kind of just depends, but those are the typically the two options one has and a combination of of those to trigger that event. You can also just trigger it manually, right? You can go into the command line and force a a, you know, a really like a scan or a new reconciliation loop to occur. So it kind of just, I don't want to say this, but it depends on what you're trying to do and what makes sense in your pipeline. Right? So if you're if you're set up where you are tag, if you're doing it based off of image tags, then you probably want to use get ups in a way that you're using the image tags. Right. And the pattern that you've established there, if you're not really doing that and you're more around, like, different branches are mapped to different environments, then triggered off of the correct branch. And that's where the permissions also come into play. Where if you don't want someone to touch production and you've got your getups for your production cluster based off of like uh you know, a main branch, then whoever can push a change to that main branch has the authority to push that change to production. Right? So that's your authentication and permissions um system same for the registry itself. Right. So >>Yeah. Yeah. Sorry, anyone else have any thoughts on that? I was about to go to the next topic, >>I was going to say. I think certain tools dictate the approach, like, if you're using Argosy d it's I think I'm correct me if I'm wrong, but I think the only way to use it right now is just through image modification. Like, the manifest changes, it looks at a specific directory and anything changes then it will do its thing. And uh Synchronize the cost there with whatever's and get >>Yeah, flux has both. Yeah, and flux has both. So it it kind of depends. I think you can make our go do that too, but uh this is back to what we were saying in the beginning, uh you know, these things are changing, right? So that might be what it is right now in terms of triggering the reconciliation loops and get ups, tooling, but there might be other events in the future that might trigger it, and it's not completely stand alone because you still need you're tooling to do any kind of testing or whatever you have in terms of like the specific pipeline. So oftentimes you're bolting in getups into some other part of broader Cfd solution. That makes sense. Yeah, >>we've got a lot of questions about secrets or people that are asking about secrets. >>So my my tongue and cheek answered the secrets question was, what's the best practices for kubernetes? Secrets? That's the same thing for secrets with good apps? Uh getups is not last time I checked and last time I was running this stuff get ups is not has nothing to do with secrets in that sense. It's just there to get your stuff running on communities. So, um there's probably a really good session on secrets at dr concept. I >>would agree with you, I agree with you. Yeah, I mean, get off stools, I mean every every project of mine handles secrets differently. Uh huh. And I think I'm not sure if it was even when I was talking to but talking to someone recently that I'm very bullish on get up actions, I love get up actions, it's not great for deployments yet, but we do have this new thing and get hub environments, I think it's called. So it allows me at least the store secrets per environment, which it didn't have the concept of that before, which you know, if you if any of you running kubernetes out there, you typically end up when you start running kubernetes, you end up with more than one kubernetes, like you're going to end up with a lot of clusters at some point, at least many multiple, more than two. Um and so if you're trying to store secret somewhere, you do have and there's a discussion happening in chat right now where people are talking about um sealed secrets which if you haven't heard of that, go look that up and just be versed on what sealed secrets is because it's a it's a fantastic concept for how to store secrets in the public. Um I love it because I'm a big P. K. I nerd but um it's not the only way and it doesn't fit all models. So I have clients that use A W. S. Secrets because they're in A W. S. And then they just have to use the kubernetes external secret. But again like like like normal sand, you know, it's that doesn't really affect get ops, get ops is just applying whatever helm charts or jahmal or images that you're, you're you're deploying, get off. It was more about the approach of when the changes happen and whether it's a push or pull model like we're talking about and you know, >>I would say there's a bunch of prerequisites to get ups secrets being one of them because the risk of you putting a secret into your git repo if you haven't figured out your community secrets architecture and start diving into getups is high and removing secrets from get repose is you know, could be its own industry, right. It's >>a thing, >>how do >>I hide this? How do I obscure this commit that's already now on a dozen machines. >>So there are some prerequisites in terms of when you're ready to adopt get up. So I think is the right way of saying the answer to that secrets being one of them. >>I think the secrets was the thing that made me, you know, like two or three years ago made me kind of see the ah ha moment when it came to get ups which, which was that the premier thing that everyone used to say about get up about why it was great. Was its the single source of truth. There's no state anywhere else. You just need to look at git. Um and then secrets may be realized along with a bunch of other things down the line that is not true and will never be true. So as soon as you can lose the dogmatism about everything is going to be and get it's fantastic. As long as you've understood everything is not going to get. There are things which will absolutely never be and get some tools just don't deal with that. They need to earn their own state, especially in communities, some controls on their own state. You know, cuz sealed secrets and and other projects like SOps and I think there are two or three others. That's a great way of dealing with secrets if you want to keep them in get. But you know, projects like vault more kind of like what I would say, production grade secret strategies. Right? And if you're in AWS or a cloud, you're more likely to be using their secrets. Your secret policy is maybe not dictated by you in large organizations might be dictated by CSO or security or Great. Like I think once if you, if you're trying to adopt getups or you're thinking about it, get the dogmatism of get as a single point of truth out of your mind and think about getups more as a philosophy and a set of best practice principles, then you will be in much better stead, >>right? Yeah. >>People are asking more questions in chat like infrastructure as code plus C d essentially get ups or C I rather, um, these are all great questions and a part of the debate, I'm actually just going to throw up on screen. I'm gonna put this in chat, but this is, this is to me the source, Right? So we worked with when they coined the term. We, a lot of us have been trying to get, if we talk about the history for a minute and then tell me if I'm getting this right. Um, a lot of us were trying to automate all these different parts of the puzzle, but a lot of them, they, some things might have been infrastructure as code. Some things weren't, some things were sort of like settings is coded, like you're going to Jenkins and type in secrets and settings or type in a certain thing in the settings of Jenkins and then that it wasn't really in get and so what we was trying to go for was a way to have almost like eventually a two way state understanding where get might change your infrastructure but then your infrastructure might also change and needs to be reflected in the get if the get is trying to be the single source of truth. Um and like you're saying the reality is that you're never gonna have one repo that has all of your infrastructure in it, like you would have to have, you have to have all your terra form, anything else you're spinning up. Right. Um but anyway, I'm gonna put this link in chat. So this guide actually, uh one of things they talk about is what it's not, so it's, it's kind of great to read through the different requirements and like what I was saying well ago um mhm. Having having ci having infrastructure as code and then trying a little bit of continuous deployment out, it's probably a prerequisite. Forget ops so it's hard to just jump into that when you don't already have infrastructure as code because a machine doing stuff on your behalf, it means that you have to have things documented and somewhere and get repo but let me put this in the in the >>chitty chat, I would like to know if the other panelists agree, but I think get apps is a okay. I would say it's a moderate level, it's not a beginner level communities thing, it's like a moderate level advanced, a little bit more advanced level. Um One can start off using it but you definitely have to have some pre recs in place or some understanding of like a pattern in place. Um So what do the other folks think about that opinion? >>I think if you're if you're trying to use get out before, you know what problem you have, you're probably gonna be in trouble. Right. It's like having a solution to it probably don't have yet. Mhm. Right. I mean if if you're just evil or and you're just typing, keep control apply, you're one person right, Get off. It doesn't seem like a big a big jump, like, I mean it doesn't like why would I do that? I'm just, I'm just gonna inside, it's the type of get commit right, I'm typing Q control apply. But I think one of the rules from we've is none of your developers and none of your admins can have cute control access to the cluster because if you can't, if you do have access and you can just apply something, then that's just infrastructure as code. That's just continuous deployment, that's, that's not really get ops um, getups implies that the only way things get into the cluster is through the get up, get automation that you're using with, you know, flux Argo, we haven't talked about, what's the other one that Victor Farsi talks about, by the way people are asking about victor, because victor would love to talk about this stuff, but he's in my next life, so come back in an hour and a half or whatever and victor is going to be talking about sys, admin list with me. Um >>you gotta ask him nothing but get up questions in the next, >>confuse them, confuse them. But anyway, that, that, that's um, it's hard, it's hard to understand and without having tried it, I think conceptually it's a little challenging >>one thing with getups, especially based off the we've works blog post that you just put up on there. It's an opinionated way of doing something. Uh you know, it's an opinionated way of of delivering changes to an environment to your kubernetes environment. So it's opinionated were often not used to seeing things that are very opinionated in this sense, in the in the ecosystem, but get apps is a opinionated thing. It's it's one way of doing it. Um there are ways to change it and like there are options um like what we were talking about in terms of the events that trigger, but the way that it's structured is an opinion opinionated way both from like a tooling perspective, like using get etcetera, but also from a devops cultural perspective, right? Like you were talking about not having anyone access cube control and changing the cluster directly. That's a philosophical opinion that get ups forces you to adopt otherwise. It kind of breaks the model and um I just I want everyone to just understand that. That is very opinion, anything in that sense. Yeah, >>polygamy is another thing. Infrastructure as code. Um someone's mentioning plummy and chat, I just had actually my life show self plug bread that live go there. I'm on Youtube every week. I did the same thing. These these are my friends um and had palami on two weeks ago uh last week, remember uh and it was in the last couple of weeks and we talked about their infrastructure as code solution. Were actually writing code instead of um oh that's an interesting take on uh developer team sort of owning coding the infrastructure through code rather than Yamil as a data language. I don't really have an opinion on it yet because I haven't used it in production or anything in the real real world, but um, I'm not sure how much they are applying trying to go towards the get up stuff. I will do a plug for Solomon hikes. Who has a, the beginning of the day, it's already happened so you can go back and watch it. It's a, it's a, what's it called? Q. Rethinking application delivery with Q. And build kit. So go look this up. This is the found co founder of Dr and former CTO Solomon hikes at the beginning of the day. He has a tool called dagger. I'm not sure why the title of the talk is delivering with Q. And built it, but the tool is showing off in there for an hour is called dagger. And it's, it's an interesting idea on how to apply a lot of this opinionated automated stuff to uh, to deployment and it's get off space and you use Q language. It's a graph language. I watched most of it and it was a really interesting take. I'm excited to see if that takes off and if they try that because it's another way that you can get a little bit more advanced with your you're get deployments and without having to just stick everything in Yemen, which is kind of what we're in today with helm charts and what not. All right. More questions about secrets, I think. I think we're not going to have a whole lot of more, a lot more about secrets basically. Uh put secrets in your cluster to start with and kubernetes in encrypted, you know, thing. And then, you know, as it gets harder, then you have to find another solution when you have five clusters, you don't wanna have to do it five times. That's when you have to go for Walton A W. S secrets and all >>that. Right? I'm gonna post it note. Yeah. Crm into the cluster. Just kidding. >>Yes, there are recordings of this. Yes, they will be later. Uh, because we're that these are all gonna be on youtube later. Um, yeah, detects secrets cushion saying detect secrets or get Guardian are absolute requirements. I think it's in reference to your secrets comment earlier. Um, Camels asking about Cuban is dropping support for Docker that this is not the place to ask for that, but it, it is uh, basically it's a Nonevent Marantz has actually just created that same plug in available in a different repos. So if you want to keep using Docker and kubernetes, you know, you can do it like it's no big deal. Most of us aren't using doctor in our communities anyway, so we're using like container D or whatever is provided to us by our provider. Um yeah, thank you so much for all these comments. These are great people helping each other and chat. I feel like we're just here to make sure the chats available so people can help each other. >>I feel like I want to pick up on something when you mentioned pollux me, I think there's a um we're talking about getups but I think in the original like the origination of that I guess was deploying applications to clusters right, picking up deployment manifest. But I think with the gloomy and I obviously terra form and things have been around a long time, folks are starting to apply this I think I found one earlier which was like um kub stack the Terror Forms get ups framework. Um but also with the advent of things like cluster A. P. I. Um in the Cuban at the space where you can declare actively build the infrastructure for your clusters and build the cluster right? We're not just talking about deploying applications, the cluster A. P. I will talk to a W. S. Spin up, VPc spin up machines, you know, we'll do the same kind of things that terra form does and and those other tools do I think applying getups principles to the infrastructure spin up right, the proper infrastructure as code stuff, constantly applying Terror form um you know, plans and whatever, constantly applying cluster Api resources spinning up stuff in those clouds. That's a super interesting. Um you know, extension of this area, I'd be curious to see if what the folks think about that. >>Yeah, that's why I picked this topic is one of my three. Uh I got I got to pick the topics. I was like the three things that there like the most bleeding edge exciting. Most people haven't, we haven't basically we haven't figured all this out yet. We as an industry, so um it's I think we're gonna see more ideas on it. Um what's the one with the popsicle as the as the icon victor talks about all the time? It's not it's another getups like tool, but it's um it's getups for you use this kubernetes limit and then we have to look it up, >>You're talking about cross plane. >>So >>my >>wife is over here with the sound effects and the first sound effect of the day that she chooses to use is one. >>All right, can we pick it? Let's let's find another question bret >>I'm searching >>so many of them. All right, so uh I think one really quick one is getups only for kubernetes, I think the main to tooling to tools that we're talking about, our Argosy D and flux and they're mostly geared toward kubernetes deployments but there's a, it seems like they're organized in a way that there's a clean abstraction in with respect to the agent that's doing the deployment and the tooling that that can interact with. So I would imagine that in the future and this might be true already right now that get ups could be applied to other types of deployments at some point in the future. But right now it's mostly focused and treats kubernetes as a first class citizen or the tooling on top of kubernetes, let's say something like how as a first class citizen? Yeah, to Brett, >>to me the field, back to you bret the thing I was looking for is cross plane. So that's another tool. Um Victor has been uh sharing a lot about it in Youtube cross plane and that is basically runs inside a kubernetes, but it handles your other infrastructure besides your app. It allows you to like get ops, you're a W. S stuff by using the kubernetes state engine as a, as a way to manage that. And I have not used it yet, but he does some really great demos on Youtube. So people are liking this idea of get off, so they're trying to figure out how do we, how do we manage state? How do we uh because the probably terra form is that, well, there's many problems, but it's always a lot of problems, but in the get outs world it's not quite the right fit yet, It might be, but you still, it's still largely as expected for people to, you know, like type the command, um, and it keeps state locally the ss, clouds and all that. And but the other thing is I'm I'm now realizing that when I saw the demo from Solomon, I'm going back to the Solomon hikes thing. He was using the demo and he was showing it apply deploying something on S three buckets, employing internet wifi and deploying it on google other things beyond kubernetes and saying that it's all getups approach. So I think we're just at the very beginning of seeing because it all started with kubernetes and now there's a swarm one, you can look up swarm, get office and there's a swarm, I can't take the name of it. Swarm sink I think is what's called swarm sink on git hub, which allows you to do swarm based getups like things. And now we're seeing these other tools coming out. They're saying we're going to try to do the get ups concepts, but not for kubernetes specifically and that's I think, you know, infrastructure as code started with certain areas of the world and then now then now we all just assume that you're going to have an infrastructure as code way of doing whatever that is and I think get off is going to have that same approach where pretty soon, you know, we'll have get apps for all the clouds stuff and it won't just be flexor Argo. And then that's the weird thing is will flex and Argo support all those things or will it just be focused on kubernetes apps? You know, community stuff? >>There's also, I think this is what you're alluding to. There is a trend of using um kubernetes and see rDS to provision and control things that are outside of communities like the cloud service providers services as if they were first class entities within kubernetes so that you can use the kubernetes um focus tooling for things that are not communities through the kubernetes interface communities. Yeah, >>yeah, even criticism. >>Yeah, yeah, I'm just going to say that sounds like cross plane. >>Yeah, yeah, I mean, I think that's that's uh there were, you know, for the last couple of years, it's been flux and are going back and forth. Um they're like frenemies, you know, and they've been going back and forth with iterating on these ideas of how do we manage this complicated thing? That is many kubernetes clusters? Um because like Argo, I don't know if the flux V two can do this, but Argo can manage multiple clusters now from one cluster, so your, you can manage other clusters, technically external things from a single entity. Um Originally flux couldn't do that, but I'm going to say that V two can, I don't actually >>know. Um I think all that is gonna, I think that's going to consolidate in the future. All right. In terms of like the common feature set, what Iver and john what do you think? >>I mean, I think it's already begun, right, I think haven't, didn't they collaborate on a common engine? I don't know whether it's finished yet, but I think they're working towards a common getups engine and then they're just going to layer on features on top. But I think, I mean, I think that's interesting, right, because where it runs and where it interacts with, if we're talking about a pull based model, it shouldn't, it's decentralized to a certain extent, right? We need get and we need the agent which is pulling if we're saying there's something else which is orchestrating something that we start to like fuzzy the model even right. Like is this state living somewhere else, then I think that's just interesting as well. I thought flux was completely decentralized, but I know you install our go somewhere like the cargo has a server as well, but it's been a while since I've looked in depth at them. But I think the, you know, does that muddy the agent only pull model? >>I'm reading a >>Yeah, I would say that there's like a process of natural selection going on as as the C. N. C. F. Landscape evolves and grows bigger and a lot of divide and conquer right now. But I think as certain things kind of get more prominent >>and popular, I think >>it starts to trend and it inspires other things and then it starts to aggregate and you know, kind of get back into like a unified kind of like core. Maybe like for instance, cross plane, I feel like it shouldn't even really exist. It should be, it like it's a communities add on, but it should be built in, it should be built into kubernetes, like why doesn't this exist already >>for like controlling a cloud? >>Yeah, like just, you know, having this interface with the cloud provider and be able to Yeah, >>exactly. Yeah, and it kinda, you're right. That kinda happens because you do, I mean when you start talking about storage providers and networking providers was very specific implementations of operators or just individual controllers that do operate and control other resources in the cloud, but certainly not universally right. Not every feature of AWS is available to kubernetes out of the box. Um and you know, it, one of the challenges across plane is you gotta have kubernetes before you can deploy kubernetes. Like there's a chicken and egg issue there where if you're going to use, if you're going to use our cross plane for your other infrastructure, but it's gotta, but it has to run on kubernetes who creates that first kubernetes in order for you to put that on there. And victor talks about one of his videos, the same problem with flux and Argo where like Argo, you can't deploy Argo itself with getups. There has to be that initial, I did a thing with, I'm a human and I typed in some commands on a server and things happened but they don't really have an easy deployment method for getting our go up and running using simply nothing but a get push to an existing system. There's something like that. So it's a it's an interesting problem of day one infrastructure which is again only day one, I think data is way more interesting and hard, but um how can we spend these things up if they're all depending on each other and who is the first one to get started? >>I mean it's true of everything though, I mean at the end of that you need some kind of big bang kind of function too, you know, I started running start everything I >>think without going over that, sorry, without going off on a tangent. I was, I was gonna say there's a, if folks have heard of kind which is kubernetes and Docker, which is a mini kubernetes cluster, you can run in a Docker container or each container will run as a as a node. Um you know, that's been a really good way to spin up things like clusters. KPI because they boot strap a local kind, install the manifests, it will go and spin up a fully sized cluster, it will transfer its resources over there and then it will die itself. Right? So that, that's kind of bootstrapping itself. And I think a couple of folks in the community, Jason to Tiberius, I think he works for Quinyx metal um has, has experimented with like an even more minimal just Api server, so we're really just leveraging the kubernetes ideas of like a reconciliation loop and a controller. We just need something to bootstrap with those C R D s and get something going and then go away again. So I think that's gonna be a pattern that comes up kind of more and more >>Yeah, for sure. Um, and uh, the next, next quick answer to the question, Angel asked what your thoughts on getups being a niche to get or versus others vcs tools? Well, if I knew anyone who is using anything other than get, I would say no, you know, get ops is a horrible name. It should just be CVS office, but that doesn't or vcs ops or whatever like that, but that doesn't roll off the tongue. So someone had to come up with the get ups phrase. Um but absolutely, it's all about version control solutions used for infrastructure, not code. Um might get doctor asks a great question, we're not gonna have time for it, but maybe people can reply and chat with what they think but about infrastructure and code, the lines being blurred and that do develop, how much of infrastructure does developer do developers need to know? Essentially, they're having to know all the things. Um so unfortunately we've had way more questions like every panel here today with all the great community, we've got way more questions we can handle in this time. So we're gonna have to wrap it up and say goodbye. Go to the next live panel. I believe the next one is um on developer, developer specific setups that's gonna be peter running that panel. Something about development in containers and I'm sure it's gonna be great. Just like this one. So let's go around the room where can people find you on the internet? I'm at Brett fisher on twitter. That's where you can usually find me most days you are? >>Yeah, I'm on twitter to um, I'll put it in the chat. It's kind of confusing because the TSR seven. >>Okay. Yeah, that's right. You can't just say it. You can also look at the blow of the video and like our faces are there and if you click on them, it tells you our twitter in Arlington and stuff, john >>John Harris 85, pretty much everywhere. Get hub Twitter slack, etc. >>Yeah >>and normal, normal faults or just, you know, living on Youtube live with Brett. >>Yeah, we're all on the twitter so go check us out there and thank you so much for joining. Uh thank you so much to you all for being here. I really appreciate you taking time in your busy schedule to join me for a little chit chat. Um Yes, all the, all the cheers, yes. >>And I think this kid apps loop has been declarative lee reconciled. >>Yeah, there we go. And with that ladies and gentlemen, uh bid you would do, we will see you in the next, next round coming up next with Peter >>bye.

>> (narrator) From around the globe. It's theCUBE. With digital coverage of AWS re:Invent 2020. Sponsored by Intel, AWS and our community partners. >> Welcome to theCUBE virtual. Our coverage of AWS re:Invent 2020 continues. I'm Lisa Martin. Got a couple of guests joining me next. Wendy Moore the VP of product marketing from Trend Micro is here and Geva Solomonovich Global Alliances CTO from Snyk. Wendy and Geva, It's great to have you both on the program today. >> Thanks for having us. Great to be here. >> Hi, thanks for having us. >> Last year we were probably all crammed in Vegas together. Here we are virtually but it's great that we're still able to connect. So lot has gone on since we were all at re:Invent in Vegas last year. Wendy, let's start with you from a security perspective there's been a growth in open source vulnerabilities that have impacted enterprises globally. Talk to me about what you're seeing there. What's going on? >> Yeah. Well. I think everybody in this audience recognizes the rapid shift to the use of open source in development teams. And what we've seen alongside that is a rapid increase in the number of vulnerabilities that are showing up in open source software. So that means that vulnerabilities that can be exploited and cause damage to your company's application, reputation and your customers, are on the increase out there. >> And a number that you sent over was two and a half X growth in open source vulnerabilities in the last year. Has that number gone up during the pandemic? >> So I'm not sure if the vulnerabilities have gone up during the pandemic, but we've definitely seen an increase in exploitation of vulnerabilities. There's so much in the news about ransomware incidents in healthcare targeting pharmaceutical organizations, and most of those are taking advantage of vulnerabilities. Not necessarily in open source, but some of it is definitely happening in open source. >> Now we've been talking about the rise in ransomware for awhile, and it's all... The numbers and types of companies and healthcare organizations like is it schools, governments, for example lot of vulnerabilities being exploited that's for sure. >> So Geva let's go over to you. Talk about from Synk's perspective. The impact on businesses and how can you guys help. >> And then I'll put in a few insights there. on the open source risk. Wendy talked about it as well. Why is it growing? One of course is open source tuition usage is growing. So of course it bulges, the amounts of vulnerabilities is growing and the amount of exploits. But when you look at it from a hacker's perspective, attacking is an ROI based activity. Hackers want to spend their hacking hours where they're more likely to get our reward, be able to get that ransom or steal the data or do whatever they can. And open source actually makes it much easier for them than a lot of these other alternatives. One, the source is open. So just finding a vulnerability is much easier than trying to find the vulnerability in proprietary code. Two, there's like a market for these exploits and companies even like need for chapter. One of the byproducts of that is you can just go and feel the vulnerabilities out there and pick the ones that you want to try to exploit. But three, which is really the most critical piece is that if you do find the juicy vulnerability in a very popular open source package, the amount of companies you can attack is not one, is thousands or tens of thousands because that's precisely what makes the popular open source packages popular. It's being used broadly and so if you spend this effort to develop an exploit and then you can send it like there just across the world to 10 thousands of companies you're more likely to be successful. And that's what's driving a lot of the hacker attention into the open source vulnerabilities and that's why the growing. >> So it's a low cost high reward for those hackers. Wendy what are some of the ways that organizations can protect themselves from this? >> Well, one of the best ways to protect themselves against exploitation of vulnerabilities and against vulnerability showing up in their code is to actually analyze their code and scan it looking for vulnerabilities. And the best possible place to do that is actually in the code repository. So before code is ever packaged up and deployed it actually gets caught really early. So it's all about shifting security left. But some of the challenges with that is that you know the code repository, Tory and the code and open source has largely been the domain of DevOps and the developers and security who is tasked with managing the risk of the organization has little to know visibility into what vulnerabilities might exist. So something that's a growing part of an enterprise risk profile the security team doesn't really see. And that's a big gap for most organizations. >> So in terms of that visibility being essential, sounds like maybe even a cultural gap there. Geva what are your recommendations? We, you know, we talk about SecOps, we talk about DevOps. Is the solution DevSecOps or SecDevOps? >> I mean, all these partners are definitely helping there but you kind of need to break it down and understand what their problems, which is what Wendy was articulating. Why you have these traditional security teams have all their traditional tools. They look at mostly and let's call it the IC type security. Then you have this entire new category of risk which is lets say open source risk, but it's just inside the code repository inside a GitHub repo or somewhere, or they completely have no visibility into. And what that causes is one has to have a conversation with the developers who are those who are convenient to pick those vulnerabilities, remove them from the code. And, but to also, just from the mind ensuring that in our location it's hard for you to protect something that you don't have visibility into which causes opensource security to be possibly under provisioned in your entire a security fence. As you're looking at the security risk. And as we are talking about solution, so one of the movements we've seen with DevOps, where you know engineering team and IT teams have come together to have a shared ownership of the results of deploying these applications. In production now you expand out into DevSecOps. It's okay to actually make this work. We need to have a shared responsibility model where both developers step up to take some ownership and the traditional security each step up to understand what the developers are doing, build tools to make it easier for them. And ultimately I think Wendy nailed it on the head. She said the best way to protect yourself is actually to remove the vulnerable line of code from your application, not wait for it to be deployed and try to put some blocks in there. >> All right. So Wendy how are Trend Micro and Snyk working together to resolve that challenge that you guys just described? >> Yeah, we'll Trend Micro and Snyk have been working together for over a year now. And we came out with an initial offering and now we're coming out with a new offering that is really focused on basically delivering that code scanning ability right in the code repository. And through Trend Micro's Cloud One platform, we are delivering this as a service to the security operations team so that they get visibility of anything that Snyk finds in the code repository. And they can take action from there. So Trend Micro's Cloud One security services platform basically equips cloud builders with a whole bunch of different types of technologies to satisfy their different infrastructure requirements. So we've got things like workload security application security, network security, a number of different take types of security tools. And this just brings another security tool to the security operations team and the DevOps team so that they can basically extend their visibility and their security controls back to the code repository. >> Geva what are some of the impacts that you're seeing. So for obviously besides wanting to find those vulnerabilities faster as when you talk about shifting left. Give me some examples of some customers that you were working with maybe in the first iteration and what the impact has been. >> The impact is the... what, sorry, can you repeat the question? >> Yeah. Impact of your technologies together? You said that there's a new offering coming up but talk to me about some of the impact that these customers are making. >> Yeah. Okay. Sorry. Thank you for repeating the question. And so this joint product is very cunning from a multiple perspective. So one, it's going to be delivered inside the Cloud One platform, which Wendy just talked about. You asked before what is the impact of COVID? And one of the big impacts has been on the financial stress. Every company in every, every vendor is having. And so just the ease of managing less vendors and less tools and less places to procurement is of high value for every organization Just in terms of efficiency of operations. And just being able to acquire this new product on an existing platform where there are already consuming security tools. That by itself is amazing value. And number two, we're taking again... We're taking a technology which is a cloud native, it's a modern technology. And that's typically has been outside of the purview of a traditional security team and making it accessible to them in a place where it's easy for them to try out and they can, you know, start small and grow from there. They don't have to make a big commitment to get going. And more importantly, it's giving them visibility into this important technology that they didn't have before. >> So Wendy this is all intended at bridging that gap? I'm just curious, like if we take a peek inside, what this enables SecOps to do what it enables DevOps to do. What were some of the feedback that you're hearing from customers about those teams coming together and actually being able to work very collaboratively with that shift left actually being able to be done? >> Yeah. I mean, you know, if you talk to... There's some organizations who do this really well. They're very mature and their security operations teams and their DevOps teams work very closely together collaboratively, excuse me. And they also understand each other's needs. So they're able to insert tools into the security pipeline that don't slow DevOps down but also meet the needs of the security team. Whereas we see some other organizations where Dev is at one side of the pipeline and you've got security at the other and they don't tend to converse or meet. And those are the organizations where there tends to be more challenges. So the idea with this new solution is it's going to give the security team visibility of basically the scale and scope of their open source situation. So that they've actually got some data to go have conversations with the DevOps teams and start going in that direction of making those teams work more seamlessly together. I mean, you used the term DevSecOps before, some organizations that's a very real situation. Others still have a long way to go. And we think this is a great first step to bring those teams together. >> Fostering long-term friendships I'm sure. Just talk to me about the go to market, Wendy. How are you guys going to market together? Trend Micro and Snyk selling direct channel? What is it like? >> So this is actually going to be a Trend Micro Cloud One offering. So we jointly developed it with Snyk but it's going to be Trend Micro who is selling it. And we go to market a number of different ways. AWS marketplace is a big channel to market for us And this will be available for purchase there. When it becomes available in January. And also, we also work very closely with channel partners as well who also participate in AWS marketplace. >> So what are some of the things that you're expecting to customers to be able to take advantage of around the time of re:Invent and into early 2021? >> Yeah. I really encourage customers to visit our page on the AWS re:Invent platform. We're going to have all kinds of exciting demos there. You can go learn more about this new offering that we're delivering jointly developed with Snyk. And you can also ask about how you can sign up for early access to this new offering. So highly encourage you to go check that out. >> Excellent, early access is always nice to be a beta tester and really get that symbiotic relationship. >> Geva last question for you is as the Global Alliances CTO I imagine your customer conversations in the last year have changed dramatically. Talk to me about some of the things that you really think like in terms of like exposing vulnerabilities. Let's talk about exposing opportunities that that Snyk is helping organizations do so that they can not just keep the lights on during this very unprecedented time but actually be winners of tomorrow. >> Yeah, I think again at the heart of the DevOps movement and why it's been successful it's reducing that feedback loop between writing some codes, getting it to production in the hands of customers, getting the feedback from them and rinse and repeat and starting that loop. And those who have it, the faster you can get to market faster and can deliver value faster ultimately are the winners. Now, one of the things we've seen with the COVID is a lot of the this outbound activity has been going down. People have been going less to events and need to look more internally and how you can become better as an organization. And you've actually seen an increase in the investment of a digital transformation and cloud journeys and stuff like that. And one of the... One of kind of the traditional inhibitors that's going fast and all in into the cloud is the loss of control of the traditional security teams on the application development. Where now people can, you know... deploy hundreds of times every application to the cloud a day. And what we've seen is that they come to Snyk or to companies like ours, so we can secure those new modern development life cycles and give the security feedback to the developers as they're building the applications and give the security teams the visibility into those pipelines and application domain. So they have a sense that they're not losing all the control they used to have. They're still getting visibility into those application development and actually allowing their organizations to go faster because of it they can sign up to and be doing the technologies and actually increase the speed of going to the cloud. >> Yeah and that's critical because as we, you mentioned as we've been talking about for months now that the acceleration of cloud adoption, the speed of digital transformation it's one of those things that's challenging to do. You've got to have visibility. Period. In order to facilitate that. And if it's another thing that you kind of were describing Geva as that visibility provides that sense of control or trust, and that's also huge for not just a business to catch vulnerabilities but for teams the DevOps teams, the SecOps teams to be working together in a highly collaborative way. Do you agree Wendy? >> Absolutely. And the beautiful thing is this sets that up This tool. So it allows them to work together very collaboratively but it also sets up that visibility. So that down the road there could be even further automation into that process. Because you know, the whole purpose of DevOps is to take the people out of it. Right. So, but in order... You need to set up those processes to begin with. So this is a first step in terms of setting up that automation and visibility amongst those two teams. >> Excellent. And can you say one more time Wendy where prospective customers can go to learn more and become a early adopter? >> Yeah, absolutely. So visit our Trend Micro page at the AWS reinvent platform. And there you'll be able to learn much more about the offering and also learn how you can access the early adopter program. >> Excellent. You guys thank you so much for joining me on the program today. Sharing what Trend Micro and Snyk are doing together and how you're helping organizations cross-functionally be successful. We appreciate your time. >> Thank you, Lisa. Appreciate it. >> Thank you so much. >> My pleasure. For my guests, I'm Lisa Martin and you're watching theCUBE virtual. (upbeat music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation LeBron's special conversation I'm John Tory here in the cube I'm not in the studio I'm at home we're sheltering in place the studio quarantine crew is there we've got a great guest here to break down and Alice in the tech industries for vallah who's this principle of zk research Aziz great to check in with you for our check-in last time we chatted you broke down entire industry a lot to talk about now we have the Cisco earnings just came out and a lot of other great things are happening thanks for joining me well what's your take on what's going on yeah I think so thanks John it's uh it's been heard about tumultuous last few months I think one of the takeaways I had from Cisco's earnings actually was that it's not as bad as you think I know if you read a lot of what's going on the media we get everything from doomsday and the world's ending or whatever but I think what Cisco's earnings showed and in Cisco I know they have a lot of enemies and a lot of competitors out there but they're really still a bellwether for the industry and so everyone should rejoice in the fact that they actually had a pretty good quarter I think what was was telling about that was security was up the services business was up the margins were good and what that shows me is that there's still room for innovation customers relax are still buying things and they're willing to pay for things that actually help drive their business forward and so Cisco's put a lot of energy into their services group to make sure that customers are able to adapt their technology and change their business right and so from an overall market perspective Cisco is you know they're the quarters are the court has shifted from almost everybody else's and so they're generally a leading indicator of where things are going so I think the fact that they showed some strength they guided up from where the street thought I think that's a good thing for the entire industry and I think I'm not saying we're out of this yet but I think businesses are starting to spend money where they need to in order to put themselves in a position to come on strong after well once we start going back to work whoever knows what that'll be I think the other sort of interesting pivot here is that I think the overall role the network has changed with income right we've covered networking technologies a long time it gets a little bit of interest sometimes from sea level certainly not as much as it should from CEOs and CIOs a lot of people think of it as the plumbing and the pipes it's hard to understand it's a very complicated technology sometimes but when you look at what's happened with digital transformation initiatives and now covent we've got more people at home or adopting cloud services we use video for connecting more things with IOT initiatives so the overall value of the network is increased that I think that was also reflected in Cisco's numbers I think this transition had started when you look at a lot of the building blocks and digital transformation IOT cloud mobility things like that they're all Network centric in nature and so for the first time in history I think business leaders actually need to look at their network strategies because if that's without a sound network strategy as we sort of come out of this and the companies that have a good one will be able to really step on the gas and do what they want with their business the ones that don't I think I'd a really struggle to survive because I'm not gonna be able to do a lot of these advanced things yeah great point one of the things Brazil the new cisco has a new leadership new c has been in place for a while positioning they're going after and you know with the cloven crisis it really puts more pressure knock the move of the network because it's a core staple of an organization yet the transformation journey is going to be accelerated this gives Cisco it's a lucky strike for Cisco because it'll move packets around and the multi cloud conversation comes in and the enablement of application development all being five to the network is what cisco has been preparing on and this has kind of been a nuance point then that everyone understands but coming out of Cova to have a growth strategy if you're not programming up and down the stack with DevOps and Nets a cops or whatever you want to call it people working at home a new perimeter is now emerged that's everything everything is the premise is this a tailwind for Cisco your thoughts on that your face oh yeah the big time tailwind francisco i think what's happened gentlemen you look at network evolution over the last five years we can do much more with our network that's coming to cost and that cost us complexity so trying to tie all these things together SP Winn Sassie datacenter Sdn right we've got Wi-Fi six coming we've got 5g coming so we've got all these great things that we're gonna let our networks be faster than ever before and run applications we can never run before right you look at some of the demos on 5g we're able to wear untethered Wi-Fi our virtual reality headsets complete creating completely new shopping experiences educational experiences but you need a lot of bandwidth that but not only you need bandwidth I think the one thing that Kovac has taught us is do you have any weakness in the network anywhere right from the user's hand all the way to the cloud that weak point at the time and so now you have to start thinking of your network not in pieces of having a campus network Wi-Fi network data center network and that a single network right and so cisco is really one of the few companies maybe the only company that can actually deliver that end and network that starts in the company extends to people's homes goes out to the cloud and with what they've done masterfully under Chuck Robbins is they've been able to pile those things together to create a much simpler way of operating this complicated network so you look at what they're doing you know with a CI and intent based networking what that is is you can think of it almost as a software overlay that masks the complexity of the network that's underneath it yeah talking about cisco over the past decade and a half and i'm with the stack guys you gotta move up the stack this has been this is now their opportunity and with multi cloud on the horizon or here this is going to give cisco a path but I got to ask you what is your take and advice to Cisco when you're out there talking to them you're talking to of the customers all the time and practitioners you're the analyst what do they need to do better because you can't just wish a multi cloud upon the marketplace it's coming but it's not clearly not the use case yet so that's a time lag between a CI intent based networking to true multi-cloud what if Cisco do in the meantime yeah well I think what's this go has to do is is think about what they're doing with a CI and multi cloud and actually help their customers implement it in in pieces and what the description I'd use is is the paths this goes on and the path customers are on actually in this world of you think if the end state is true hybrid multi-cloud right we have to get there in ship shots and not moon shots and what I mean by that is if you were to say to a customer this is your end state right the path to get there is so donkey and it's like a moon shot that it paralyzes the customer if you break this down into a set of chip shots right that gets much easier so so put the infrastructure in place to be able to just have the visibility across applause then maybe automate movement from hi private the public cloud right then automate some of the processes that give you the most headaches then move to a bigger Ottoman Ottoman automation framework right so yeah areas like security network configuration right things like that those are those are very difficult for customers to do manually those are the things they should be automating today so what they want to do is almost take through their intent-based network to almost as a lighthouse the road to a visionary state and then help customers get there in pieces because if they try and rush them along too fast I think they'll lose the customer because the complexity is too high the other area they should really be focused on is continuing to mature the services business I think that's something under Chuck Robbins that's night and day different than what it was the services business - Cisco prior to Chuck was a lot of break fix you know their TAC is well renowned as being a great pack but now they've gotten more of the pro services they've gotten more into adoption services and I think the more subscription they sell what Cisco needs to really understand is that customers tend not to renew things they don't use right so making sure that the services group helps customers and use the things that they're paying for and that'll pay dividends for them multiple dividends for them down the road I want to get the silken one on that opportunity to upsell and do a refresh because what refreshes are not gonna be on the docket early on unless discuss business value so let's hold that for a second John Chambers has been on the cube recently in his new role as a coach and investor and he says to us on the cube you know transitions versus transformation Cisco and the big companies are expected to win the transitions but now with coming out of this there's real transformation so you got to look at things like collaboration hey guys get better this is not just win the enterprise with a better web max zoom is they can ask Bob teams is out there so you know Cisco's that's a huge collaboration piece and a bunch of other business so where's their transition wins and where's their transformational opportunity in Europe in well I think the entire company is kind of going through transformations right even on the network side so it's right it's like you know the industry has been calling Francisco to get commoditized for years right and if you look the product gross margins are actually the strongest they've been in a decade right so I remember when I fell below 60% they everybody thought the world was falling this quarter I think was a little over 65 on the product side and so my belief is nothing is really a commodity if you can drive innovation that's what's this has been doing so from a transition standpoint I think they've done a lot of that they've transitioned the company to software and services they've transitioned the company more terrain model they've actually decoupled software from the hardware so customers can buy differently and you brought up the fact that we may not have a hardware refresh but that's okay as long as they keep the software a newa cycles forth where the transformations has to come is completely change the dynamics of how something works and so with intent-based networking you think of the old way that network engineers to work like the way I used to work when I was an engineer a lot of hunting pecking and at a CLI doing a lot of cutting and pasting and using homegrown tools that doesn't scale anymore my research shows that on average takes companies about four months the implemented change network-wide far too slow for digital company right so Francisco's done is they've accelerated that by letting customers automate more things and so Francisco the transformation comes in allowing customers to new new things I think you read in the collaboration side there's more work to do nobody's got a bigger collaboration portfolio than Cisco they got endpoints they got rooms just right they've got software they were a cloud on Prem but they got to take that and tie it together and I think the other area that's is gonna need improving is on they've they've got a lot of management tools that that look at different things they have at the ACI manager and a whole bunch of different security consoles in fact they funded them sometimes and said that the market leader in single panes of glass because they have more than anybody right I think eventually they got to be able to tie that information together and help customers understand what it means from a cross domain perspective because they still build a product's wireless campus data center but as I mentioned before we just have one network and so Cisco can aggregate this data up apply machine learning to it and help customers what that means they see insight across the entire network that would really be powerful because they they've got the footprint now they just have to be able to deliver the machine learning based insights some customers understand what that data means and they have a unique opportunity in the short term no one's going to be kidding Cisco out anytime soon there's a safety rating and using the big companies I think what what Cisco is able to bring is a there's a level of financial stability that other companies may not have and so they can weather the storm for a long time so you know I it's easy to say going to Cisco is the safe bet it has been for a long time but but i but I think it's also the smart bet I think they're they're able to continue to invest in things maybe smaller companies more people do yeah my question on Cisco a big fan of their strategy have been vocal about that for a while my question on Cisco want to be critical is to say how fast can you get that development going show the software value in market show customers a growth trajectory that they can execute on it can advantage the network policy intelligence if they could do that they're gonna be in good shape you agree yeah I think one of the challenges though is the transformation of their customer base do and that's where the work Suzy we've been doing in the dev that teams so important like if if they were to shift their whole strategy over at the developer folks talk word today I think that would largely put them in a position or trouble because the engineers that work with the stuff and the resellers that work with the stuff aren't they don't really have the skill sets they advantage that right so last year Suzy we she really talked a lot about the growth a definite this year they came out with in Barcelona this year they they came up with a bunch of certifications for dev net now there they were actually coming out with a number of a partner certifications as well so the resellers can get certified but I think it's important that they continue to push their engineer base into gaining these new skills I'll give you an interesting data point for my research and that's you know that only about a quarter of networking engineers has ever made an API call right and so you look at all Cisco's new gear it's all API driven and so if you want to do something as simple as say get all the IP addresses in your network you can just use an API call for that right the other way to do it is you do a show command and the CLI your screen scrape and you take a visual basic trip that you parse it you know and you get it that way right so the API map using those is a lot easier and so I think Cisco's got a good strategy with Deb net they've grown that face a lot it's still relatively small you know it's under a million people and you think of the overall size the Cisco customer user base point that's where they gonna put some effort right more and more out driving adoption to them now well I think you're smarter than I think you're researching them they must be listening to you because they haven't really tried to jam that down their throats they've been very humble about it and I think a million is pretty damn good number I think Cisco again to your point they're bringing people into the water the low end first before you you go to the deep end so swim with the bubble if you will with definite what they did was they assumed the engineer had no knowledge of software because I think at first when they put the lot of the programs a place they assumed people would have some knowledge of how to code right and and I also think the industry did them a bit of a disservice we used her there was a lot of stuff written in the media how every network engineer needs to become a software developer well they don't have to summer get make them software developers but they at least have to come software power ease right so do your job through software but you don't have to be a developer and that's where definite really when it really matured is that diverge down to past developer engineer who's your saw common software skills and then you break down a specialist after that and so they've they've actually helped with the maturity of that they've changed their certification programs for reflect that and I think Devin that really is a big be and if they can transition that engineer base then it helps the adoption of the new on these I want to get your final thoughts on this segment on multi-cloud obviously it would be a really great win for it creates of interoperability strictly with the network intelligence cisco could bring to the table and others you got startups out there like aviatrix and others and vmware with nsx trying to get that for the security fabric a lot of action going on with multi cloud and networking your thoughts what does your research tell you what's gonna transpire how do you see that market playing out in my research shows that little R ad percent of companies prior to Co vid had multi-cloud on the roadmap and I'm assuming that's that's gone up I haven't actually done a survey since then um one of the I think it's funny koban exposed a lot of things from a lot of vendors right and I think one of the things that is is shown cracks in the cloud yeah you look at some of the the data and how many outages Microsoft had Google had some strains AWS has held up pretty well under the strain of of a lot of the higher utilization when coated but they've been building a lot of capacity into theirs as well so I think from a customer perspective it makes sense you don't want to put all your eggs in one basket some cloud providers are stronger in some regions they each have different their own different cloud platforms other private cloud platforms and the problem is is if you decide if you decide to go multi-cloud you can't use the cloud providers tools right so if I use an AWS load balancer that works great in AWS but it's not gonna help me with Azure or GCE similarly if I use GCP tools I can't extend that out the azure so something needs to connect those and be able to five security and policy and that's where multi cloud comes from and you're right there's some good startups there I think um the difference with Cisco this time versus the Sdn world was when as the ends came about I think Cisco didn't want that to happen and I think they actually actively worked against us the end and I've talked to chuck Robbins about that he said you'll never ever see Cisco do that again if something is good for the customers they want to lead that transition and so Cisco's been very active in multi focking and given they've got the install base already I do think they will help bring this long but there are some good stir yeah it's interesting Sdn really wasn't ready for primetime even when VMware bought in this era hey when it was still there I didn't have a lot of revenue it had a future VMware claims that's the saves and NSX was saved by a Sdn some people say was completely rewritten final thoughts on outlook and you see coming out of Ovid obviously it's been well reported we've been reporting VPNs have been under provision that was a blind spot bought a blind spots and disruption that wasn't forecasted in the classic sense there was no there was no you know hurricane there was no flood it was a covin invisible disruption yeah and there's no impact right like even with when you think of what happened with the the floods in New York and 9/11 people knew that they'd eventually go back and so business continuity and disaster recovery was a temporary thing and I can I set up a data center to work for a couple months so I can go back to New York that's not the case with koban where we're trying to manage for an undefined endpoint which is extremely difficult for an IT perspective I do think that Kogan again has highlighted the value of the network I think we'll see a lot of transition from VPN to sd when I think that's that's certainly good I think the rise in video will also cause a Wi-Fi upgrade cycle we'll get back to the office and I think you'll see a lot of focus on programmability and agility because I don't believe we're gonna see everybody return to the office was like one big bang John I think we're more likely to see is the future work to be almost like when you and I were in college we do a bunch of stuff at home we go to the campus when we have classes and when we want to meet people similarly we'll go to work when we have meetings and then in between meetings we'll go find an open place to work but in general we'll do a lot of work a lot more work from home in fact my research shows 93 percent of the business leaders I interviewed said they expect to see at least a 30 percent increase in the work from home post Kovan right so we're gonna have a lot more people doing that but it's not gonna be everyone working for home everybody work in the office it's gonna be a hybrid of the two people are gonna come and go and that bribes the need for agility and today's networks really not that agile and so I need I want to go back to college if we do thirsty happy hours do I mean have the whole week or the stupid stuff it's the final point you mentioned SP when I was talking with Dave Volante SP Minutemen just last week and I said you know this SD win today is not your grandfather's sdn meaning SP where it's changed a lot it's basically the internet now so what was the modern update definition of SD grin I mean it used to be you connect the wide area network you can have some campus you'd do some networking what is it now what's the same name but it's yeah what is it your journey the technology if you look at the adoption of anything right the first wave of stuff is to make the new stuff look like the old stuff so we put VoIP in we made it look a lot like TDM when we had cloud we lifted and shift it and how did we didn't really enjoy wraps and then we eventually get smart and think what can I do with the new thing that I can't do the old thing and so a lot of early SD win deployments were simply just replacements for MPLS and they were put in to save a bit of money but now companies are getting smarter they're thinking about what can I do with my SD win that I couldn't do before so there's a lot more tighter integration with security I think as companies but SD win in and and think about what the win is today John it used to be corporate offices and data centers I think it's everybody's house right and so being able to extend your win at the single people out to planes trains and automobiles you remember that movie but those are all getting connected as well people's back acts fan kiosk those are all becoming way endpoints right so that's where you need to embed more security in the network and so I think that's a transition we've seen into that see you and I think the technology has matured to the point where it's getting easier to deploy faster to flow and you're right we can use the internet for transport in some cases some will still keep there still be a lot of MPLS out there but I do think we wind up in this hybrid world but clearly then the time has never been better for for SD win I will see a rule of curve for that because it's the only way to extend the win the people's homes the things the cars and really anything that's connected you know that's such a great point and I think this is a real new once in the industry it's a whole nother rebirth of the category because the aperture is brighter you got policy you've got reliability and get security built in this is key key Johnny H salt key yeah yeah whole concept the AI ops becomes real because we're collecting data and we're able to use AI to automate operations so Z's we call it s T win 2.0 that's what you got to do we got making an acronym out of this come on we can't just saw s T when it is SD win - righto because it's the next it's that it's it's the second wave of it we're actually thinking about how to transform our companies so the the John Chambers quote of transition for transversus transformation is apropos because the like I said a lot of the waves that that Cisco went through early on was we transition the market and then we transform right and so SD win so far has been transitional moving away from the old thing but now in strength and defense formed where our entire network operates these gradients that always a pleasure to talk to you get the straight scoop for the signal right there from all the noise in the industry now more than ever people are gonna be focused on critical project so thanks for your insight as DK now can research great stuff and we'll keep keep following you in great guest thank you come on thanks John first burger okay cute conversation here remote we're doing our part either at home and studio quarantine in this is the cube virtual virtualization has come to the cube will do will do whatever it takes to get the content out there Z's thanks so much for coming I appreciate thanks for watching on John Currier [Music]

[Music] Andre one of the things that have come up is your relation with Russia as we talked about so I have to ask you a direct question do you to work with sanctioned Russian entities or Russian companies shown we and c5 we do not work with any company that's sanctioned from any country including Russia and the same applies to me we take sanctions very very seriously the one thing you don't mess with is US sanctions which has application worldwide and so you always have to stay absolutely on the right side of the law when it comes to sanctions so nothing nothing that's something that's connection nets are trying to make they're also the other connection is a guy named Victor Vail Selberg Viktor Vekselberg Vekselberg to go with the Russian names as people know what is your relationship with Viktor Vekselberg so victim Viktor Vekselberg is a is a very well known Russian businessman he's perhaps one of the best known Russian businessman in the West because he also lived in the US for a period of time it's a very well-known personality in in in Europe he's a donor for example to the Clinton Foundation and he has aggregated the largest collection of Faberge eggs in the world as part of national Russian treasure so he's a very well known business personality and of course during the course of my career which has focused heavily on also doing investigations on Russian related issues I have come across Viktor Vekselberg and I've had the opportunity to meet with him and so I know him as a as a business leader but c5 has no relationship with Viktor Vekselberg and we've never accepted any investment from him we've never asked him for an investment and our firm a venture capital firm has no ties to Viktor Vekselberg so you've worked had a relationship at some point in your career but no I wouldn't on a daily basis you don't have a deep relationship can you explain how deep that relationship is what were the interactions you had with him so clarify that point so so I know Viktor Vekselberg and I've met him on more than one occasion in different settings and as I shared with you I served on the board of a South African mining company which is black owned for a period of a year and which Renova had a minority investment alongside an Australian company called South 32 and that's the extent of the contact and exposure I've had to so casual business run-ins and interactions not like again that's correct deep joint ventures are very kind of okay let's get back to c5 for a minute cause I want to ask you it but just do just a circle just one last issue and Viktor Vekselberg Viktor Vekselberg is the chairman of scope over the Russian technology innovation park that we discussed and he became the chairman under the presidency of President Dmitry Medvedev during the time when Hillary Clinton was doing a reset on Russian relations and during that time so vekselberg have built up very effective relationships with all of the or many of the leading big US technology companies and today you can find the roster of those partners the list of those partners on the scope of our website and those nuclear drove that yes Victor drove that Victor drove that during during in the Clinton Secretary of this started the scope of our project started during the the Medvedev presidency and in the period 2010-2011 you'll find many photographs of mr. vekselberg signing partnership agreements with very well known technology companies for Skolkovo and most of those companies still in one way or another remain involved in the Skolkovo project this has been the feature the article so there are I think and I've read all the other places where they wanted to make this decision Valley of Russia correct there's a lot of Russian programmers who work for American companies I know a few of them that do so there's technology they get great programmers in Russia but certainly they have technology so oracles they're ibm's they're cisco say we talked about earlier there is US presence there are you do you have a presence there and does Amazon Web service have a presence on do you see five it and that's knowing I was alright it's well it's a warning in the wrong oh sorry about that what's the Skog Obama's called spoke over so Andres Kokomo's this has been well report it's the Silicon Valley of Russia and so a lot of American companies they're IBM Oracle Cisco you mentioned earlier I can imagine it makes sense they a lot of recruiting little labs going on we see people hire Russian engineers all the time you know c5 have a presence there and does AWS have a presence there and do you work together in a TBS in that area explain that relationship certainly c5 Amazon individually or you can't speak for Amazon but let's see if I've have there and do you work with Amazon in any way there c-5m there's no work in Russia and neither does any of our portfolio companies c5 has no relationship with the Skolkovo Technology Park and as I said the parties for this spoke of a Technology Park is a matter of record is only website anyone can take a look at it and our name is not amongst those partners and I think this was this is an issue which I which I fault the BBC report on because if the BBC report was fair and accurate they would have disclosed the fact that there's a long list of partners with a scope of our project very well known companies many of them competitors in the Jedi process but that was not the case the BBC programme in a very misleading and deceptive way created the impression that for some reason somehow c5 was involved in Skolkovo without disclosing the fact that many other companies are involved they and of course we are not involved and your only relationship with Declan Berg Viktor Vekselberg was through the c5 raiser bid three c5 no no Viktor Vekselberg was never involved in c5 raiser Petco we had Vladimir Kuznetsov as a man not as a minority investor day and when we diligence him one of our key findings was that he was acting in independent capacity and he was investing his own money as a you national aniseh Swiss resident so you if you've had no business dealings with Viktor Vekselberg other than casual working c-5 has had no business dealings with with Viktor Vekselberg in a in a personal capacity earlier before the onset of sanctions I served on the board of a black-owned South African mining company and which Renault bombs the Vekselberg company as a minority investment alongside an Australian company called South 32 and my motivation for doing so was to support African entrepreneurship because this was one of the first black owned mining companies in the country was established with a British investment in which I was involved in and I was very supportive of the work that this company does to develop manganese mining in the Kalahari Desert and your role there was advisory formal what was the role there it was an advisory role so no ownership no ownership no equity no engagement you call them to help out on a project I was asked to support the company at the crucial time when they had a dispute on royalties when they were looking at the future of the Kalahari basin and the future of the manganese reserve say and also to help the company through a transition of the black leadership the black executive leadership of the cut year is that roughly 2017 so recently okay let on the ownership of c5 can you explain who owns c5 I mean you're described as the owner if it's a venture capital firm you probably of investors so your managing director you probably have some carry of some sort and then talk about the relationship between c5 razor bidco the Russian special purpose vehicle that was created is that owning what does it fit is it a subordinate role so see my capital so Jones to start with c5 razor boot code was was never a Russian special purpose vehicle this was a British special purpose vehicle which we established for our own investment into a European enterprise software company vladimir kuznetsov later invested as an angel investor into the same company and we required him to do it through our structure because it was transparent and subject to FCA regulation there's no ties back to c5 he's been not an owner in any way of c5 no not on c5 so C fibers owned by five families who helped to establish the business and grow the business and partner in the business these are blue chip very well known European and American families it's a small transatlantic community or family investors who believe that it's important to use private capital for the greater good right history dealing with Russians can you talk about your career you mentioned your career in South Africa earlier talk about your career deal in Russia when did you start working with Russian people I was the international stage Russian Russia's that time in 90s and 2000 and now certainly has changed a lot let's talk about your history and deal with the Russians so percent of the Soviet Union I think there was a significant window for Western investment into Russia and Western investment during this time also grew very significantly during my career as an investigator I often dealt with Russian organized crime cases and in fact I established my consulting business with a former head of the Central European division of the CIA who was an expert on Russia and probably one of the world's leading experts on Russia so to get his name William Lofgren so during the course of of building this business we helped many Western investors with problems and issues related to their investments in Russia so you were working for the West I was waiting for the West so you are the good side and but when you were absolutely and when and when you do work of this kind of course you get to know a lot of people in Russia and you make Russian contacts and like in any other country as as Alexander Solzhenitsyn the great Russian dissident wrote the line that separates good and evil doesn't run between countries it runs through the hearts of people and so in this context there are there are people in Russia who crossed my path and across my professional career who were good people who were working in a constructive way for Russia's freedom and for Russia's independence and that I continue to hold in high regard and you find there's no technical security risk the United States of America with your relationship with c5 and Russia well my my investigative work that related to Russia cases are all in the past this was all done in the past as you said I was acting in the interest of Western corporations and Western governments in their relations with Russia that's documented and you'd be prepared to be transparent about that absolutely that's all those many of those cases are well documented to corporations for which my consulting firm acted are very well known very well known businesses and it's pretty much all on the on the Podesta gaiting corruption we were we were we were helping Western corporations invest into Russia in a way that that that meant that they did not get in meshed in corruption that meant they didn't get blackmailed by Russia organized crime groups which meant that their investments were sustainable and compliant with the Foreign Corrupt Practices Act and other bribery regulation at war for everyone who I know that lives in Europe that's my age said when the EU was established there's a flight of Eastern Europeans and Russians into Western Europe and they don't have the same business practices so I'd imagine you'd run into some pretty seedy scenarios in this course of business well in drug-dealing under I mean a lot of underground stuff was going on they're different they're different government they're different economy I mean it wasn't like a structure so you probably were exposed to a lot many many post-conflict countries suffer from predatory predatory organized crime groups and I think what changed and of course of my invested investigative career was that many of these groups became digital and a lot of organized crime that was purely based in the physical world went into the into the digital world which was one of the other major reasons which led me to focus on cyber security and to invest in cyber security well gets that in a minute well that's great I may only imagine some of the things you're investigated it's easy to connect people with things when yeah things are orbiting around them so appreciate the candid response there I wanna move on to the other area I see in the stories national security risk conflict of interest in some of the stories you seeing this well is there conflict of interest this is an IT playbook I've seen over the years federal deals well you're gonna create some Fahd fear uncertainty and doubt there's always kind of accusations you know there's accusations around well are they self dealing and you know these companies or I've seen this before so I gotta ask you they're involved with you bought a company called s DB advisors it was one of the transactions that they're in I see connecting to in my research with the DoD Sally Donnelly who is Sally Donnelly why did you buy her business so I didn't buy Sonny Donnelly's business again so Sally Tony let's start with Sally darling so Sally Donny was introduced to me by Apple Mike Mullen as a former chairman of the Joint Chiefs of Staff and Sally served as his special advisor when he was the chairman of the Joint Chiefs of Staff Apple Mullen was one of the first operating parties which we had in c5 and he continues to serve Admiral Mullen the four start yes sir okay and he continues to serve as one of operating partners to this day salad only and that will Mike worked very closely with the Duke of Westminster on one of his charitable projects which we supported and which is close to my heart which is established a new veteran rehabilitation center for Britain upgrading our facility which dates back to the Second World War which is called Headley court to a brand-new state-of-the-art facility which was a half a billion dollar public-private partnership which Duke led and in this context that Ron Mullen and Sally helped the Duke and it's team to meet some of the best experts in the US on veteran rehabilitation on veteran care and on providing for veterans at the end of the service and this was a this was a great service which it did to the to this new center which is called the defense and national rehabilitation center which opened up last summer in Britain and is a terrific asset not only for Britain but also for allies and and so the acquisition she went on to work with secretary Manus in the Department of Defense yes in February Feb 9 you through the transaction yes in February 2017 Sally decided to do public service and support of safety matters when he joined the current administration when she left her firm she sold it free and clear to a group of local Washington entrepreneurs and she had to do that very quickly because the appointment of secretary mattis wasn't expected he wasn't involved in any political campaigns he was called back to come and serve his country in the nation's interest very unexpectedly and Sally and a colleague of us Tony de Martino because of their loyalty to him and the law did to the mission followed him into public service and my understanding is it's an EAJA to sell a business in a matter of a day or two to be able to be free and clear of title and to have no compliance issues while she was in government her consulting business didn't do any work for the government it was really focused on advising corporations on working with the government and on defense and national security issues I didn't buy Sonny's business one of c-5 portfolio companies a year later acquired SPD advisors from the owner supported with a view to establishing and expanding one of our cyber advising businesses into the US market and this is part of a broader bind bolt project which is called Haven ITC secure and this was just one of several acquisitions that this platform made so just for the record c5 didn't buy her company she repeat relieved herself of any kind of conflict of interest going into the public service your portfolio company acquired the company in short order because they knew the synergies because it would be were close to it so I know it's arm's length but as a venture capitalist you have no real influence other than having an investment or board seat on these companies right so they act independent in your structure absolutely make sure I get that's exactly right John but but not much more importantly only had no influence over the Jedi contract she acted as secretary mitosis chief of staff for a period of a year and have functions as described by the Government Accounting Office was really of a ministerial nature so she was much more focused on the Secretary's diary than she was focused on any contracting issues as you know government contracting is very complex it's very technical sally has as many wonderful talents and attributes but she's never claimed to be a cloud computing expert and of equal importance was when sally joined the government in february 17 jeddah wasn't even on the radar it wasn't even conceived as a possibility why did yet I cannot just for just for the record the Jedi contract my understanding is that and I'm not an expert on one government contracting but my understanding is that the RFP the request for proposals for the July contract came out in quarter three of this year for the first time earlier this year there was a publication of an intention to put out an RFP I think that happened in at the end of quarter one five yep classic yeah and then the RFP came out and called a three bits had to go in in November and I understand a decision will be made sometime next year what's your relationship well where's she now what she still was so sunny left finished the public service and and I think February March of this year and she's since gone on to do a fellowship with a think-tank she's also reestablished her own business in her own right and although we remain to be good friends I'm in no way involved in a business or a business deal I have a lot of friends in DC I'm not a really policy wonk of any kind we have a lot of friends who are it's it's common when it administrations turnover people you know or either appointed or parked a work force they leave and they go could they go to consultancy until the next yeah until the next and frustration comes along yeah and that's pretty common that's pretty cool this is what goes on yeah and I think this whole issue of potential conflicts of interest that salad only or Tony the Martino might have had has been addressed by the Government Accounting Office in its ruling which is on the public record where the GAO very clearly state that neither of these two individuals were anywhere near the team that was writing the terms for the general contract and that their functions were really as described by the GAO as ministerial so XI salient Antonia was such a long way away from this contact there's just no way that they could have influenced it in in in any respect and their relation to c5 is advisory do they and do they both are they have relations with you now what's the current relationship since since Sally and Tony went to do public service we've had no contact with them we have no reason of course to have contact with them in any way they were doing public service they were serving the country and serving the nation and since they've come out of public service we've we've not reestablished any commercial relationship so we talked earlier about the relation with AWS there's only if have a field support two incubators its accelerator does c5 have any portfolio companies that are actually bidding or working on the Jedi contract none what Santa John not zero zero so outside of c5 having relation with Amazon and no portfolios working with a Jedi contract there's no link to c5 other than a portfolio company buying Sally Donnelly who's kind of connected to general mattis up here yeah Selleck has six degrees of separation yes I think this is a constant theme in this conspiracy theory Jonas is six degrees of separation it's it's taking relationships that that that developed in a small community in Washington and trying to draw nefarious and sinister conclusions from them instead of focusing on competing on performance competing on innovation and competing on price and perhaps that's not taking place because the companies that are trying to do this do not have the capability to do so Andre I really appreciate you coming on and answering these tough questions I want to talk about what's going on with c5 now but I got to say you know I want to ask you one more time because I think this is critical you've worked for big-time company Kroll with terminus international market very crazy time time transformation wise you've worked with the CIA in Quantico the FBI nuclei in Quantico on a collaboration you were to know you've done work for the good guys you have see if I've got multiple years operating why why are you being put as a bad guy here I mean you're gonna you know being you being put out there with if you search your name on Google it says you're a spy all these evil all these things are connecting and we're kind of digging through them they kind of don't Joan I've had the privilege of a tremendous career I've had the privilege of working with with great leaders and having had great mentors if you do anything of significance if you do anything that's helping to make a difference or to make a change you should first expect scrutiny but also expect criticism when that scrutiny and criticism are fact-based that's helpful and that's good for society and for the health of society when on the other hand it is fake news or it is the construct of elaborate conspiracy theories that's not good for the health of society it's not good for the national interest is not good for for doing good business you've been very after you're doing business for the for the credibility people questioning your credibility what do you want to tell people that are watching this about your credibility that's in question again with this stuff you've done and you're continuing to do what's the one share something to the folks that might mean something to them you can sway them or you want to say something directly what would you say the measure of a person it is his or her conduct in c-five we are continuing to build our business we continue to invest in great companies we continue to put cravat private capital to work to help drive innovation including in the US market we will continue to surround ourselves with good people and we will continue to set the highest standards for the way in which we invest and build our businesses it's common I guess I would say that I'm getting out as deep as you are in the in term over the years with looking at these patterns but the pattern that I see is very simple when bad guys get found out they leave the jurisdiction they flee they go do something else and they reinvent themselves and scam someone else you've been doing this for many many years got a great back record c5 now is still doing business continuing not skipping a beat the story comes out hopefully kind of derail this or something else will think we're gonna dig into it so than angle for sure but you still have investments you're deploying globally talk about what c5 is doing today tomorrow next few months the next year you have deals going down you're still doing business you have business out there our business has not slowed down for a moment we have the support of tremendous investors we have the support of tremendous partners in our portfolio companies we have the support of a great group of operating partners and most important of all we have a highly dedicated highly focused group of investment teams of very experienced and skilled professionals who are making profitable investments and so we are continuing to build our business we have a very full deal pipeline we will be completing more investment transactions next week and we are continue to scalar assets under management next year we will have half a billion dollars of assets under management and we continue to focus on our mission which is to use private capital to help innovate and drive a change for good after again thank you we have the story in the BBC kicked all this off the 12th no one's else picked it up I think other journals have you mentioned earlier you think this there's actually people putting this out you you call out let's got John wheeler we're going to look into him do you think there's an organized campaign right now organized to go after you go after Amazon are you just collateral damage you mentioned that earlier is there a funded effort here well Bloomberg has reported on the fact that that one of the competitors for this bit of trying to bring together a group of companies behind a concerted effort specifically to block Amazon Web Services and so we hear these reports we see this press speculation if that was the case of course that would not be good for a fair and open and competitive bidding process which is I think is the Department of Defense's intention and what is in the interests of the country at a time when national security innovation will determine not only the fate of future Wars but also the fate of a sons and daughters who are war fighters and to be fair to process having something undermine it like a paid-for dossier which I have multiple sources confirming that's happened it's kind of infiltrating the journalists and so that's kind of where I'm looking at right now is that okay the BBC story just didn't feel right to me credible outlet you work for them you did investigations for them back in the day have you talked to them yes no we are we are we are in correspondence with the BBC I think in particular we want them to address the fact that they've conflated facts in this story playing this parlor game of six degrees of separation we want them to address the important principle of the independence of the in editorial integrity at the fact that they did not disclose that they expert on this program actually has significant conflicts of interests of his own and finally we want them to disclose the fact that it's not c5 and Amazon Web Services who have had a relationship with the scope of our technology park the scope of our technology park actually has a very broad set of Western partners still highly engaged there and even in recent weeks of hosted major cloud contracts and conferences there and and all of this should have been part of the story in on the record well we're certainly going to dig into it I appreciate your answer the tough questions we're gonna certainly look into this dossier if this is true this is bad and if there's people behind it acting behind it then certainly we're gonna report on that and I know these were tough questions thanks for taking the time Andre to to answer them with us Joan thanks for doing a deep dive on us okay this is the Q exclusive conversation here in Palo Alto authority narc who's the founder of c-5 capital venture capital firm in the center of a controversy around this BBC story which we're going to dig into more this has been exclusive conversation I'm John Tory thanks for watching [Music] you

from San Francisco it's the queue covering Red Hat summit 2018 brought to you by Red Hat hey welcome back everyone here live in San Francisco at Moscone West of cubes exclusive coverage of Red Hat summit 2018 I'm John four with mykos John Troy a founder of tech reckoning advisory and on community services firm our next guest is Jason O'Connell openshift platform owner of mark mcquarrie group welcome to the cubes let's get it right that's right well the retail bank of Macquarie so thank you and financial services thanks for coming on so bossy begging is pretty hot big time early adopter of all things tech yes and you doing a lot of work at kubernetes tell us about what you're doing take a minute to explain your job what your focus is some of the some of the environment DevOps things you're doing it's a basically I'm head of the container platform team at Macquarie Bank so basically my team manages open shifts on AWS we do the architecture on there but we also focus a lot on the value add on top so we don't just give our our customers for my team are the developers and the development teams we don't just give them a blank platform we do a lot of automation a lot of work on top of that basically because we want to make sure that the idea of a platform as a service is that we do as much as possible to make developers lives easy talk about the journey when did you start on this effort Asli Amazon's great cloud we use it as well other clouds are coming on you had Google and Microsoft and others but when did the open shift conversations start happening where were you what year was it how long have you been using it it's gone through some great changes I want to get your experience on that open shifter journey I mean somewhat of an early adopter I mean we started looking at this two years ago so that was openshift 3.1 a lot of the basic features weren't even there and it took us a year to both build it out as well as migrate about 40 applications to production so it was only a year ago that we've been in production so it's evolved like so rapidly during that time so 40 applications migrating right that enough in and of itself in a year is is a pretty heavy lift can you talk a little bit about are you just re platforming the applications obviously probably not rewriting at this point the open shift has been a good home for the applications that you started out with it sounds like I mean one of the reasons to choose open shift was docker and it was about that migration path I mean part of the migration was ensuring that developers could get everything running locally get these legacy systems we did a lot of micro services running locally on docker containers on their laptop then the migration was was easy from there but we deliberately didn't want to do like a lift and shift we wanted to rethink how we delivered software as part of this project okay what's the biggest challenges you had in doing this I mean as you can open ships got some great movement Houston Cooper native good bet and kubernetes is looking like a really awesome way to move workloads around and manage containers and clusters so you know what's what are some of the things we've learned what are some of the complexities that you overcame can you share a little bit about some of the specifics I think I think the newness is is probably the biggest challenge I mean going back to two years ago there was some very basic components that weren't there at the time and we knew were coming and even now there are pieces of work which we just don't tackle and we do a very quick fix because we know it's coming later I mean it's just moving and evolving so quickly you know we're waiting a lot for sto which is coming in the future so we're holding back on investing in certain areas because of that so it's always a constant challenge yeah I still looking good and the service mesh is hot as well how has OpenShift helped you but what's the list if you had to kind of boil it down what's the bin the the impact to you guys where's the where's that coming from I mean before we even selected OpenShift we had we're looking at our objectives from a business perspective not a technology perspective I'm the biggest objective we had was speed to delivery you know how could you get a business idea a product idea into production as fast as possible or even if you look at a minor fix to something something that should be easier develop it takes a data ride why does it take a month to release the production so speed of delivery was one of the key objectives and I can tell you more about how we we delivered that in detail but just going back to the objectives we also looked at developer experience you know sometimes the developers are not spending enough time coding and doing it they want they get bogged down in a lot of other pieces of work that I I'm really delivering business value yeah so again we wanted the platform to handle that for them they could focus more on their work this is the promise of DevOps and the whole idea of DevOps is to automate away the hassles and I mean my partner Dave a lot that calls a rock fetches no one likes to do all that work it's like can someone else just handle it and then when you got now automation that frees it up but this brings up the thing that I would love to get your reaction to because one things we've been covering and talking a lot about in the cube is this isn't happening around us it's not just what we're doing but this new modern way to deploy software you'll get like some of the big things that are happening in with cloud native and you mission is do is to do this awesome dynamic things on the fly that are automated away so it changes the how software is being built how are you guys embracing that what's the thought obviously you've got a team that's got the mindset of dev yeah I'll see embracing this vision and if everything else is probably substandard she'll you look at you know waterfall or any kind of non agile what is the your view of this modern era of writing code and building applications what I mean for people who don't aren't getting it how are you how do you explain it you know I think it's I mean it's an unbelievable time that we're in at the moment I mean the amount of automation that we're doing is huge and part of our openshift is that it's an automated bull platform so I've got a few junior guys in my team they're like two graduates and in turn they do a lot of the automation yeah it's that easy if you look at interestingly in like security and risk teams and governance teams where we're finding look they can improve security risk and all this by automating you know they're the one set and now we've got SEC offs movements and things like that so speed of production is is does not prohibit better security and in fact with Sec ups the amount of automation we do you got a far greater amount of security because we now know everything that's deployed we can continually scanning for vulnerabilities yeah so Jason you talked about it being new we've talked a little bit about culture how much of this has been a training exercise how much is that it's been a cultural shift within your organization as one of the leaders of it how are you approaching I mean we're lucky there within Macquarie Bank there was a large scale culture shift towards agile where the whole bank runs in that gel manner so that's helped us then fill in our technology and automation it complements that way of delivering so we've got some very unique ways where we've done automation and delivery which completely rethinks how we used to deliver before so right example yeah for instance now if you think why were people scared of delivering something into production why was a small change scary change and a big part of it is the blast radius if something went wrong you know connecting through to our API is we've got our own channels mobile apps a website you've got a lot of partners there are the companies connecting through as well and so even if you did a small change if it costs an issue everyone's affected at once so a big piece of what we did to deliver faster is allowed targeted releases you know I could target a release and a change just to you we could target it to a percentage of customers monitor rolled out quickly if there's a problem dial it up if it's looking good good target to any channel it seems like there's a business benefit to that too right that's massive here because you also can promise stability on certain channels if you want you can have faster channels that are moving quickly and in an API driven world we've got external companies connecting through to these api's you want to be able to say that we've given you a stable offering and you can upgrade when you want and then our channels we cannot move more fast so we've got a minister no-brainer I mean really the old way is completely dead because of that because I think what the blast radius you're pointing about blast radius the risk is massive so everyone's kind of on edge all these tests have to go in redundancies as if the planning is ridiculous all for the risk all that energy you're optimizing for a potential non-event or event here with micro services and you an out can go down to the granular level the granularity is really amazing so when you go forward first of all it's a recruiting opportunity to get better engineers wait this is a way we work I'm going forward I want you to comment on your opinion as an industry participant and can clarify this because a lot of people get confused here Automation they think jobs are going away administration is getting automated system admin type roles where junior people can now do more operating things but the operating roles not going away so talk about that that ops side because now the ops are more efficient the right things are audited maybe but talk about that dynamic between the right things being automated and the right things that are gonna roll to operational service messages or whatnot yeah I mean basically it's about getting people to do these higher-order functions so the people who are doing things manually and operating things manually you look at our Ops teams now morphing into like the classic SRE team you know the side reliability engineering teams where they're spending a significant amount of that time automating things you know looking at alerting and monitoring and then Auto healing I mean it's actually more work to automate everything but with a far greater amount of quality and reliability and what we get and the benefits are long it's worth it basically you do the work upfront and you reap the benefits and then variety away it's like writing rolling out software managing workloads talk about multi class here on Amazon multi cloud is a big focus to your hybrid cloud multi-cloud obviously we're seeing that trend how do you look at multi cloud as a practitioner what are some of the things that check our check boxes for you in terms of okay as we start looking to the next level there might be a multiple cloud scenario how do you think about that and how do you put that into perspective that's worth noting even two years ago and we selected openshift it was with the idea that we could go multi cloud you know that for the users for the developers they're not going to know the difference where we run it on so we're not locked into any provider final question for you if you can boil down openshift into kind of like a soundbite for you what does it mean to you guys what's been the benefit what's been it it's been that what's been the role what's the benefit of OpenShift as you pour the cloud journey you know I could say speed I could say automation I mean that's huge but but really open shift and read how to pick the winner which is docker and kubernetes and a colleague of mine is in coop con in Copenhagen last week he's constantly messaging me saying there's new tooling you guys can use this you can use that and it means that rather than us doing the work we're just getting tooling from the community so it's the de facto standards so that's that's probably the biggest benefit all the goodness is just coming right to your front door luckily and I got to do my homework every night playing around with this technology so yeah gates success story and again the great community open-source projects out there you guys can bring that in and productize it for the retail bank congratulations love open-source stories like this tier one citizen and again continues to power the world open source softens the cube do our part bring and use all the data from Red Hat summit 2018 I'm John fryer with John Tory we'll be back with more after this short break

San Francisco it's the Red Hat summit 2018 brought to you by Red Hat okay welcome back everyone this is the cube live in San Francisco for Red Hat summit 2018 I'm John for the co-host of the cube and this week for three days of wall-to-wall coverage my co-host analyst is John Tory the co-founder of check reckoning and advisory and community development services firm industry legend formerly VMware's Bentley he was at the Q in 2010 our first ever cube nine years ago John Day one wrap up let's analyze what we heard and dissect and and put Red Hat into day one in the books but you know clearly it's a red-letter day for red hat so to speak your thoughts big day for open shift I think and hybrid cloud right we just saw a lot of signs here that we'll talk about that it's real there's real enterprises here real deployments in the cloud multi-cloud on-site hybrid cloud and i think there's really no doubt about that they really brought a brought the team out and you know red hat's become a bellwether relative to the tech industry because if you look at what they do there's so many irons on the fires but more the most important is that they have huge customer base in the enterprise which they've earned over a decades of work being the open source renegade to the open source darling and Tier one citizen they got a huge install basin they got to manage this so they can't just throw you know spaghetti at the wall they gotta have big solutions they're very technical company very humble but they do make some good tech bets absolutely we'll be talking with the folks from core OS tomorrow they have a couple of other action you know things we'll be talking about a lot of interesting partnerships the the most you know the thing here Linux is real and it's is the 20-year growth and that it's real in the enterprise and I mean the top line think the top line slowed and John is is is kubernetes than the gnu/linux for the cloud and I got to say there's some reality there yeah it's there's no doubt about it I mean then I've got my notes here just my summary for the day is on that point the new wave is here okay the glue layer that kubernetes and containers provide on top of say Linux in this case OpenShift a you know alternative past layer just a few years ago becomes the centerpiece of red hats you know architecture really providing some amazing benefits so I think what's clear is that this new shift this new wave is massive and we've heard on the cube multiple references to tcp/ip HTTP these are seminal moments where there's a massive inflection point where the games just radically changes for the better wealth creation happens startups boom new brands emerged that we've never heard of that just come out of the woodwork entrepreneurial activity hits an all-time high and they all these things are coming yeah I said John I was really impressed if we talk to a number of folks who are involved with technologies that some people might call legacy right we the Java programmers the IBM WebSphere folks they've been you you look at these technologies solid proven tested but yet still over here and adapted for today right and they talked about how they're fitting into openshift how they're fitting into modern application development and you're not leaving those people behind they're really here and you know the old joke going back to say Microsoft when Steve Ballmer was the CEO hell will freeze over when Linux isn't in in Microsoft ecosystem look today no further than what's going on in their developer Commerce called Microsoft build where Linux is the centerpiece of their open-source strategy and Microsoft has transformed themselves into a total open-source world so you know now you got Oracle with giving up Java II calling a Jakarta essentially bringing Java into an the Eclipse community huge move it's a kind of a nuance point but that's another signal of the shifts going on out in the open where communities aren't just yesterday's open source model a new generation of open source actors are coming in a new model I think the CNC F is showing it the Linux Foundation proves that you can have commercialization downstream with open source projects as that catalyst point as a big deal and I think that is happening at a new new level and it's super exciting to see yeah I mean open source is the new normal sure that that works it's in the enterprise but that doesn't mean that open source disappears it actually means that open source and communities and companies coming together to drive innovation actually gets more and more important I kind of thought well you know it's open source well everybody does open source but actually the the dynamics we're seeing of these both large companies partnering with small companies foundations like you talked about the Linux cutlasses various parts the Linux Foundation cloud boundary foundation etc right are really making a big impact well we had earlier on assistant general counsel David Levine and bringing about open source I think one key thing that's notable is this next generation of open source wave comes is the business model of open source and operationalizing it in not just server development lifecycle but in the business operation so for example spending resources on managing proprietary products with that have open source components separate from the community is a resource that you don't have to spend anymore if you just contribute everything to open source that energy can go away so I think open source projects and the product monetization component not new concepts is now highlighted as a bonafide competitive advantage across the company not just proven but like operationally sound legally verified certified and I think also you have to look at the distribution of open source versus the operation and management of open source we see a lot of management managed kubernetes coming out and in fact we didn't talk about today Microsoft big announcement here at the show Microsoft is on Azure is running a managed open ship not not kubernetes they already have kubernetes they're running a managed open ship another way of adding value to an open open source platforms to date directly to the IT operator honestly do you think these kind of deals would happen if you go back four years three years ago oh no way as you're running an open shift absolutely I mean were you crazy the you know the kingdom is turned upside down absolutely this is a notable point I want to get your reaction is because I see this absolutely as validation to the new wave being here with kubernetes containers as a de facto rallying point an inflection point big deals are happening IBM and Red Hat big deal we just talked about them with the players here two bellwether saying we're getting behind containers and two bays in a big way from that relationship essentially it changes the game literally overnight for IBM changes the game for Red Hat I think a little bit more for IBM than Red Hat already gets a ton of benefit but IBM instantly gets a cloud strategy that has a real scalable product market to it Arvind the the head of research laid that out and IBM now can go and compete with major players on deals with the private cloud more deals are coming absolutely this is the beginning now that everyone snapped into place is saying okay kubernetes and containers we now understand this the rallying cry a de facto standard I think a formation is going to happen in the next six to 12 months of major major major players now I mean we are in a not one size does not fit all world John so I mean we will continue to see healthy ecosystems I mean mesosphere and DT cos is still out there Dockers still out there right you will see very functional communities and and functioning application platforms and cloud platforms but you got to say the momentum is here I mean look at amine docker mace those fears look at when things like this happened this is my opinion so I'm just gonna say it out there when you have de facto standards that happen like this it's an opportunity to differentiate so I think what's gonna happen is docker meso sphere and others including the legacy guys like IBM and in others they have to differentiate their products they have to compete software companies so I think docker I think is come tonight at docker con but my opinion looking at from the outside is I think Dockers realized looking we can't make money from containers kubernetes is happening we're a great standard in that let's be a software company let's differentiate around kubernetes so this is just more pressure or more call-to-action to deliver good software hey it's never been of somebody said it's never been a better time to be an IT and IT infrastructure right this is a you think that the tools we have available to us super-powerful another key point I want to get your reaction on with kubernetes and containers this kind of de facto standardization is breathing new life into good initiatives and legacy projects so you think about OpenStack okay OpenStack gets a nice segmented approach is now clear with a where the swim lanes are you're an app developer you go over here and if you are a network and infrastructure guy you're going here but middleware a from talk to the Red Hat guys here we talk to IBM those legacy and apps can put a container around it and don't have to be thrown away and take their natural course now I think it's gonna be a three line through this holy a second life is for legacy and stuff and then to cloud is and it's in second inning because now you have the enablement for cloud your reaction the enablement of cloud Ibn iBM has cloud and then the market shares of nm who you believe they're not in that they're in the top three but they're not double digits according to synergy research and he bought us a little bit higher but still if you compare public cloud they're small they look at IBM's and tire and small base and saying if they have a specialty cloud that can be assembled quit Nellie yeah and scaled and maybe instantly successfully overnight yeah I think a few years ago you know there was a lot different always a few years back it always looks confusing right a few years back we were still arguing public cloud private cloud as private cloud ed is what is a true private cloud is that even valuable I still see people on Twitter making fun of everything anybody who's not 100% into the full public cloud which means they must not have talked to you know a lot of IT folks who have to business to run today so I think you're saying it's a it's a it's a multivalent world multi-cloud there's going to be differentiated clouds there's going to be operational clouds there's gonna be financial clouds and just it's it seems clear that you know from the perspective of right now here in San Francisco and 2018 that that you know the purpose of public-private hybrid seems pretty clear just like the purpose of like I said we're gonna in two weeks we'll be an openstack summit I mean the purpose of that seems pretty clear it's it's funny it's like I had this argument and each Assateague he thinks everything should go the public cloud goes eaten has one of the public clouds but he's kind of right and I and I and we talked about this way I with him I said if everything is running cloud operation we're talking about cloud ops we're talking about how its managed how its deployed code bases across the board if everything is clarified from an OP raishin standpoint the Dearing on Prem and cloud and IOT edge is there's no difference stuffs moving around so you almost treats a data center as an edge network so now it's sexually all cloud in my mind so then and also you do have to keep in mind time time horizons right anybody who has to do work the today this quarter right has to keep in mind what's what what portfolio of business deeds and tools do I have right now versus what it's gonna look like in a few years all right so I want to get your thoughts on your walk away from today I'll start my walk away from day one was talking some of the practitioners Macquarie Bank and Amadeus to me they're a tell signed the canary in the coalmine what's happening horizontally scalable synchronous infrastructure the new model is here now we're seeing them saying things like it's a streaming world not just Kafka for streaming data streaming services levels of granularity that at workers traded with containers and kubernetes up and down the stack to me architects who think that way will have a preferred advantage over everybody else that to me was like okay we're seeing it play out I guess I totally agree right the future isn't evenly distributed my takeaway though is there's certainly a future here and the people we talked to today are doing real-world enterprise scale multi-cloud micro services and modern architectures incorporating their legacy applications and components and that and they're just doing it and they're not even breaking a sweat so I think IT has really changed ok day one coverage continues day two tomorrow we have three days of wall-to-wall coverage day two and then finally day three Thursday here in San Francisco this is the cubes live coverage go to the cube dotnet to check out all the videos they're gonna be going up as soon as they are done live here and check out all the cube alumni and check out Silicon angle comm for all news coverage then of course you got tech reckoning Jon's company's the co-founder of for John Fourier and John Shroyer that's day one in the books thanks for watching see you tomorrow

from San Francisco it's the queue covering Red Hat summit 2018 brought to you by Red Hat hey welcome back everyone here live in San Francisco at Moscone West of cubes exclusive coverage of Red Hat summit 2018 I'm John four with mykos John Shroyer founder of tech reckoning advisory and on community services firm our next guest is Jason O'Connell openshift platform owner of mark McQuarrie group welcome to the Cuse let's get it right that's right well the retail bank of Macquarie so thank you and financial services thanks for coming on so bas lead banking is pretty hot big-time early adopter of all things tech yes and you doing a lot of work at kubernetes tell us about what you're doing take a minute to explain your job what your focus is some of the some of the environment DevOps things you're doing that's the basic I'm head of the container platforms team at Macquarie Bank so basically my team manages open shifts on AWS we do the architecture on there but we also focus a lot on the value add on top so we don't just give our our customers for my team are the developers and the development teams we don't just give them a blank platform we do a lot of automation a lot of work on top of that basically because we want to make sure that the idea of a platform as a service is that we do as much as possible to make developers lives easy tell about the journey when did you start on this effort Asli Amazon's great cloud we use it as well other clouds are coming on you got Google and Microsoft and others but when did the open shift conversations start happening where were you what year was it how long have you been using it it's gone through some great changes I want to get your experience on that opened she have to journey I mean somewhat of an early adopter I mean we started looking at this two years ago so that was openshift 3.1 a lot of the basic features weren't even there but it took us a year to both build it out as well as migrate about 40 applications to production so there's only a year ago that we've been in production so it's evolved like so rapidly during that time so 40 applications migrating right that enough in and of itself in a year is is a pretty heavy lift can you talk a little bit about are you just replied forming the applications obviously probably not rewriting at this point the open shift has been a good home for the applications that you started out with it sounds like I mean one of the reasons to choose openshift was docker and it was about that migration path I mean part of the migration was ensuring that developers could get everything running locally get these legacy systems we did a lot of micro services running locally on docker containers on their laptop then the migration was was easy from there but we deliberately didn't want to do like a lift and shift we wanted to rethink how we delivered software as part of this project okay what's the biggest challenges you had in doing this I mean as you go but she has got some great movements you could burn aces a good bet and kubernetes is looking like a really awesome way to move workloads around and manage containers and clusters so you know what's what are some of the things we've learned what are some of the complexities that you overcame can you share a little bit about some of the specifics I think I think the newness is is probably the biggest challenge I mean going back to two years ago there were some very basic components that weren't there at the time when we knew were coming and even now there are pieces of work which we just don't tackle and we do a very quick fix because we know it's coming later I mean it's just moving and evolving so quickly you know we're waiting a lot for sto which is coming in the future so we're holding back on investing in certain areas because of that so it's always a constant challenge yeah I still looking good and the service mesh is hot as well how has OpenShift helped you but what's the what's the if you had to kind of boil it down what's the been the the impact to you guys where's the where's that coming from I mean before we even selected OpenShift we had we're looking at our objectives from a business perspective not a technology perspective I'm the biggest objective we had with speed to delivery you know how could you get a business idea a product idea into production as fast as possible or even if you look at a minor fix to something something that should be easier develop it takes a data ride why does it take a month to release the production so speed of delivery was one of the key objectives and I can tell you more about how we we delivered that in detail but just going back to the objectives we also looked at developer experience you know sometimes the developers are not spending enough time coding and doing if they want they get bogged down in a lot of other pieces of work dinner I'm really delivering business value yeah so again we wanted the platform to handle that for them they could focus more on their work and this is the promise of DevOps and the whole idea of DevOps is to automate away the hassles and I mean my part to Dave a lot that calls a rock fetches no one likes to do all that work it's like can someone else just handle it and then when you got now automation that frees it up but this brings up the thing I would love to get your reaction to because one things we've been covering and talking a lot about in the cube is this is been happening around us it's not just what we're doing but this new modern way to deploy software you look at like some of the big things that are happening in with cloud native and you mention SEO is to do this awesome dynamic things on the fly that are automated away so it changes the how software is being built how are you guys embracing that what's the thought oh so you've got a team that's got the mindset of DevOps yeah I'll see embracing this vision and if everything else is probably substandard she'll you look at you know waterfall or any kind of non agile what is the your view of this modern era of writing code and building applications what I mean for people who don't aren't getting it how are you how do you explain it you know I think it's I mean it's an unbelievable time that we're in at the moment I mean the amount of automation that we're doing is huge and part of our openshift is that it's an automated bull platform so I've got a few junior guys in my team they're like two graduates and in turn they do a lot of the automation yeah it's that easy now everything's got API so we can connect everything so I do find when we interface with some of the older school teams in different parts of the bank that aren't doing this level of automation they used to manual processes and manual ways of doing things and now we look at everything where everything can be automated that's thing you really truly feel now opened up that you could automate absolutely everything I mean the developer productivity one is key you know state of mind is another I mean the mood is better okay people are in a better mood more productive yeah and I think if you look at interestingly in like security and risk teams and governments teams where we're finding look they can improve security risk and all this by automating you know they're the one set and now we've got SEC offs movements and things like that so speed of production is is does not prohibit better security and in fact with Sec ups the amount of automation we do you got a far greater amount of security because we now know everything that's deployed we can continually scanning for vulnerabilities yeah what so Jason you talked about it being new we've talked a little bit about culture how much of this has been a training exercise how much is that it's a cultural shift within your organization as one of the leaders of it how are you approaching I mean we're lucky there within Macquarie Bank there was a large scale culture shift towards agile where the whole thing runs in that gel manner so that's helped us then feel in our technology and automation it complements that way of delivering so we've got some very unique ways where we've done automation and delivery which completely rethinks how we used to deliver before so example yeah for instance now if you think why were people scared of delivering something into production why was a small change scary change and a big part of it is the blast radius if something went wrong you know connecting through to our API is we've got our own channels we've got mobile apps got a website you've got a lot of partners there are the companies connecting through as well and so even if you did a small change if it costs an issue everyone's affected at once so a big piece of what we did to deliver faster is allowed targeted releases you know I could target a release and a change just to you we could target it to a percentage of customers monitor rolled out quickly if there's a problem dial it up if it's looking good good target to any channel it seems like there's a business benefit to that too oh it's massive here because you also can promise stability on certain channels if you want you can have faster channels that are moving quickly and in an API driven world we've got external companies connecting through to these api's you want to be able to say that we've given you a stable offering and you can upgrade when you want and then our channels we cannot move more fast so we've got mr. no-brainer I mean really the old way is completely dead because of that because you think about the blast radius you're pointing about blast radius the risk is massive so everyone's kind of on edge all these tests have to go in redundancies as if the planning is ridiculous all for the risk well that energy you're optimizing for a potential non-event or event here with micro-services and you and app can go down to the granular level the granularity is really amazing so when you go forward first of all it's a recruiting opportunity to get better engineers wait this is a way we work I'm going forward I want you to comment on your opinion as an industry participant and can clarify this because a lot of you'll get confused here automation they think jobs are going away administration is getting automated system admin type roles where junior people can now do more operating things but the operating roles not going away so talk about that that ops side because now the ops are more efficient the right things are audited me you but talk about that dynamic between the right things being automated and the right things that are gonna roll to operational service meshes or whatnot yeah I mean basically it's about getting people to do these higher-order functions so the people who are doing things manually and operating things manually you look at our Ops teams now morphing into like the classic SRE team you know the side reliability engineering teams where they're spending a significant amount of that time automating things you know looking at alerting and monitoring then Auto healing I mean it's actually more work to automate everything but with a far greater amount of quality and reliability when we go and the benefits are long it's worth it basically you do the work upfront and you reap the benefits and then variety of ways like writing rolling out software managing workloads talk about multi class here on Amazon multi cloud is a big focus to your hybrid cloud multi-cloud obviously we're seeing that trend how do you look at multi cloud as a practitioner what are some of the things that check our check boxes for you in terms of ok as we start looking for the next level there might be a multiple cloud scenario how do you think about that and how do you put that into perspective that's worth noting even two years ago and we selected open shifty it was with the idea that we could go multi-cloud you know that for the users for the developers they're not going to know the difference where we run it on so we're not locked into any provider I mean at the moment we're kind of just exploring Google cloud and we're looking at what it would look like so even we don't know yet some people have spoken about stretching your cluster across to clouds that means one cluster across two seems very difficult to me that a lot of latency issues potentially there's also cloud arbitrage you know can we get certain workloads on a card that's cheaper can we use spot instances can we spin things up and down we're on Google it's cheaper and then it also raises questions around okay do we need Federation and we know Federation has been talked about a lot with kubernetes how do we manage so many clusters and even on AWS now we have three production clusters you had multi clouds how am I gonna manage that what about the services layer of clouds right obviously the Red Hat platform gives you a services layer that could run anywhere but underneath that right AWS has its own services layer Google you know a lot of AI ml you know it could you be able to are you thinking about taking advantage or how are you thinking about those different offerings on different different places I mean this is the challenge I face and what we're exploring is that do some teams have the differentiating services the unique services that they want on Google especially for managing data machine learning we know those services are key for them some teams will have that but yet then can we call them over from AWS even oh do we have to deploy in in Google and have that in one data center can we go across with services so it's really like not just cloud AWS cloud Google but it's actually criss-crossing that's another thing we're exploring Jason thanks for coming on the cube really appreciate your commentary I've seen multiple red hats you guys have won awards you've been here before great job final question for you if you could boil down OpenShift into kind of like a sound byte for you what does it mean to you guys what's been the benefit what's been it it's been that what's been the role what's the benefit of openshift as you explore the cloud journey you know I could say speed I could say automation I mean that's huge but but really OpenShift and read how to pick the winner which is docker and kubernetes and a colleague of mine is in pucon in copenhagen last week he's constantly messaging me saying there's new tooling you guys can use this you can use that and a means that rather than us doing the work we're just getting tooling from the community so it's the de facto standards so that's that's probably the biggest benefit all the goodness is just coming right to your front door likely and I got to do my homework every night playing around with this technology so yeah great success story and again the great community open-source projects out there you guys can bring that in and productize it for the retail bank congratulations love open-source stories like this tier one citizen and again continues to power the world open-source softens the cube doing our part bring and use all the data from Red Hat summit 2018 I'm John fryer with John Tory we'll be back with more after this short break

why from the mandalay bay convention center in las vegas it's the cues covering vmworld 2016 rock you buy vmware and its ecosystem sponsors we are here live in las vegas at mandalay bay in the hang space at vmworld 2016 this is the cube silicon angles flagship program where we go out to the events that extract the signal from noise i'm john for my host John Tory with tech reckoning our next guest is vegetable Shan who is the senior director of product management at HP storage HPE storage EP enterprise welcome back to the cube good to see you hey John good to see you you guys obviously a big partner with VMware in the ecosystem is the update men all flash all the time it's a flash crazy world now yeah if you want to talk about flash you know so to your earlier comment about vmware partnerships we work with them vmware community across many different areas right flash storage being one of them key one just because many of these virtualized environments today depend so heavily on the storage and flash makes it a very very attractive option for four people running virtualized environments so talk about where it's all fitting in with vmware for you guys after you you know the three par success story dave vellante always raves about the best knowledge is HP's ever done is a gift that keeps on giving as he always says now with the all-flash side of it how is it impacting the data storage data protection all the integrated stuff that the customers are looking for is to change the game a bit or what's just i think you know if I if I may there's the core of an all-flash offering right and if you brought down the core you can say it's about performance it's about affordability right and clearly when all flash started performance was the key then there was the affordability wave and then there's even now what you would call data services way it's right where the ability to do snapshots or quality of service so I would mark those as the core then you could ask other table stakes sorry those are those tables say say you go thank you table stakes yeah and then some other question is if we look outside the core because the core is pretty much understood today right there's still lots of things outside of the core so for example how do you protect the flash array right how do you do data protection in a bit of a flash because the considerations are different your performance is different your application characteristics at difference so what I do a data protection that's one aspect the other aspect is your infrastructure right your host connectivity you know your bottleneck used to be storage you'll eliminate that bottleneck where is the bottleneck now is it on your host pipes and then the third thing I'd say sort of outside the core would be you know there are new environments coming up containerized environments are an interesting place where you may develop on one environment and choose to deploy in another in these cloud native apps again how does a flash array operate in those kinds of environments so outside of the main court a lot very interesting areas to look at about HP enterprises and specifically don't want the flash the data protection in the host side connectivity not so much the storage or talk about the difference of those areas and now they all work together yeah so let's look at the data protection first right and so what are the attributes of data protection that matter in a flash environment first of all how often are you taking your data protection snaps for example are you using snapshots do you go direct to a backup device what is the latency impact in taking the backup what happens to your backup windows how do you restore quickly if you are snapping every hour on the hour do you go back with the full backup apply incrementals can you do synthetic folds so lots of different elements here and I think the point of view is you could take back up from a point of view I've got to back up my entire environment I vmc array of IBM arrays of HP arrays have a whole environment here to backup right or you can say hey in my flash environment how do I ensure it's optimized just like what veem did with you know virtualize backups right they took a very specific approach not the same thing can be said with data protection and flash do you see so put the story for primary storage yeah how do you distort change then as you're backing up to another flash device RP are you saying that look in the field so so that's interesting you say that because you have different choice points now right so i could have to prime arrays replicating each other that I could be backing up the secondary array to addy duplicating device that's one option the other options I could be having my primary array backing up to a deduplication device and replicating the deduplication level or the device level here or I could be replicating at the host level so I think there are different choice points question is how do you choose one versus the other and their trade offs right there sort of pros and cons um and and you want to be able to offer the customers that choice as well as the guidance as to when you would do one versus the other I love the way you're talking about generations we've gotten to this one this core system now of this generation of solid say yes but there's all these other technologies coming down the pipe we talk a lot about nvme and connectivity and we talk a lot about 3dx point and that's going to change everything where do those fit into the this framework that you that you've been talking about so you go back down into the core and look at performance right because there's got to be a performance next that's our industry it never stays the same right things always move and so the key to looking through those technologies that you asked about John is to look at sort of the n to n path of an i/o and it starts from an application it traverses some kind of fabric it gets to what I would call a controller fabric on the storage side and then from that control of fabric weather data is processed dee doop compress for example it gets written to back-end right and so you have to look at that end-to-end path so some of the technologies that we've been talking about talks about the different points here so nvme as a back-end connectivity for back-end media to the controllers that significantly cuts the lengthy down now but if you look at the latency envelope today the lion's share of the length C is not with the SAS protocol back end its with the media right and so if you did nvme you want to pair it up with storage class memory to get the benefit of that latency and then you want to ensure as well that you are talking say nvme over fabric to your host so that the protocol delays there go away and so again here you can see how envy me impacts choice of media choice of host connectivity so you get that end to niño optimization talk about what's next for flash performance specifically across the host fabric controller fabric and the media back-end fabric yeah so I think you have to then figure out now as in all emerging technologies there's probably going to be different choice points right so we look at a host to front end storage port connectivity that traditionally has been fibre channel we are seeing a rise of I skazhi and ethernet so the question is what does that do with when 25 Giggy 25k Ethan it comes to play right do we see a shift there a tip there maybe I don't know I think again you want to be able to offer choice points and if you can reduce that whole plane see using Ethernet technologies I think that's going to be a segment of the market that's gonna be very attracted to it we've been diving down deep into the technology stack I'm curious if you're seeing the buying center shift as we get to more integrated virtualization teams cloud teams do you have to talk about these technologies down to them and to understand how to buy storage so yeah so that's a very interesting point because there is a segment of the market that says hey I am looking at a vm level or an application level right and I and I don't want to associate all the different component metrics so I think that's the growing trend and hyper convergence for example is a perfect example of that where people want to look at the vm level or even at the application level and you know as we get more and more entrenched in two lines of businesses wanting to develop key competitive capabilities we need to be able to do what exactly what you just said what's the hpe story now that now that you're HPE storage is an important component of what you what you all are doing us I mean in relation to what John was asking what's the future what's the future looking like it you guys talking about in terms of your storage platform so the opportunity for us is to bring you know the collection of different technologies to bear on our customers and I and I view it as two things so job one is for us to be the best storage vet out there in the world if i took that storage myopic view of things right but we're not a small company where a large company and so that's a job to that says how do we the storage and the server and the networking and the compute play together right so we've got to bring the one plus one plus one equals five story and that means the opportunity HP can bring right whether it's things like composable infrastructure where you can say look i have one set of infrastructure for mission-critical applications one set for my cloud native applications why should i have two infrastructures for that i should have one infrastructure that allows me to compose the elements as I see fit for those environments some of them have different attributes I shouldn't have to have different sets of infrastructure to do both nothing to me that's a great opportunity we can bring to our customers about HP Enterprise now and storage give us the update was going on in the business office of the vmware ecosystem thin strategic you guys again like you mentioned been there for a very long time been a big big big partner of vmware but how's business in general at HP enterprise storage business what's the update what's the shiny new toy what's the where's the meat and Wiz what's going on you accepting yeah so so from an HP storage perspective clearly all flashes one of the rock stars there we're doing great with all flash good traction we're seeing a lot of interests around software-defined storage and hyper convergence and you know it's interesting on the software-defined side we've taken the same approach as we as well take on the primary side because we offer now what we call a common data fabric where you can deploy software either in a running on a proliant server or blade server you can deploy that same software as an appliance if that's how you want to consume it you can deploy it as part of a hyper converge packet we even offer it's part of our Helion OpenStack cloud distribution private cloud distribution so again bringing one technology one offering that can span multiple shape and form factors help make it simple for the customer otherwise they're going to do or deploy 13 different things so final question fish as a veteran of the tech business industry hace storage is your focus here at vml what are you taking back with you home as a key walk away item from vmworld share with the folks what you're learning what's that what's the vibe what's what's what are you going to take home with you as a walk away pretty much vehicles always been a great show right it's probably the one place where you know it's got such a rich ecosystem of vendors such a rich ecosystem some offering both complimentary and competitive so you know we have the stone we called frenemy right you're a friend in some places an enemy in others which is great because it just gives you places to collaborate and give new capability to your customers the vibes great at vmworld very rich ecosystem they're doing a lot of great technology innovations in cloud and software-defined we partner in Maine spaces we compete in some yeah but hey that's just the way the cookie crumbles and customers one choice fish thanks so much for sharing your inside the cube great to see you see at HP discover coming up in London in December yes right i think it's december or is that it's quite not much of a neighbor okay and yeah right yeah so big events european version of hpe discover which we just had an amazing set of interviews the cube was there could still get an angle website web site com or youtube com still gonna go check out the HP Enterprise discover videos tons of storage videos with all the big dogs on there thanks we spending the time now here I am world thank you if we are live at the mandalay bay in the hang space at vmworld 2016 john free with john schuer with tech reckoning we write back you're watching the cube