(intro music playing) >> Hello everyone, and welcome to the power of n where HPE Aruba and Pensando are changing the game, the way customers scale with the cloud, and what's next in the evolution in switching. Hey everyone, I'm John furrier with the cube, and I'm here with Shane Corbin, director of technical product management at Pensando, and William show vice president of product management, Aruba HPE. Gentlemen, thank you for coming on and doing a deep dive and, and going into the, the big news. So the first question I want to ask you guys is um, what do you guys see from a market customer perspective that kicked this project off? um, amazing um, results um, over the past year or so? Where did it all come from? >> No, it's a great question, John. So when we were doing our homework, there were actually three very clear customer challenges. First, security threats were largely spawn with on, within the perimeter. In fact, Forrester highlighted 80% of threats originate within the internal network. Secondly, workloads are largely distributed creating a ton of east-west traffic. And then lastly, network services such as firewalls, load balancers, VPN aggregators are expensive, they're centralized, and they ultimately result in service chaining complexity. >> John: So, so, >> John: Go ahead, Shane. >> Yeah. Additionally, when we spoke to our customers after launching initially the distributed services platform, these compliance challenges clearly became apparent to us and while they saw the architecture value of adopting what the largest public cloud providers have done by putting a smart NIC in each compute node to provide these stateful services. Enterprise customers were still, were struggling with the need to upgrade fleets and brown field servers and the associated per node cost of adding a smart NIC to every compute node. Typically the traffic volumes for on a per node basis within an enterprise data center are significantly lower than cloud. Thus, we saw an opportunity here to, in conjunction with Aruba, develop a new category of switching product um, to share the processing capabilities of our unique intellectual property around our DPU across a rack of servers that net net delivers the same set of services through a new category of platform, enabling a distributed services architecture, and ultimately addressing the compliance and TCO generating huge TCO and ROI for customers. >> You know, one of the things that we've been reporting on with you guys, as well as the cloud scale, this is the volume of data and just the performance and scale. I think the timing of the, of this partnership and the product development is right on point. And you've got the edge right around the corner, more, more distributed nature of cloud operations, huge, huge change in the marketplace. So great timing on the origination story there. Great stuff. Tell me more about the platform itself, the details, what's under the hood, the hardware OS, what are the specs? >> Yeah, so we started with a very familiar premise. Rubik customers are already leveraging CX with an edge to cloud common operating model, in deploying leaf and spine networks. Plus we're excited to introduce the industry's first distributed services switch, where the first configuration has 48-25 gig ports with a hundred gig couplings running Aruba CX cloud native operating system, Pensando Asic's software inside, enabling layer four through six, seven stateful services. Shane, do you want to elaborate on. >> Yeah, let me elaborate on that a little bit further, um, you know, as we spoke existing platforms and how customers were seeking to address these challenges were, are inherently limited by the ASIC dye size, and that does limit their scale and performance and ability in traditional switching platforms to deliver truly stateful functions in, in, in a switching platform, this was, you know, architecturally from the ground up, when we developed our DPU, first and second generation, we delivered it, or we, we built it with stateful services in mind from the get-go, we leveraged the clean state design with our P four program with DPU. We evolved to our seven nanometers based pro DPU right now, which is essentially enabling software and Silicon. And this has generated a new level of performance scale, flexibility and capability in terms of services. This serves as the foundation for our 200 gig card, were we taking the largest cloud providers into production for. And the DPU itself is, is designed inherently to process stage, track stateful connections, and stateful flow is at very, very large scale without impacting performance. And in fact, the two of these DPU components server disk, services foundation of the CX 10 K, and this is how we enable stateful functions in a switching platform functions like stateful network fire-walling, stateful segmentation, enhanced programmable telemetry, which we believe will bring a whole lot of value to our customers. And this is a platform that's inherently programmable from the ground up. We can, we can build and leverage this platform to build new use cases around encryption, enabling stateful load balancing, stateful NAT to name a few, but, but the key message here is, this is, this is a platform with the next generation of architecture's in mind, is programmed, but at all, there's the stack, and that's what makes it fundamentally different than anything else. >> I want to just double click on that if you don't mind, before we get to the competitive question, because I think you brought up the state thing. I think this is worth calling out, if you guys don't mind commenting more on this states issue, because this is big. Cloud native developers right now, want speed, they're shifting left at the CICD pipeline with programmability. So going down and having the programmability, and having state is a really big deal. Can you guys just expand on that a little bit more and why it's important and, and how hard it really is to pull off? >> I, I can start, I guess, um, it's very hard to pull off because of the sheer amount of connections you need to track when you're developing something like a stateful firewall or a stateful load balancer, a key component of that is managing the connections at very, very large scale and understanding what's happening with those connections at scale, without impacting application performance. And this is fundamentally different at traditional switching platform, regardless of how it's deployed today in Asics, don't typically process and manage state like this. Um, memory resources within the chip aren't sufficient, um, the policy scale that you can um, implement on a platform aren't sufficient to address and fundamentally enable deployable firewalling, or load balancing, or other stateful services. >> That's exactly right. And so the other kind of key point here is that, if you think about the sophistication of different security threats, it does really require you to be able to look at the entire packet, and, and more so be able to look at the entire flow and be able to log that history, so that you can get much better heuristics around different anomalies, security threats that are emerging today. >> That's a great, great point. Thanks for, for, um, bringing that extra, extra point out. I would just add to this, we're reporting this all the time on Silicon angle in the cube is that, you know, the, you know, the, the automation wave that's coming with around data, you know, it's a center of data, not data centers we heard earlier on with the, in, in, in the presentation. Data drives automation, having that enabled with the state is a real big deal. So, I think that's really worth calling out. Now, I've got to ask the competition question, how is this different? I mean, this is an evolution. I would say, it's a revolution. You guys are being being humble, um, but how is this different from what customers can deploy today? >> Architecturally, if you take a look at it. We've, we've spoken about the technology and fundamentally in the platform what's unique, in the architecture, but, foundationally when customers deploy stateful services they're typically deployed leveraging traditional big box appliances for east-west our workload based agents, which seek to implement stateful security for each east-west. Architecturally what we're enabling is stateful services like firewalling, segmentation, can scale with the fabric and are delivered at the optimal point for east west which is through leaf for access layer of the network. And we do this for any type of workload. Be it deployed on a virtualized compute node, be a deployed on a containerized worker node, be deployed on bare metal, agnostic up typology, it can be in the access layer of a three tier design and a data center. It can be in the leaf layer of a VX VPN based fabric, but the goal is an all centrally managed to a single point of orchestration and control of which William will talk about shortly. The goal of this is to drive down the TCO of your data center as a whole, by allowing you to retire legacy appliances that are deployed in an east-west roll, and not utilize host based agents, and thus save a whole lot of money and we've modeled on the order of 60 to 70% in terms of savings in terms of the traditional data center pod design of a thousand compute nodes which we'll be publishing. And as, as we go forward additional services, as we mentioned, like encryption, this platform has the capability to terminate up to 800 gigs of our line rates encryption, IP sec, VPN per platform, stateful Nat load balancing, and this is all functionality we'll be adding to this existing platform because it's programmable as we've mentioned from the ground up. >> What are some of the use cases lead? And what's the top use cases, what's the low hanging fruit and where does this go? You've got service providers, enterprises. What are the types of customers you guys see implementing? >> Yeah, that's, what's really exciting about the CX 10,000. We actually see customer interest from all types of different markets, whether it be higher education, service providers to financial services, basically all enterprises verticals with private cloud or edge data centers. For example, it could be a hospital, a big box retailer, or a colon such as Iniquinate So it's really the CX 10,000 that creates a new switching category, enabling stateful services in that leaf node right at the workload, unifying network and security automation policy management. Second, the CX 10,000 greatly improves security posture and eliminates the need for hair-pinning east-west traffic all the way back to the centralized deployments. Lastly, As Shane highlighted, there's a 70% TCO savings by eliminating that appliance sprawl and ultimately collapsing the network security operations. >> I love the category creation um, vibe here. Love it. And also the technical and the cloud alignment's great. But how do the customers manage all this? Okay, I got a new category. I just put the box in, throw away some other ones? I mean, how does this all get done? And how does the customers manage all this? >> Yeah, so we're, we're looking to build on top of the river fabric composer. It's another familiar site for our customers, and what's already provides for compute storage and network automation, with a broad ecosystem integrations, such as VMware vSphere Vcenter as with Nutanix prism and so aligned with the CX 10,000 FGA, now you have a fabric composer, unified security and policy orchestration, and management with the ability to find firewall policies efficiently and provide that telemetry to collect your such a Splunk. >> John: So the customer environments right now involve a lot of multi-vendor and new frameworks, obviously, cloud native. How does this fit into the customer's existing environment with the ecosystem? How do they get, get going here? >> Yeah, great question. Um, Our customers can get going as we, we've built a flexible platform that can be deployed in either Greenfield or brownfield. Obviously it's a best of breed architecture for distributed services we're building in conjunction with Aruba. But if customers want to gradually integrate this into their existing environments and they're using other vendors, spines or cores, this can be inserted seamlessly as, as a lead for an access, access tier switch to deliver the exact same set of services within that architecture. So it plugs seamlessly in because it supports all the standard control plan protocols, a VX 90 VPN, and a traditional attitude, three tier designs easily. Now, for any enterprise solution deployment, it's critical that you build a holistic ecosystem around it. It's clear that, this will get customer deployments and the ecosystem being diverse and rich is very, very important. And as part of our integrations with the controller, we're building a broad suite of integrations across threat detection, application dependency mapping, Siemens sooam, dev ops infrastructure as code tools. (inaudible) And it's clear if you look at these categories of integrations, you know, XDR or threat detection requires full telemetric from within the data center, it's been hard to accomplish to date because you typically need agents on, on your compute nodes to give you the visibility into what's going on or firewalls for east west fuels. Now, our platform can natively provide full visibility into all flows east- west in the data center. And this can become the source of telemetry truth that these MLX CR engines require to work. The other aspects of ecosystem around application dependency mapping, this single core challenge with deploying segmentation east west is understanding the rules to put in & Right, first is how do you insert the service, um, service device in such a way that it won't add more complexity? We don't add any complexity because we're in line natively. How you would understand it, would allow you to build the rules that are necessary to do segmentation. We integrate with tools like Guardi core, we provide our flogs as source of data, and they can provide room recommendations and policy recommendations for customers. Around, we're building integrations around Siemen soam with, with tools like Splunk and elastic, elastic search that will allow NetOps and SecOps teams to visualize trend and manage the services delivered by the CX 10 K. And the other aspect of ecosystem, from a security standpoint is clearly how do I get policy for these traditional appliances and enforce them on this next generation architecture that you've built, that can enable stateful services. So we're building integrations with tools like turf and an algo sec third-party sources of policy that we can ingest and enforce on the infrastructure, allowing you to gradually, um, migrate to this new architecture over time. >> John: It's really a cloud native switch. I mean, you solve people's problems, pin- points, but yet positioned for growth. I mean, it sounds that's my takeaway, but I got to ask you guys both, what's the takeaway for the customers because it's not that simple for them, I mean it's, we a have complicated environment. (all giggling) >> Yeah, I think it's, I think it's really simple, um, you know, every 10 years or so, we see major evolutions in the data center and the switching environment, but we do believe we've created a new category with the distributed services, distributed services switch, delivering cloud scale distributed services, where the local, where the workloads reside greatly, simplifying network, security provisioning, and operations with the urban fabric composer while improving security posture and the TCO. But that's not all the folks, it's a journey, right Shane? >> Yeah, it's absolutely a journey. And this is the first step in a long journey with a great partner like Aruba. There's other platforms, hundred or 400 gig hardware platforms where we're looking at and then this additional services that we can enable over time, allowing customers to drive even more TCO value out of the platform of the architecture services like encryption for securing the cloud on-ramp, services like stateful load balancing to deploy east-west in the data center and, you know, holistically that's, that's the goal, deliver value for customers. And we believe we have an architecture and a platform, and this is a first step in a long journey. >> It's a great way of, I just ask one final, final question for both of you as product leaders, you got to be excited having a category creation product here in this market, this big wave, but what's your thoughts? >> Yeah, exactly right, it doesn't happen that often, and so we're, we're all in it's, it's exciting to be able to work with a great team like Pensando and Shane here. Um, so we're really, really excited about this launch. >> Yeah, it's awesome. The team is great. It's a great partnership between Pensando and Aruba. You know, we, we look forward to delivering value for our joint customers. >> John: Thank you both for sharing under the hood and more details on the product. Thanks for coming on. >> [William And Shane] Thank you. >> Okay. The next evolution in switching, I'm John Furrier here with the power of nHPE Aruba and Pensando changing the game, the way customers scale up in the cloud and networking. Thanks for watching. (music playing)