>>The cube presents HPE discover 2022 brought to you by HPE. >>Hey everyone. Welcome back to the Cube's day one coverage of HPE discover 22 live from the Venetian in Las Vegas. I got a power panel here, Lisa Martin, with Dave Valante, John furrier, Holger Mueller also joins us. We are gonna wrap this, like you've never seen a rap before guys. Lot of momentum today, lot, lot of excitement, about 8,000 or so customers, partners, HPE leaders here. Holger. Let's go ahead and start with you. What are some of the things that you heard felt saw observed today on day one? >>Yeah, it's great to be back in person. Right? 8,000 people events are rare. Uh, I'm not sure. Have you been to more than 8,000? <laugh> yeah, yeah. Okay. This year, this year. I mean, historically, yes, but, um, >>Snowflake was 10. Yeah. >>So, oh, wow. Okay. So 8,000 was my, >>Cisco was, they said 15, >>But is my, my 8,000, my record, I let us down with 7,000 kind of like, but it's in the Florida swarm. It's not nicely. Like, and there's >>Usually what SFI, there's usually >>20, 20, 30, 40, 50. I remember 50 in the nineties. Right. That was a different time. But yeah. Interesting. Yeah. Interesting what people do and it depends how much time there is to come. Right. And know that it happens. Right. But yeah, no, I think it's interesting. We, we had a good two analyst track today. Um, interesting. Like HPE is kind of like back not being your grandfather's HPE to a certain point. One of the key stats. I know Dave always for the stats, right. Is what I found really interesting that over two third of GreenLake revenue is software and services. Now a love to know how much of that services, how much of that software. But I mean, I, I, I, provocate some, one to ones, the HP executives saying, Hey, you're a hardware company. Right. And they didn't even come back. Right. But Antonio said, no, two thirds is, uh, software and services. Right. That's interesting. They passed the one exabyte, uh, being managed, uh, as a, as a hallmark. Right. I was surprised only 120,000 users if I had to remember the number. Right, right. So that doesn't seem a terrible high amount of number of users. Right. So, but that's, that's, that's promising. >>So what software is in there, cuz it's gotta be mostly services. >>Right? Well it's the 70 plus cloud services, right. That everybody's talking about where the added eight of them shockingly back up and recovery, I thought that was done at launch. Right. >>Still who >>Keep recycling storage and you back. But now it's real. Yeah. >>But the company who knows the enterprise, right. HPE, what I've been doing before with no backup and recovery GreenLake. So that was kind of like, okay, we really want to do this now and nearly, and then say like, oh, by the way, we've been doing this all the time. Yeah. >>Oh, what's your take on the installed base of HP. We had that conversation, the, uh, kickoff or on who's their target, what's the target audience environment look like. It certainly is changing. Right? If it's software and services, GreenLake is resonating. Yeah. Um, ecosystems responding. What's their customers cuz managed services are up too Kubernetes, all the managed services what's what's it like what's their it transformation base look like >>Much of it is of course install base, right? The trusted 20, 30 plus year old HP customer. Who's keeping doing stuff of HP. Right. And call it GreenLake. They've been for so many name changes. It doesn't really matter. And it's kind of like nice that you get the consume pain only what you consume. Right. I get the cloud broad to me then the general markets, of course, people who still need to run stuff on premises. Right. And there's three reasons of doing this performance, right. Because we know the speed of light is relative. If you're in the Southern hemisphere and even your email servers in Northern hemisphere, it takes a moment for your email to arrive. It's a very different user experience. Um, local legislation for data, residency privacy. And then, I mean Charles Phillips who we all know, right. Former president of uh, info nicely always said, Hey, if the CIOs over 50, I don't have to sell qu. Right. So there is not invented. I'm not gonna do cloud here. And now I've kind of like clouded with something like HP GreenLake. That's the customers. And then of course procurement is a big friend, right? Yeah. Because when you do hardware refresh, right. You have to have two or three competitors who are the two or three competitors left. Right. There's Dell. Yeah. And then maybe Lenovo. Right? So, so like a >>Little bit channels, the strength, the procurement physicians of strength, of course install base question. Do you think they have a Microsoft opportunity where, what 365 was Microsoft had office before 365, but they brought in the cloud and then everything changed. Does HP have that same opportunity with kind of the GreenLake, you know, model with their existing stuff. >>It has a GreenLake opportunity, but there's not much software left. It's a very different situation like Microsoft. Right? So, uh, which green, which HP could bring along to say, now run it with us better in the cloud because they've been selling much of it. Most of it, of their software portfolio, which they bought as an HP in the past. Right. So I don't see that happening so much, but GreenLake as a platform itself course interesting because enterprise need a modern container based platform. >>I want, I want to double click on this a little bit because the way I see it is HP is going to its installed base. I think you guys are right on say, this is how we're doing business now. Yeah. You know, come on along. But my sense is, some customers don't want to do the consumption model. There are actually some customers that say, Hey, of course I got, I don't have a cash port problem. I wanna pay for it up front and leave me alone. >>I've been doing this since 50 years. Nice. As I changed it, now <laugh> two know >>Money's wants to do it. And I don't wanna rent because rental's more expensive and blah, blah, blah. So do you see that in the customer base that, that some are pushing back? >>Of course, look, I have a German accent, right? So I go there regularly and uh, the Germans are like worried about doing anything in the cloud. And if you go to a board in Germany and say, Hey, we can pay our usual hardware, refresh, CapEx as usual, or should we bug consumption? And they might know what we are running. <laugh> so not whole, no offense against the Germans out. The German parts are there, but many of them will say, Hey, so this is change with COVID. Right. Which is super interesting. Right? So the, the traditional boards non-technical have been hearing about this cloud variable cost OPEX to CapEx and all of a sudden there's so much CapEx, right. Office buildings, which are not being used truck fleets. So there's a whole new sensitivity by traditional non-technical boards towards CapEx, which now the light bulb went on and say, oh, that's the cloud thing about also. So we have to find a way to get our cost structure, to ramp up and ramp down as our business might be ramping up through COVID through now inflation fears, recession, fears, and so on. >>So, okay. HP's, HP's made the statement that anything you can do in the cloud you can do in GreenLake. Yes. And I've said you can't run on snowflake. You can't run Mongo Atlas, you can't run data bricks, but that's okay. That's fine. Let's be, I think they're talking about, there's >>A short list of things. I think they're talking about the, their >>Stuff, their, >>The operating experience. So we've got single sign on through a URL, right. Uh, you've got, you know, some level of consistency in terms of policy. It's unclear exactly what that is. You've got storage backup. Dr. What, some other services, seven other services. If you had to sort of take your best guess as to where HP is now and peg it toward where Amazon was in which year? >>20 14, 20 14. >>Yeah. Where they had their first conference or the second we invent here with 3000 people and they were thinking, Hey, we're big. Yeah. >>Yeah. And I think GreenLake is the building blocks. So they quite that's the >>Building. Right? I mean similar. >>Okay. Well, I mean they had E C, Q and S3 and SQS, right. That was the core. And then the rest of those services were, I mean, base stock was one of that first came in behind and >>In fairness, the industry has advanced since then, Kubernetes is further along. And so HPE can take advantage of that. But in terms of just the basic platform, I, I would agree. I think it's >>Well, I mean, I think, I mean the software, question's a big one. I wanna bring up because the question is, is that software is getting the world. Hardware is really software scales, everything, data, the edge story. I love their story. I think HP story is wonderful Aruba, you know, hybrid cloud, good story, edge edge. But if you look under the covers, it's weak, right? It's like, it's not software. They don't have enough software juice, but the ecosystem opportunity to me is where you plug and play. So HP knows that game. But if you look historically over the past 25 years, HP now HPE, they understand plug and play interoperability. So the question is, can they thread the needle >>Right. >>Between filling the gaps on the software? Yeah. With partners, >>Can they get the partners? Right. And which have been long, long time. Right. For a long time, HP has been the number one platform under ICP, right? Same thing. You get certified for running this. Right. I know from my own history, uh, I joined Oracle last century and the big thing was, let's get your eBusiness suite certified on HP. Right? Like as if somebody would buy H Oracle work for them, right. This 20 years ago, server >>The original exit data was HP. Oracle. >>Exactly. Exactly. So there's this thinking that's there. But I think the key thing is we know that all modern forget about the hardware form in the platforms, right? All modern software has to move to containers and snowflake runs in containers. You mentioned that, right? Yeah. If customers force snowflake and HPE to the table, right, there will be a way to make it work. Right. And which will help HPE to be the partner open part will bring the software. >>I, I think it's, I think that's an opportunity because that changes the game and agility and speed. If HP plays their differentiation, right. Which we asked on their opening segment, what's their differentiation. They got size scale channel, >>What to the enterprise. And then the big benefit is this workload portability thing. Right? You understand what is run in the public cloud? I need to run it local. For whatever reason, performance, local residency of data. I can move that. There that's the big benefit to the ISVs, the sales vendors as well. >>But they have to have a stronger data platform story in my that's right. Opinion. I mean, you can run Oracle and HPE, but there's no reason they shouldn't be able to do a deal with, with snowflake. I mean, we saw it with Dell. Yep. We saw it with, with, with pure and I, if our HPE I'd be saying, Hey, because the way the snowflake deal worked, you probably know this is your reading data into the cloud. The compute actually occurs in the cloud viral HB going snowflake saying we can separate compute and storage. Right. And we have GreenLake. We have on demand. Why don't we run the compute on-prem and make it a full class, first class citizen, right. For all of our customers data. And that would be really innovative. And I think Mongo would be another, they've got OnPrem. >>And the question is, how many, how many snowflake customers are telling snowflake? Can I run you on premise? And how much defo open years will they hear from that? Right? This is >>Why would they deal Dell? That >>Deal though, with that, they did a deal. >>I think they did that deal because the customer came to them and said, you don't exactly that deal. We're gonna spend the >>Snowflake >>Customers think crazy things happen, right? Even, even put an Oracle database in a Microsoft Azure data center, right. Would off who, what as >>Possible snowflake, >>Oracle. So on, Aw, the >>Snow, the snowflakes in the world have to make a decision. Dave on, is it all snowflake all the time? Because what the reality is, and I think, again, this comes back down to the, the track that HP could go up or down is gonna be about software. Open source is now the software industry. There's no such thing as proprietary software, in my opinion, relatively speaking, cloud scale and integrated, integrated integration software is proprietary. The workflows are proprietary. So if they can get that right with the partners, I would focus on that. I think they can tap open source, look at Amazon with open source. They sucked it up and they integrated it in. No, no. So integration is the deal, not >>Software first, but Snowflake's made the call. You were there, Lisa. They basically saying it's we have, you have to be in snowflake in order to get the governance and the scalability, all that other wonderful stuff. Oh, but we we'll do Apache iceberg. We'll we'll open it up. We'll do Python. Yeah. >>But you can't do it data clean room unless you are in snowflake. Exactly. Snowflake on snowflake. >>Exactly. >>But got it. Isn't that? What you heard from AWS all the time till they came out outposts, right? I mean, snowflake is a market leader for what they're doing. Right. So that they want to change their platform. I mean, kudos to them. They don't need to change the platform. They will be the last to change their platform to a ne to anything on premises. Right. But I think the trend already shows that it's going that way. >>Well, if you look at outpost is an signal, Dave, the success of outpost launched what four years ago, they announced it. >>What >>EKS is beating, what outpost is doing. Outpost is there. There's not a lot of buzz and talk to the insiders and the open source community, uh, EKS and containers. To your point mm-hmm <affirmative> is moving faster on, I won't say commodity hardware, but like could be white box or HP, Dell, whatever it's gonna be that scale differentiation and the edge story is, is a good one. And I think with what we're seeing in the market now it's the industrial edge. The back office was gen one cloud back office data center. Now it's hybrid. The focus will be industrial edge machine learning and AI, and they have it here. And there's some, some early conversations with, uh, I heard it from, uh, this morning, you guys interviewed, uh, uh, John Schultz, right? With the world economic 4k birth Butterfield. She was amazing. And then you had Justin bring up a Hoar, bring up quantum. Yes. That is a differentiator. >>HP. >>Yes. Yeah. You, they have the computing shops. They had the R and D can they bring it to the table >>As, as HPC, right. To what they Schultz for of uh, the frontier system. Right. So very impressed. >>So the ecosystem is the key for them is because that's how they're gonna fill the gaps. They can't, they can't only, >>They could, they could high HPC edge piece. I wouldn't count 'em out of that game yet. If you co-locate a box, I'll use the word box, particularly at a telco tower. That's a data center. Yep. Right. If done properly. Yep. So, you know, what outpost was supposed to do actually is a hybrid opportunity. Aruba >>Gives them a unique, >>But the key thing is right. It's a yin and yang, right? It's the ecosystem it's partners to bring those software workload. Absolutely. Right. But HPE has to keep the platform attractive enough. Right. And the key thing there is that you have this workload capability thing that you can bring things, which you've built yourself. I mean, look at the telcos right. Network function, visualization, thousands of man, years into these projects. Right. So if I can't bring it to your edge box, no, I'm not trying to get to your Xbox. Right. >>Hold I gotta ask you since in the Dave too, since you guys both here and Lisa, you know, I said on the opening, they have serious customers and those customers have serious problems, cyber security, ransomware. So yeah. I teach transformation now. Industrial transformation machine learning, check, check, check. Oh, sounds good. But at the end of the day, their customers have some serious problems. Right? Cyber, this is, this is high stakes poker. Yeah. What do you think HP's position for in the security? You mentioned containers, you got all this stuff, you got open source, supply chain, you have to left supply chain issues. What is their position with security? Cuz that's the big one. >>I, I think they have to have a mature attitude that customers expect from HPE. Right? I don't have to educate HP on security. So they have to have the partner offerings again. We're back at the ecosystem to have what probably you have. So bring your own security apart from what they have to have out of the box to do business with them. This is why the shocker this morning was back up in recovery coming. <laugh> it's kind like important for that. Right? Well >>That's, that's, that's more ransomware and the >>More skeleton skeletons in the closet there, which customers should check of course. But I think the expectations HP understands that and brings it along either from partner or natively. >>I, I think it's, I think it's services. I think point next is the point of integration for their security. That's why two thirds is software and services. A lot of that is services, right? You know, you need security, we'll help you get there. We people trust HP >>Here, but we have nothing against point next or any professional service. They're all hardworking. But if I will have to rely on humans for my cyber security strategy on a daily level, I'm getting gray hair and I little gray hair >>Red. Okay. I that's, >>But >>I think, but I do think that's the camera strategy. I mean, I'm sure there's a lot of that stuff that's beginning to be designed in, but I, my guess is a lot of it is services. >>Well, you got the Aruba. Part of the booth was packed. Aruba's there. You mentioned that earlier. Is that good enough? Because the word zero trust is kicked around a lot. On one hand, on the other hand, other conversations, it's all about trust. So supply chain and software is trusting trust, trust and verified. So you got this whole mentality of perimeter gone mentality. It's zero trust. And if you've got software trust, interesting thoughts there, how do you reconcile zero trust? And then I need trust. What's what's you? What are you seeing older on that? Because I ask people all the time, they're like, uh, I'm zero trust or is it trust? >>Yeah. The middle ground. Right? Trusted. The meantime people are man manipulating what's happening in your runtime containers. Right? So, uh, drift control is a new password there that you check what's in your runtime containers, which supposedly impenetrable, but people finding ways to hack them. So we'll see this cat and mouse game going on all the time. Yeah. Yeah. There's always gonna be the need for being in a secure, good environment from that perspective. Absolutely. But the key is edge has to be more than Aruba, right? If yeah. HV goes away and says, oh yeah, we can manage your edge with our Aruba devices. That's not enough. It's the virtual probability. And you said the important thing before it's about the data, right? Because the dirty secret of containers is yeah, I move the code, but what enterprise code works without data, right? You can't say as enterprise, okay, we're done for the day check tomorrow. We didn't persist your data, auditor customer. We don't have your data anymore. So filling a way to transport the data. And there just one last thought, right? They have a super interesting asset. They want break lands for the venerable map R right. Which wrote their own storage drivers and gives you the chance to potentially do something in that area, which I'm personally excited about. But we'll see what happens. >>I mean, I think the holy grail is can I, can I put my data into a cloud who's ever, you know, call it a super cloud and can I, is it secure? Is it governed? Can I share it and be confident that it's discoverable and that the, the person I give it to has the right to use it. Yeah. And, and it's the correct data. There's not like a zillion copies running. That's the holy grail. And I, I think the answer today is no, you can, you can do that maybe inside of AWS or maybe inside of Azure, look maybe certainly inside of snowflake, can you do that inside a GreenLake? Well, you probably can inside a GreenLake, but then when you put it into the cloud, is it cross cloud? Is it really out to the edge? And that's where it starts to break down, but that's where the work is to be done. That's >>The one Exide is in there already. Right. So men being men. Yeah. >>But okay. But it it's in there. Yeah. Okay. What do you do with it? Can you share that data? What can you actually automate governance? Right? Uh, is that data discoverable? Are there multiple copies of that data? What's the, you know, master copy. Here's >>A question. You guys, here's a question for you guys analyst, what do you think the psychology is of the CIO or CSO when HP comes into town with GreenLake, uh, and they say, what's your relationship with the hyperscalers? Cause I'm a CIO. I got my environment. I might be CapEx centric or Hey, I'm open model. Open-minded to an operating model. Every one of these enterprises has a cloud relationship. Yeah. Yeah. What's the dynamic. What do you think the psychology is of the CIO when they're rationalizing their, their trajectory, their architecture, cloud, native scale integration with HPE GreenLake or >>HP service. I think she or he hears defensiveness from HPE. I think she hears HPE or he hears HPE coming in and saying, you don't need to go to the cloud. You know, you could keep it right here. I, I don't think that's the right posture. I think it should be. We are your cloud. And we can manage whether it's OnPrem hybrid in AWS, Azure, Google, across those clouds. And we have an edge story that should be the vision that they put forth. That's the super cloud vision, but I don't hear it >>From these guys. What do you think psycho, do you agree with that? >>I'm totally to make, sorry to be boring, but I totally agree with, uh, Dave on that. Right? So the, the, the multi-cloud capability from a trusted large company has worked for anybody up and down the stack. Right? You can look historically for, uh, past layers with cloud Foundry, right? It's history vulnerable. You can look for DevOps of Hashi coop. You can look for database with MongoDB right now. So if HPE provides that data access, right, with all the problems of data gravity and egres cost and the workability, they will be doing really, really well, but we need to hear it more, right. We didn't hear much software today in the keynote. Right. >>Do they have a competitive offering vis-a-vis or Azure? >>The question is, will it be an HPE offering or will, or the software platform, one of the offerings and you as customer can plug and play, right. Will software be a differentiator for HP, right. And will be close, proprietary to the point to again, be open enough for it, or will they get that R and D format that, or will they just say, okay, ES MES here on the side, your choice, and you can use OpenShift or whatever, we don't matter. That's >>The, that's the key question. That's the key question. Is it because it is a competitive strategy? Is it highly differentiated? Oracle is a highly differentiated strategy, right? Is Dell highly differentiated? Eh, Dell differentiates based on its breadth. What? >>Right. Well, let's try for the control plane too. Dell wants to be an, >>Their, their vision is differentiated. Okay. But their execution today is not >>High. All right. Let me throw, let me throw this out at you then. I'm I'm, I'm sorry. I'm I'm HPE. I wanna be the glue layer. Is that, does that fly? >>What >>Do you mean? The group glue layer? I'll I wanna be, you can do Amazon, but I wanna be the glue layer between the clouds and our GreenLake will. >>What's the, what's the incremental value that, that glue provides, >>Provides comfort and reliability and control for the single pane of glass for AWS >>And comes back to the data. In my opinion. Yeah. >>There, there there's glue levels on the data level. Yeah. And there's glue levels on API level. Right. And there's different vendors in the different spaces. Right. Um, I think HPE will want to play on the data side. We heard lots of data stuff. We >>Hear that, >>But we have to see it. Exactly. >>Yeah. But it's, it's lacking today. And so, Hey, you know, you guys know better than I APIs can be fragile and they can be, there's a lot of diversity in terms of the quality of APIs and the documentation, how they work, how mature they are, what, how, what kind of performance they can provide and recoverability. And so just saying, oh wow. We are living the API economy. You know, the it's gonna take time to brew, chime in here. Hi. >><laugh> oh, so guys, you've all been covering HPE for a long time. You know, when Antonio stood up on stage three years ago and said by 2022, and here we are, we're gonna be delivering everything as a service. He's saying we've, we've done it, but, and we're a new company. Do you guys agree with that? >>Definitely. >>I, yes. Yes. With the caveat, I think, yes. The COVID pandemic slowed them down a lot because, um, that gave a tailwind to the hyperscalers, um, because of the, the force of massive O under forecasting working at home. I mean, everyone I talked to was like, no one forecasted a hundred percent work at home, the, um, the CapEx investments. So I think that was an opportunity that they'd be much farther along if there's no COVID people >>Thought it wasn't impossible. Yeah. But so we had the old work from home thing right. Where people trying to get people fired at IBM and Yahoo. Right. So I would've this question covering the HR side and my other hat on. Right. And I would ask CHS let's assume, because I didn't know about COVID shame on me. Right. I said, big California, earthquake breaks. Right. Nobody gets hurt, but all the buildings have to be retrofitted and checked for seism logic down. So everybody's working from home, ask CHS, what kind of productivity gap hit would you get by forcing everybody working from home with the office unsafe? So one, one gentleman, I won't know him, his name, he said 20% and the other one's going ha you're smoking. It's 40 50%. We need to be in the office. We need to meet it first night. And now we went for this exercise. Luckily not with the California. Right. Well, through the price of COVID and we've seen what it can do to, to productivity well, >>The productivity, but also the impact. So like with all the, um, stories we've done over two years, the people that want came out ahead were the ones that had good cloud action. They were already in the cloud. So I, I think they're definitely in different company in the sense of they, I give 'em a pass. I think they're definitely a new company and I'm not gonna judge 'em on. I think they're doing great. But I think pandemic definitely slowed 'em down that about >>It. So I have a different take on this. I think. So we've go back a little history. I mean, you' said this, I steal your line. Meg Whitman took one for the Silicon valley team. Right. She came in. I don't think she ever was excited that I, that you said, you said that, and I think you wrote >>Up, get tape on that one. She >>Had to figure out how do I deal with this mess? I have EDS. I got PC. >>She never should have spun off the PC, but >>Okay. But >>Me, >>Yeah, you can, you certainly could listen. Maybe, maybe Gerstner never should have gone all in on services and IBM would dominate something other than mainframes. They had think pads even for a while, but, but, but so she had that mess to deal with. She dealt with it and however, they dealt with it, Antonio came in, he, he, and he said, all right, we're gonna focus the company. And we're gonna focus the mission on not the machine. Remember those yeah. Presentations, but you just make your eyes glaze over. We're going all in on Azure service >>And edge. He was all on. >>We're gonna build our own cloud. We acquired Aruba. He made some acquisitions in HPC to help differentiate. Yep. And they are definitely a much more focused company now. And unfortunately I wish Antonio would CEO in 2015, cuz that's really when this should have started. >>Yeah. And then, and if you remember back then, Dave, we were interviewing Docker with DevOps teams. They had composability, they were on hybrid really early. I think they might have even coined the term hybrid before VMware tri-state credit for it. But they were first on hybrid. They had DevOps, they had infrastructure risk code. >>HPE had an HP had an awesome cloud team. Yeah. But, and then, and then they tried to go public cloud. Yeah. You know, and then, you know, just made them, I mean, it was just a mess. The focus >>Is there. I give them huge props. And I think, I think the GreenLake to me is exciting here because it's much better than it was two years ago. When, when we talked to, when we started, it's >>Starting to get real. >>It's, it's a real thing. And I think the, the tell will be partners. If they make that right, can pull their different >>Ecosystem, >>Their scale and their customers and fill the software gas with partners mm-hmm <affirmative> and then create that integration opportunity. It's gonna be a home run if they don't do that, they're gonna miss the operating, >>But they have to have their own to your point. They have to have their own software innovation. >>They have to good infrastructure ways to build applications. I don't wanna build with somebody else. I don't wanna take a Microsoft stack on open source stack. I'm not sure if it's gonna work with HP. So they have to have an app dev answer. I absolutely agree with that. And the, the big thing for the partners is, which is a good thing, right? Yep. HPE will not move into applications. Right? You don't have to have the fear of where Microsoft is with their vocal large. Right. If AWS kind of like comes up with APIs and manufacturing, right. Google the same thing with their vertical push. Right. So HPE will not have the CapEx, but >>Application, >>As I SV making them, the partner, the bonus of being able to on premise is an attractive >>Part. That's a great point. >>Hold. So that's an inflection point for next 12 months to watch what we see absolutely running on GreenLake. >>Yeah. And I think one of the things that came out of the, the last couple events this past year, and I'll bring this up, we'll table it and we'll watch it. And it's early in this, I think this is like even, not even the first inning, the machine learning AI impact to the industrial piece. I think we're gonna see a, a brand new era of accelerated digital transformation on the industrial physical world, back office, cloud data center, accounting, all the stuff. That's applications, the app, the real world from space to like robotics. I think that HP edge opportunity is gonna be visible and different. >>So guys, Antonio Neri is on tomorrow. This is only day one. If you can imagine this power panel on day one, can you imagine tomorrow? What is your last question for each of you? What is your, what, what question would you want to ask him tomorrow? Hold start with you. >>How is HPE winning in the long run? Because we know their on premise market will shrink, right? And they can out execute Dell. They can out execute Lenovo. They can out Cisco and get a bigger share of the shrinking market. But that's the long term strategy, right? So why should I buy HPE stock now and have a good return put in the, in the safe and forget about it and have a great return 20 years from now? What's the really long term strategy might be unfair because they, they ran in survival mode to a certain point out of the mass post equipment situation. But what is really the long term strategy? Is it more on the hardware side? Is it gonna go on the HPE, the frontier side? It's gonna be a DNA question, which I would ask Antonio. >>John, >>I would ask him what relative to the macro conditions relative to their customer base, I'd say, cuz the customers are the scoreboard. Can they create a value proposition with their, I use the Microsoft 365 example how they kind of went to the cloud. So my question would be Antonio, what is your core value proposition to CIOs out there who want to transform and take a step function, increase for value with HPE? Tell me that story. I wanna hear. And I don't want to hear, oh, we got a portfolio and no, what value are you enabling your customers to do? >>What and what should that value be? >>I think it's gonna be what we were kind of riffing on, which is you have to provide either what their product market fit needs are, which is, are you solving a problem? Is it a pain point is a growth driver. Uh, and what's the, what's that tailwind. And it's obviously we know at cloud we know edge. The story is great, but what's the value proposition. But by going with HPE, you get X, Y, and Z. If they can explain that clearly with real, so qualitative and quantitative data it's home >>Run. He had a great line of the analyst summit today where somebody asking questions, I'm just listening to the customer. So be ready for this Steve jobs photo, listening to the customer. You can't build something great listening to the customer. You'll be good for the next quarter. The next exponential >>Say, what are the customers saying? <laugh> >>So I would make an observation. And my question would, so my observation would be cloud is growing collectively at 35%. It's, you know, it's approaching 200 billion with a big, big four. If you include Alibaba, IBM has actually said, Hey, we're gonna gr they've promised 6% growth. Uh, Cisco I think is at eight or 9% growth. Dow's growing in double digits. Antonio and HPE have promised three to 4% growth. So what do you have to do to actually accelerate growth? Because three to 4%, my view, not enough to answer Holger's question is why should I buy HPE stock? Well, >>If they have product, if they have customer and there's demand and traction to me, that's going to drive the growth numbers. And I think the weak side of the forecast means that they don't have that fit yet. >>Yeah. So what has to happen for them to get above five, 6% growth? >>That's what we're gonna analyze. I mean, I, I mean, I don't have an answer for that. I wish I had a better answer. I'd tell them <laugh> but I feel, it feels, it feels like, you know, HP has an opportunity to say here's the new HPE. Yeah. Okay. And this is what we stand for. And here's the one thing that we're going to do that consistently drives value for you, the customer. And that's gonna have to come into some, either architectural cloud shift or a data thing, or we are your store for blank. >>All of the above. >>I guess the other question is, would, would you know, he won't answer a rude question, would suspending things like dividends and stock buybacks and putting it into R and D. I would definitely, if you have confidence in the market and you know what to do, why wouldn't you just accelerate R and D and put the money there? IBM, since 2007, IBM spent is the last stat. And I'm looking go in 2007, IBM way, outspent, Google, and Amazon and R and D and, and CapEx two, by the way. Yep. Subsequent to that, they've spent, I believe it's the numbers close to 200 billion on stock buyback and dividends. They could have owned cloud. And so look at this business, the technology business by and large is driven by innovation. Yeah. And so how do you innovate if >>You have I'm buying, I'm buying HP because they're reliable high quality and they have the outcomes that I want. Oh, >>Buy their products and services. I'm not sure I'd buy the stock. Yeah. >>Yeah. But she has to answer ultimately, because a public company. Right. So >>Right. It's this job. Yeah. >>Never a dull moment with the three of you around <laugh> guys. Thank you so much for sharing your insights, your, an analysis from day one. I can't imagine what day two is gonna bring tomorrow. Debut and I are gonna be anchoring here. We've got a jam packed day, lots going on, hearing from the ecosystem from leadership. As we mentioned, Antonio is gonna be Tony >>Alma Russo. I'm dying. Dr. >>EDMA as well as on the CTO gonna be another action pack day. I'm excited for it, guys. Thanks so much for sharing your insights and for letting me join this power panel. >>Great. Great to be here. >>Power panel plus me. All right. For Holger, John and Dave, I'm Lisa, you're watching the cube our day one coverage of HPE discover wraps right now. Don't go anywhere, cuz we'll see you tomorrow for day two, live from Vegas, have a good night.

>>Hi, everyone. Welcome to the cubes presentation of the eight of us startup showcase open cloud innovations. This is season two episode one of the ongoing series covering the exciting startups from ABC ecosystems today. Uh, episode one, steam is the open source community and open cloud innovations. I'm Sean for your host got two great guests, Webb brown CEO of coop costs and as Thielen, head of business development, coop quest, gentlemen, thanks for coming on the cube for the showcase 80, but startups. >>Thanks for having a Sean. Great to be back, uh, really excited for the discussion we have here. >>I keep alumni from many, many coupons go. You guys are in a hot area right now, monitoring and reducing the Kubernetes spend. Okay. So first of all, we know one thing for sure. Kubernetes is the hottest thing going on because of all the benefits. So take us through you guys. Macro view of this market. Kubernetes is growing, what's going on with the company. What is your company's role? >>Yeah, so we've definitely seen this growth firsthand with our customers in addition to the broader market. Um, you know, and I think we believe that that's really indicative of the value that Kubernetes provides, right? And a lot of that is just faster time to market more scalability, improved agility for developer teams and, you know, there's even more there, but it's a really exciting time for our company and also for the broader cloud native community. Um, so what that means for our company is, you know, we're, we're scaling up quickly to meet our users and support our users, every, you know, metric that our company's grown about four X over the last year, including our team. Um, and the reason that one's the most important is just because, you know, the, the more folks and the larger that our company is, the better that we can support our users and help them monitor and reduce those costs, which ultimately makes Kubernetes easier to use for customers and users out there on the market. >>Okay. So I want to get into why Kubernetes is costing so much. Obviously the growth is there, but before we get there, what is the background? What's the origination story? Where did coop costs come from? Obviously you guys have a great name costs. Qube you guys probably reduced costs and Kubernetes great name, but what's the origination story. How'd you guys get here? What HR you scratching? What problem are you solving? >>So yeah, John, you, you guessed it, uh, you know, oftentimes the, the name is a dead giveaway there where we're cost monitoring cost management solutions for Kubernetes and cloud native. Um, and backstory here is our founding team was at Google before starting the company. Um, we were working on infrastructure monitoring, um, both on internal infrastructure, as well as Google cloud. Um, we had a handful of our teammates join the Kubernetes effort, you know, early days. And, uh, we saw a lot of teams, you know, struggling with the problems we're solving. We were solving internally at Google and we're we're solving today. Um, and to speak to those problems a little bit, uh, you know, you, you, you touched on how just scale alone is making this come to the forefront, right. You know, there's now many billions of dollars being spent on CU, um, that is bringing this issue, uh, to make it a business critical questions that is being asked in lots of organizations. Um, you know, that combined with, you know, the dynamic nature and complexity of Kubernetes, um, makes it really hard to manage, um, you know, costs, uh, when you scale across a very large organization. Um, so teams turned to coop costs today, you know, thousands of them do, uh, to get monitoring in place, you know, including alerts, recurring reports and like dynamic management insights or automation. >>Yeah. I know we talked to CubeCon before Webb and I want to come back to the problem statement because when you have these emerging growth areas that are really relevant and enabling technologies, um, you move to the next point of failure. And so, so you scaling these abstraction layers. Now services are being turned on more and more keeping it as clusters are out there. So I have to ask you, what is the main cost driver problem that's happening in the cube space that you guys are addressing? Is it just sheer volume? Is it different classes of services? Is it like different things are kind of working together, different monitoring tools? Is it not a platform and take us through the, the problem area? What do you guys see this? >>Yeah, the number one problem area is still actually what, uh, the CNCF fin ops survey highlighted earlier this year, um, which is that approximately two thirds of companies still don't have kind of baseline to visibility into spend when they moved to Kubernetes. Um, so, you know, even if you had a really complex, you know, chargeback program in place, when you're building all your applications on BMS, you move to Kubernetes and most teams again, can't answer these really simple questions. Um, so we're able to give them that visibility in real time, so they can start breaking these problems down. Right. They can start to see that, okay, it's these, you know, the deployments are staple sets that are driving our costs or no, it's actually, you know, these workloads that are talking to, you know, S3 buckets and, you know, really driving, you know, egress costs. Um, so it's really about first and foremost, just getting the visibility, getting the eyes and ears. We're able to give that to teams in real time at the largest scale Kubernetes clusters in the world. Um, and again, most teams, when they first start working with us, don't have that visibility, not having that visibility can have a whole bunch of downstream impacts, um, including kind of not getting, you know, costs right. You know, performance, right. Et cetera. >>Well, let's get into that downstream benefit, uh, um, problems and or situations. But the first question I have just throw naysayer comment at you would be like, oh, wait, I have all this cost monitoring stuff already. What's different about Kubernetes. Why what's what's the problem I can are my other tool is going to work for me. How do you answer that one? >>Yeah. So, you know, I think first and foremost containers are very dynamic right there. They're often complex, often transient and consume variable cluster resources. And so as much as this enables teams to contract construct powerful solutions, um, the associated costs and actually tracking those, those different variables can be really difficult. And so that's why we see why a solution like food costs. That's purpose built for developers using Kubernetes is really necessary because some of those older, you know, traditional cloud cost optimization tools are just not as fit for, for this space specifically. >>Yeah. I think that's exactly right, Alex. And I would add to that just the way that software is being architected deployed and managed is fundamentally changing with Kubernetes, right? It is deeply impacting every part of scifi software delivery process. And through that, you know, decisions are getting made and, you know, engineers are ultimately being empowered, um, to make more, you know, costs impacting decisions. Um, and so we've seen, you know, organizations that get real time kind of built for Kubernetes are built for cloud native, um, benefit from that massively throughout their, their culture, um, you know, cost performance, et cetera. >>Uh, well, can you just give a quick example because I think that's a great point. The architectures are shifting, they're changing there's new things coming in, so it's not like you can use an old tool and just retrofit it. That's sometimes that's awkward. What specific things you see changing with Kubernetes that's that environments are leveraging that's good. >>Yeah. Yeah. Um, one would be all these Kubernetes primitives are concepts that didn't exist before. Right. So, um, you know, I'm not, you know, managing just a generic workload, I'm managing a staple set and, or, you know, three replica sets. Right. And so having a language that is very much tailored towards all of these Kubernetes concepts and abstractions, et cetera. Um, but then secondly, it was like, you know, we're seeing this very obvious, you know, push towards microservices where, you know, typically again, you're shipping faster, um, you know, teams are making more distributed or decentralized decisions, uh, where there's not one single point where you can kind of gate check everything. Um, and that's a great thing for innovation, right? We can move much faster. Um, but for some teams, um, you know, not using a tool like coop costs, that means sacrificing having a safety net in place, right. >>Or guard rails in place to really help manage and monitor this. And I would just say, lastly, you know, uh, a solution like coop costs because it's built for Kubernetes sits in your infrastructure, um, it can be deployed with a single helmet stall. You don't have to share any data remotely. Um, but because it's listening to your infrastructure, it can give you data in real time. Right. And so we're moving from this world where you can make real time automated decisions or manual decisions as opposed to waiting for a bill, you know, a day, two days or a week later, um, when it may be already too late, you know, to avoid, >>Or he got the extra costs and you know what, he wants that. And he got to fight for a refund. Oh yeah. I threw a switch or wasn't paying attention or human error or code because a lot of automation is going on. So I could see that as a benefit. I gotta, I gotta ask the question on, um, developer uptake, because develop, you mentioned a good point. There that's another key modern dynamic developers are in, in the moment making decisions on security, on policy, um, things to do in the CIC D pipeline. So if I'm a developer, how do I engage with Qube cost? Do I have to, can I just download something? Is it easy? How's the onboarding process for your customers? >>Yeah. Great, great question. Um, so, you know, first and foremost, I think this gets to the roots of our company and the roots of coop costs, which is, you know, born in open-source, everything we do is built on top of open source. Uh, so the answer is, you know, you can go out and install it in minutes. Like, you know, thousands of other teams have, um, it is, you know, the, the recommended route or preferred route on our side is, you know, a helm installed. Um, again, you don't have to share any data remotely. You can truly not lock down, you know, namespace eat grass, for example, on the coop cost namespace. Um, and yeah, and in minutes you'll have this visibility and can start to see, you know, really interesting metrics that, again, most teams, when we started working with them, either didn't have them in place at all, or they had a really rough estimate based on maybe even a coop cost Scruff on a dashboard that they installed. >>How does cube cost provide the visibility across the environment? How do you guys actually make it work? >>Yeah, so we, you know, sit in your infrastructure. Um, we have integrations with, um, for on-prem like custom pricing sheets, uh, with card providers will integrate with your actual billing data, um, so that we can, uh, listen for events in your infrastructure, say like a nude node coming up, or a new pod being scheduled, et cetera. Um, we take that information, join with your billing data, whether it's on-prem or in one of the big three cloud providers. And then again, we can, in real time tell you the cost of, you know, any dimension of your infrastructure, whether it's one of the backing, you know, virtual assets you're using, or one of the application dimensions like a label or annotation namespace, you know, pod container, you name it >>Awesome. Alex, what's your take on the landscape with, with the customers as they look the cost reductions. I mean, everyone loves cost reductions as a, certainly I love the safety net comment that Webb made, but at the end of the day, Kubernetes is not so much a cost driver. It's more of a, I want the modern apps faster. Right? So, so, so people who are buying Kubernetes usually aren't price sensitive, but they also don't want to get gouged either on mistakes. Where is the customer path here around Kubernetes cost management and reduction and a scale? >>Yeah. So I think one thing that we're looking forward to hearing this upcoming year, just like we did last year is continuing to work with the various tools that customers are already using and, you know, meeting those customers where they are. So some examples of that are, you know, working with like CICT tools out there. Like we have a great integration with armoring Spinnaker to help customers actually take the insights from coop costs and deploy those, um, in a more efficient manner. Um, we're also working with a lot of partners, like, you know, for fauna to help customers visualize our data and, you know, integrate with or rancher, which are management platforms for Kubernetes. And all of that I think is just to make cost come more to the forefront of the conversation when folks are using Kubernetes and provide that, that data to customers and all the various tools that they're using across the ecosystem. Um, so I think we really want to surface this and make costs more of a first-class citizen across, you know, the, the ecosystem and then the community partners. >>What's your strategy of the biz dev side. As you guys look at a growing ecosystem with CubeCon CNCF, you mentioned that earlier, um, the community is growing. It's always been growing fast. You know, the number of people entering in are amazing, but now that we start going, you know, the S curves kicking in, um, integration and interoperability and openness is always a key part of company success. What's Qube costs is vision on how you're going to do biz dev going forward. >>Absolutely. So, you know, our products opensource that is deeply important to our company, we're always going to continue to drive innovation on our open source product. Um, as Webb mentioned, you know, we have thousands of teams that are, that are using our product. And most of that is actually on the free, but something that we want to make sure continues to be available for the community and continue to bring that development for the community. And so I think a part of that is making sure that we're working with folks not just on the commercial side, but also those open source, um, types of products, right? So, you know, for Fanta is open source Spinnaker's are open source. I think a lot of the biz dev strategies just sticking to our roots and make sure that we continue to drive it a strong open source presence and product for, for our community of users, keep that >>And a, an open source and commercial and keep it stable. Well, I got to ask you, obviously, the wave is here. I always joke, uh, going back. I remember when the word Kubernetes was just kicked around pre uh, the OpenStack days many, many years ago. It's the luxury of being a old cube guy that I am 11 years doing the cube, um, all fun. But if we remember talking to him in the early days, is that with Kubernetes was, if, if it worked, the, the phrase was rising, tide floats all boats, I would say right now, the tides rising pretty well right now, you guys are in a good spot with the cube costs. Are there areas that you see coming where cost monitoring, um, is going to expand more? Where do you see the Kubernetes? Um, what's the aperture, if you will, of the, of the cost monitoring space at your end that you think you can address. >>Yeah, John, I think you're exactly right. This, uh, tide has risen and it just keeps riding rising, right? Like, um, you know, the, the sheer number of organizations we use C using Kubernetes at massive scale is just mind blowing at this point. Um, you know, what we see is this really natural pattern for teams to start using a solution like coop costs, uh, start with, again, either limited or no visibility, get that visibility in place, and then really develop an action plan from there. And that could again be, you know, different governance solutions like alerts or, you know, management reports or, you know, engineering team reports, et cetera. Um, but it's really about, you know, phase two of taking that information and really starting to do something with it. Right. Um, we, we are seeing and expect to see more teams turn to an increasing amount of, of automation to do that. Um, but ultimately that is, uh, very much after you get this baseline highly accurate, uh, visibility that you feel very comfortable making, potentially critical, very critical related to reliability, performance decisions within your infrastructure. >>Yeah. I think getting it right key, you mentioned baseline. Let me ask you a quick follow-up on that. How fast can companies get there when you say baseline, there's probably levels of baseline. Obviously all environments are different now. Not all one's the same, but what's just anecdotally you see, as that baseline, how fast we will get there, is there a certain minimum viable configuration or architecture? Just take us through your thoughts on that. >>Yeah. Great question. It definitely depends on organizational complexity and, you know, can depend on applicational application complexity as well. But I would say most importantly is, um, you know, the, the array of cost centers, departments, you know, complexity across the org as opposed to, you know, technological. Um, so I would say for, you know, less complex organizations, we've seen it happen in, you know, hours or, you know, a day less, et cetera. Um, because that's, you know, one or two or a smaller engineering games, they can share that visibility really quickly. And, um, you know, they may be familiar with Kubernetes and they just get it right away. Um, for larger organizations, we've seen it take kind of up 90 days where it's really about infusing this kind of into their DNA. When again, there may not have been a visibility or transparency here before. Um, again, I think the, the, the bulk of the time there is really about kind of the cultural element, um, and kind of awareness building, um, and just buy in throughout the organization. >>Awesome. Well, guys got a great product. Congratulations, final question for both of you, it's early days in Kubernetes, even though the tide is rising, keeps rising, more boats are coming in. Harbor is getting bigger, whatever, whatever metaphor you want to use, it's really going great. You guys are seeing customer adoption. We're seeing cloud native. I was told that my friends at dock or the container side is going crazy as well. Everything's going great in cloud native. What's the vision on the innovation? How do you guys continue to push the envelope on value in open source and in the commercial area? What's the vision? >>Yeah, I think there's, there's many areas here and I know Alex will have more to add here. Um, but you know, one area that I know is relevant to his world is just more, really interesting integrations, right? So he mentioned coop costs, insights, powering decisions, and say Spinnaker, right? I think more and more of this tool chain really coming together and really seeing the benefits of all this interoperability. Right. Um, so that I think combined with, uh, just more and more intelligence and automation being deployed again, that's only after the fact that teams are really comfortable with his decisions and the information and the decisions that are being made. Um, but I think that increasingly we see the community again, being ready to leverage this information and really powerful ways. Um, just because, you know, as teams scale, there's just a lot to manage. And so a team, you know, leveraging automation can, you know, supercharge them and in really impactful ways. >>Awesome, great integration integrations, Alex, expand on that. A whole different kind of set of business development integrations. When you have lots of tool chains, lots of platforms and tools kind of coming together, sharing data, working together, automating together. >>Well. Yeah, we, so I think it's going to be super important to keep a pulse on the new tools. Right. Make sure that we're on the forefront of what customers are using and just continuing to meet them where they are. And a lot of that honestly, is working with AWS too, right? Like they have great services and EKS and managed Prometheus's. Um, so we want to make sure that we continue to work with that team and support their services as that launched as well. >>Great stuff. I got a couple of minutes left. I felt I'll throw one more question in there since I got two great experts here. Um, just, you know, a little bit change of pace, more of an industry question. That's really no wrong answer, but I'd love to get your reaction to, um, the SAS conversation cloud has changed what used to be SAS. SAS was, oh yeah. Software as a service. Now that you have all these kinds of new kinds of you have automation, horizontally, scalable cloud and edge, you now have vertical machine learning. Data-driven insights. A lot of things in the stack are changing. So the question is what's the new SAS look like it's the same as the old SAS? Or is it a new kind of refactoring of what SAS is? What's your take on this? >>Yeah. Um, there's a web, please jump in here wherever. But in, in my view, um, it's a spectrum, right? There's there's customers that are on both ends of this. Some customers just want a fully hosted, fully managed product that wouldn't benefit from the luxury of not having to do any, any sort of infrastructure management or patching or anything like that. And they just want to consume a great product. Um, on the other hand, there's other customers that have more highly regulated industries or security requirements, and they're going to need things to deploy in their environment. Um, right now QP cost is, is self hosted. But I think in the future, we want to make sure that, you know, we, we have versions of our product available for customers across that entire spectrum. Um, so that, you know, if somebody wants the benefit of just not having to manage anything, they can use a fully self hosted sat or a fully multitenant managed SAS, or, you know, other customers can use a self hosted product. And then there's going to be customers that are in the middle, right, where there's certain components that are okay to be a SAS or hosted elsewhere. But then there's going to be components that are really important to keep in their own environment. So I think, uh, it's really across the board and it's going to depend on customer and customer, but it's important to make sure we have options for all of them. >>Great guys, we have SAS, same as the old SAS. What's the SAS playbook. Now >>I think it is such a deep and interesting question and one that, um, it's going to touch so many aspects of software and on our lives, I predict that we'll continue to see this, um, you know, tension or real trade-off across on the one hand convenience. And now on the other hand, security, privacy and control. Um, and I think, you know, like Alex mentioned, you know, different organizations are going to make different decisions here based on kind of their relative trade-offs. Um, I think it's going to be of epic proportions. I think, you know, we'll look back on this period and just say that, you know, this was one of the foundational questions of how to get this right. We ultimately view it as like, again, we want to offer choice, um, and make, uh, make every choice be great, but let our users, uh, pick the right one, given their profile on those, on those streets. >>I think, I think it's a great comment choice. And also you got now dimensions of implementations, right? Multitenant, custom regulated, secure. I want have all these controls. Um, it's great. No one, no one SaaS rules the world, so to speak. So it's again, great, great dynamic. But ultimately, if you want to leverage the data, is it horizontally addressable? MultiTech and again, this is a whole nother ball game we're watching this closely and you guys are in the middle of it with cube costs, as you guys are creating that baseline for customers. Uh, congratulations. Uh, great to see you where thanks for coming on. Appreciate it. Thank you so much for having us again. Okay. Great. Conservation aiders startup showcase open cloud innovators here. Open source is driving a lot of value as it goes. Commercial, going to the next generation. This is season two episode, one of the AWS startup series with the cube. Thanks for watching.

>>I want to welcome back to the cubes coverage. We're here at another event in person I'm John furrier, host of the cube. We've got to CNCF coop con cloud native con for in-person 2021. And we're back. It's a hybrid event and we're streaming lives on all channels, as well as all the folks watching a great guest kicking off the show here from the co-chairs from cataract coast. Is that right? Danielle Cook. Who's the vice president at Fairwinds and John Foreman director at Accenture. Thanks for coming on your co-chair. Your third co-chair is not here, but you guys are here to talk about the cloud maturity model. Pretty mature funding is flowing tons of announcements. We're going to have a startup on $200 million. They're announcing in funding and observability of all of all hot spaces. Um, so the maturity is it's the journey in the cloud native space now is crossed over to mainstream. That's the we've been telling that story for a couple of years. Now, you guys have been working on this. Tell us about the cloud maturity model you guys worked on. >>So we got together earlier this year because we, um, four of us had been working on maturity models. So Simon Forester, who is one of the co-chairs, who isn't here, he had worked on a maturity model that looked at your legacy journey, all the way to cloud native, um, myself, I had been part of the Fairwinds team working on the Kubernetes maturity model. So, and then, um, we have Robbie, who's not here. And John Foreman, who we all got together, they had worked on a maturity model and we put it together and I've been working since February to go, what is cloud native maturity and what are the stages you need to go through to achieve maturity. So put this together and now we have this great model that people can use to take them from. I have no idea what cloud native is to the steps they can take to actually be a mature organization. >>And, you know, you've made it when you have a book here. So just hold that up to the camera real quick. So you can see it. It's very much in spirit of the community, but in all seriousness, it book's great, but this is a real need. What was the pain point? What was jumping out at you guys on the problem? Was it just where people like trying to get more cloud native, they want to go move faster. It was a confusing, what were the problems you solve in? >>Well, and if anything is, if we start at the beginning, right, there was during the cloud journey DevSecOps and the Kootenays being a thing that then there's journeys to DevSecOps tributaries as well. But everything is leading to cloud native. It's about the journey to cloud native. So everybody, you know, we're taught to go John, the ecosystem's an eyesore man. If I look at, you know, landscape, >>The whole map I >>Need, it's just like in trend map, it's just so confusing what we do. So every time we go to, I revert the wheel and I get them from zero to hero. So we just put together a model instead that we can re reuse yeah. As a good reference architecture. So from that is a primary, how we built because the native trademark you have with us today. So it's a five scale model from one to five what's twice today, or how to, to, you know, what our job is getting to a five where they could optimize a really rocket rolling. >>You know, it's interesting. I love these inflection points and, you know, being a student of history and the tech business there's moments where things are the new thing, and they're really truly new things like first-time operationalized dev ops. I mean the hardcore dev ops or early adopters we've been doing that, you know, we know that, but now mainstream, like, okay, this is a real disruption in a positive way. So the transformation is happening and it's new, new roles, new, new workflows, new, uh, team formations. So there's a, it's complicated in the sense of getting it up and running so I can see the need. How can you guys share your data on where people are? Because now you have more data coming in, you have more people doing dev ops, more cloud native development, and you mentioned security shepherds shifting left. Where's the data tell you, is it, as you said, people are more like a two or more. What's the, what's the data say? >>So we've had, so part of pulling this model together was your experience at Accenture, helping clients, the Fairwinds, um, experience, helping people manage Kubernetes. And so it's from out dozens of clusters that people have managed going, okay, where are people? And they don't even know where they are. So if we provide the guidelines from them, they can read it and go, oh, I am at about two. So the data is actually anecdotal from our experiences at our different companies. Um, but we, you know, we we've made it so that you can self identify, but we've also recognized that you might be at stage two for one application, but five for another application. So just because you're on this journey, doesn't mean everything is in, >>It's not boiler plate. It's really unique to every enterprise because they everyone's different >>Journey. Put you in journey with these things. A big part of this also torn apart one to five, your clients wants to in denial, you know? So, so Mr. CX level, you are level two. We are not, there's no way we would deal with this stuff for years. You've got to be a five. No, sorry. You're too. >>So >>There's use denial also about this. People think they do a cloud-native director rolling, and I'm looking at what they're doing and go, okay, do you do workups security? And they go, what's that? I go, exactly. So we really need to peel back the onion, start from seed year out and we need to be >>All right. So I want to ask more about the, um, the process and how that relates to the themes are involved. What are some of the themes around the maturity model that you guys can share that you see that people can look at and say, how do I self identify? What's the process will come to expect? >>Well, one of the things we did when we were putting it together was we realized that there were themes coming out amongst the maturity model itself. So we realized there's a whole people layer. There's a whole policy layer process and technology. So this maturity model does not just look at, Hey, this is the tech you need to do. It looks at how you introduce cloud native to your organization. How do you take the people along with it? What policies you need to put in place the process. So we did that first and foremost, but one of the things that was super important to all of us was that security was ever present throughout it. Because as everything is shifting left, you need to be looking at security from day one and considering how it's going to happen and roll out from your developers all the way to your compliance people. Um, it's super important. And one of the themes throughout. >>So, so it would be safe to say, then that security was a catalyst for the maturity models because you gotta be mature. I mean, security, you don't fool around security. >>About the last year when I created the program for, since I worked with Cheryl Holland, from CCF, we put together the community certification, her special program. I saw a need where security was a big gap in communities. Nobody knew anything about it. They wanted to use the old rack and stack ways of doing it. They wanted to use their tray micro tombs from yesteryear, and that doesn't work anymore. You need a new set of tools for Kubernetes. It's the upgrade system. It's different way of doing things. So that knowledge is critical. So I think you're part of this again, on this journey was getting certifications out there for people to understand how to do better. Now, the next phase of that now it's how do we put all these pieces together and built this roadmap? >>Well, it's a great group. You guys have the working groups hard to pronounce the name, but, uh, it's a great effort because one of the things I'm hearing and we've been reporting this one, the Cubans looking angle is the modern software developers want speed, and they don't want to wait for the old slow groups now and security, and it are viewed as blockers and like slow things down. And so you start to see a trend where those groups could provide policy and then start putting, feeding up, uh, data models that allow the developers in real time to do their coding, to shift left and to be efficient and move on and code not be waiting for weeks or days >>Comes to play. So today is the age of Caleb's right now, get up this emerging we're only to have now where everything is code policies, code, securities, code policies, cookie figures, code. That is the place for, and then again, walk a fusion more need for a cargo office. >>Okay. What's your thoughts on that? >>So I think what's really important is enabling service ownership, right? You need the developers to be able to do security, see policy, see it live and make sure that, you know, you're not your configuration, isn't stopping the build or getting into production. So, you know, we made sure that was part of the maturity model. Like you need to be looking continuous scanning throughout checking security checking policy. What is your process? Um, and we, you know, we made that ever present so that the developers are the ones who are making sure that you're getting to Kubernetes, you're getting to cloud native and you're doing it. >>Well, the folks watching, if you don't know the cloud native landscape slide, that ecosystem slide, it's getting bigger and bigger. There's more new things emerging. You see role of software abstractions coming in, automation and AI are coming in. So it makes it very challenging if you want to jump right in lifting and shifting to the clouds, really easy check, been there, done that, but companies want to refactor their applications, not just replatform refactoring means completely taking advantage of these higher level services. So, so it's going to be hard to navigate. So I guess with all that being said, what you guys advice to people who are saying, I need the navigation. I need to have the blueprint. What do I do? How do I get involved? And how do I leverage this? >>We want people to, you can go on to get hub and check out our group and read the maturity model. You can understand it, self identify where you're at, but we want people to get involved as well. So if they're seeing something that like, actually this needs to be adjusted slightly, please join the group. The cardiograph is group. Um, you can also get copies of our book available on the show. So if you, um, if you know, you can read it and it takes you line by line in a really playful way as to where you should be at in the maturity model. >>And on top of that, if you come Thursday was Sonia book. And of course, a lot of money, one day, I promise >>You guys are good. I gotta ask, you know, the final question is like more and more, just more personal commentary. If you don't mind, as teams start to change, this is obviously causing a lot of positive transformation if done, right? So the roles and the teams are starting to change. Hearing SRS are now not just the dev ops guys provisioning they're part of the, of the scale piece, the developers shifting left, new kind of workflows, the role of certain engineers and developers now, new team formations. Why were you guys seeing that evolve? Is there any trends that you see around how people are reconfiguring their team makeup? >>I think a lot of things is going to a single panic last tonight, where I'm taking dev and ops and putting them one panel where I can see everything going on in my environment, which is very critical. So right now we're seeing a pre-training where every client wants to be able to have the holy grail of a secret credit class to drive to that. But for you to get there, there's a lot of work you've got to do overnight that will not happen. And that's where this maturity model, I think again, will enhance that ability to do that. >>There's a cultural shift happening. I mean, people are changing there's new skillsets and you know, obviously there's a lot of people who don't have the skill. So it's super important that people work with Kubernetes, get certified, use the maturity model to help them know what skills they need. >>And it's a living document too. It's not, I mean, a book and I was living book. It's going to evolve. Uh, what areas you think are going to come next? So you guys have to predict if you had to see kind of where the pieces are going. Uh, obviously with cloud, everything's getting, you know, more Lego blocks to play with more coolness you have in the, in this world. What's coming next with Sue. Do you guys see any, any, uh, forecasts or >>We're working with each one of the tag groups within the CNCF to help us build it out and come up with what is next based on their expertise in the area. So we'll see lots more coming. Um, and we hope that the maturity grows and because of something that everybody relies on and that they can use alongside the landscape and the trail map. And, um, >>It's super valuable. I think you guys need a plug for any people want to, how they join. If I want to get involved, how do I, what do I do? >>Um, you can join the Carter Garfish group. You can check us out on, get hub and see all the information there. Um, we have a slack channel within the CNCF and we have calls every other Tuesday that people can see the pools. >>Awesome. Congratulations, we'll need it. And super important as people want to navigate and start building out, you know, you've got to edge right around the corner there it's happening real fast. Data's at the edge. You got cloud at the edge. Azure, AWS, Google. I mean, they're pushing really hardcore 5g, lot changes. >>Everybody wants to cloud today. Now one client is, one is more cloud. At least both the cloud is comfortable playing everywhere. One pump wife had DevOps. >>It's distributed computing back in the modern era. Thank you so much for coming on the keep appreciating. Okay. I'm Jennifer here for cube con cloud native con 2021 in person. It's a hybrid event. We're here live on the floor show floor, bringing you all the coverage. Thanks for watching station all day. Next three days here in Los Angeles. Thanks for watching. >>Thank you.

>>Hello, and welcome back to the cubes coverage of coop con cloud native con 2021. We're here in person at a real event. I'm John farrier host of the cube, but Dave Nicholson, Michael has got great guests here. Two founders of brand new startup, one week old cable on ASCII and Dave Lawrence, uh, with chain guard, former Google employees, open source community members decided to start a company with five other people on total five total. Congratulations. Welcome to the cube. >>Thank you. Thank you for >>Having us. So tell us like a product, you know, we know you don't have a price. So take us through the story because this is one of those rare moments. We got great chance to chat with you guys just a week into the new forms company and the team. What's the focus, what's the vision. >>How far back do you want to go with this story >>And why you left Google? So, you know, we're a gin and tonics. We get a couple of beers I can do that. We can do that. Let's just take over the world. >>Yeah. So we both been at Google, uh, for awhile. Um, the last couple of years we've been really worried about and focused on open-source security risk and supply chain security in general and software. Um, it's been a really interesting time as you probably noticed, uh, to be in that space, but it wasn't that interesting two years ago or even a year and a half ago. Um, so we were doing a bunch of this work at Google and the open source. Nobody really understood it. People kind of looked at us funny at talks and conferences. Um, and then beginning of this year, a bunch of attacks started happening, uh, things in the headlines like solar winds, solar winds attack, like you say, it attack all these different ransomware things happening. Uh, companies and governments are getting hit with supply chain attacks. So overnight people kind of started caring and being really worried about the stuff that we've been doing for a while. So it was a pretty cool thing to be a part of. And it seemed like a good time to start a company and keep your >>Reaction to this startup. How do you honestly feel, I suppose, feeling super excited. Yeah. >>I am really excited. I was in stars before Google. So then I went to Google where there for seven, I guess, Dan, a little bit longer, but I was there for seven years on the product side. And then yeah, we, we, the open source stuff, we were really there for protecting Google and we both came from cloud before that working on enterprise product. So then sorta just saw the opportunity, you know, while these companies trying to scramble and then sort of figure out how to better secure themselves. So it seemed like a perfect, >>The start-up bug and you back in the start up, but it's the timing's perfect. I got to say, this is a big conversation supply chain from whether it's components and software now, huge attack vector, people are taking advantage of it super important. So I'm really glad you're doing it. But first explain to the folks watching what is supply chain software? What's the challenge? What is the, what is the supply chain security challenge or problem? >>Sure. Yeah, it's the metaphor of software supply chain. It's just like physical supply chain. That's where the name came from. And it, it really comes down to how the code gets from your team's keyboard, your team's fingers on those keyboards into your production environment. Um, and that's just the first level of it. Uh, cause nobody writes all of the code. They use themselves. We're here at cloud native con it's hundreds of open source vendors, hundreds of open libraries that people are reusing. So your, your trust, uh, radius and your attack radius extends to not just your own companies, your own developers, but to everyone at this conference. And then everyone that they rely on all the way out. Uh, it's quite terrifying. It's a surface, the surface area explode pretty quickly >>And people are going and the, and the targeting to, because everyone's touching the code, it's open. It's a lot of action going on. How do you solve the problem? What is the approach? What's the mindset? What's the vision on the problems solving solutions? >>Yeah, that's a great question. I mean, I think like you said, the first step is awareness. Like Dan's been laughing, he's been, he felt like a crazy guy in the corner saying, you know, stop building software underneath your desk and you know, getting companies, >>Hey, we didn't do, why don't you tell them? I was telling him for five years. >>Yeah. But, but I think one of his go-to lines was like, would you pick up a thumb drive off the side of the street and plug it into your computer? Probably not. But when you download, you know, an open source package or something, that's actually can give you more privileges and production environments and it's so it's pretty scary. Um, so I think, you know, for the last few years we've been working on a number of open source projects in this space. And so I think that's where we're going to start is we're going to look at those and then try to grow out the community. And we're, we're watching companies, even like solar winds, trying to piece these parts together, um, and really come up with a better solution for themselves. >>Are there existing community initiatives or open source efforts that are underway that you plan to participate in or you chart? Are you thinking of charting a new >>Path? >>Oh, it's that looks like, uh, Thomas. Yeah, the, the SIG store project we kicked off back in March, if you've covered that or familiar with that at all. But we kicked that off back in March of 2021 kind of officially we'd look at code for awhile before then the idea there was to kind of do what let's encrypted, uh, for browsers and Webster, um, security, but for code signing and open source security. So we've always been able to get code signing certificates, but nobody's really using them because they're expensive. They're complicated, just like less encrypted for CAS. They made a free one that was automated and easy to use for developers. And now people do without thinking about it in six stores, we tried to do the same thing for open source and just because of the headlines that were happening and all of the attacks, the momentum has just been incredible. >>Is it a problem that people just have to just get on board with a certain platform or tool or people have too many tools, they abandoned them there, their focus shifts is there. Why what's the, what's the main problem right now? >>Well, I think, you know, part of the problem is just having the tools easy enough for developers are going to want to use them and it's not going to get in our way. I think that's going to be a core piece of our company is really nailing down the developer experience and these toolings and like the co-sign part of SIG store that he was explaining, like it's literally one command line to sign, um, a package, assign a container and then one line to verify on the other side. And then these organizations can put together sort of policies around who they trust and their system like today it's completely black box. They have no idea what they're running and takes a re >>You have to vape to rethink and redo everything pretty much if they want to do it right. If they just kind of fixing the old Europe's sold next solar with basically. >>Yeah. And that's why we're here at cloud native con when people are, you know, the timing is perfect because people are already rethinking how their software gets built as they move it into containers and as they move it into Kubernetes. So it's a perfect opportunity to not just shift to Kubernetes, but to fix the way you build software from this, >>What'd you say is the most prevalent change mindset change of developers. Now, if you had to kind of, kind of look at it and say, okay, current state-of-the-art mindset of a developer versus say a few years ago, is it just that they're doing things modularly with more people? Or is it more new approaches? Is there a, is there a, >>I think it's just paying attention to your building release process and taking it seriously. This has been a theme for, since I've been in software, but you have these very fancy production data centers with physical security and all these levels of, uh, Preston prevention and making sure you can't get in there, but then you've got a Jenkins machine that's three years old under somebody's desk building the code that goes into there. >>It gets socially engineered. It gets at exactly. >>Yeah. It's like the, it's like the movies where they, uh, instead of breaking into jail, they hide in the food delivery truck. And it's, it's that, that's the metaphor that I like perfectly. The fence doesn't work. If your truck, if you open the door once a week, it doesn't matter how big defenses. Yeah. So that's >>Good Dallas funny. >>And I, I think too, like when I used to be an engineer before I joined Google, just like how easy it is to bring in a third party package or something, you know, you need like an image editing software, like just go find one off the internet. And I think, you know, developers are slowly doing a mind shift. They're like, Hey, if I introduce a new dependency, you know, there's going to be, I'm going to have to maintain this thing and understand >>It's a little bit of a decentralized view too. Also, you got a little bit of that. Hey, if you sign it, you own it. If it tracks back to you, okay, you are, your fingerprints are, if you will, or on that chain of >>Custody and custody. >>Exactly. I was going to say, when I saw chain guard at first of course, I thought that my pant leg riding a bike, but then of course the supply chain things coming in, like on a conveyor belt, conveyor, conveyor belt. But that, that whole question of chain of custody, it isn't, it isn't as simple as a process where someone grabs some code, embeds it in, what's going on, pushes it out somewhere else. That's not the final step typically. Yeah. >>So somebody else grabs that one. And does it again, 35 more times, >>The one, how do you verify that? That's yeah, it seems like an obvious issue that needs to be addressed. And yet, apparently from what you're telling us for quite a while, people thought you were a little bit in that, >>And it's not just me. I mean, not so Ken Thompson of bell labs and he wrote the book >>He wrote, yeah, it was a seatbelt that I grew >>Up on in the eighties. He gave a famous lecture called uh, reflections on trusting trust, where he pranked all of his colleagues at bell labs by putting a back door in a compiler. And that put back doors into every program that compiled. And he was so clever. He even put it in, he made that compiler put a backdoor into the disassembler to hide the back door. So he spent weeks and, you know, people just kind of gave up. And I think at that point they were just like, oh, we can't trust any software ever. And just forgot about it and kept going on and living their lives. So this is a 40 year old problem. We only care about it now. >>It's totally true. A lot of these old sacred cows. So I would have done life cycles, not really that relevant anymore because the workflows are changing. These new Bev changes. It's complete dev ops is taken over. Let's just admit it. Right. So if we have ops is taken over now, cloud native apps are hitting the scene. This is where I think there's a structural industry change, not just the community. So with that in mind, how do you guys vector into that in terms of a market entry? What's just thinking around product. Obviously you got a higher, did you guys raise some capital in process? A little bit of a capital raise five, no problem. Todd market, but product wise, you've got to come in, get the beachhead. >>I mean, we're, we're, we're casting a wide net right now and talking to as many customers like we've met a lot of these, these customer potential customers through the communities, you know, that we've been building and we did a supply chain security con helped with that event, this, this Monday to negative one event and solar winds and Citibank were there and talking about their solutions. Um, and so I think, you know, and then we'll narrow it down to like people that would make good partners to work with and figure out how they think they're solving the problem today. And really >>How do you guys feel good? You feel good? Well, we got Jerry Chen coming off from gray lock next round. He would get a term sheet, Jerry, this guy's got some action on it in >>There. Probably didn't reply to him on LinkedIn. >>He's coming out with Kronos for him. He just invested 200 million at CrossFit. So you guys should have a great time. Congratulations on the leap. I know it's comfortable to beat Google, a lot of things to work on. Um, and student startups are super fun too, but not easy. None of the female or, you know, he has done it before, so. Right. Cool. What do you think about today? Did the event here a little bit smaller, more VIP event? What's your takeaway on this? >>It's good to be back in person. Obviously we're meeting, we've been associating with folks over zoom and Google meets for a while now and meeting them in person as I go, Hey, no hard to recognize behind the mask, but yeah, we're just glad to sort of be back out in a little bit of normalization. >>Yeah. How's everything in Austin, everyone everyone's safe and good over there. >>Yeah. It's been a long, long pandemic. Lots of ups and downs, but yeah. >>Got to get the music scene back. Most of these are comes back in the house. Everything's all back to normal. >>Yeah. My hair doesn't normally look like this. I just haven't gotten a haircut since this also >>You're going to do well in this market. You got a term sheet like that. Keep the hair, just to get the money. I think I saw your LinkedIn profile and I was wondering it's like, which version are we going to get? Well, super relevant. Super great topic. Congratulations. Thanks for coming on. Sharing the story. You're in the queue. Great jumper. Dave Nicholson here on the cube date, one of three days we're back in person of course, hybrid event. Cause the cube.net for all more footage and highlights and remote interviews. So stay tuned more coverage after this short break.

>>Okay, welcome back everyone. To the cubes coverage here, coop con cloud native con 2021 in person. The Cuba's here. I'm John farrier hosted the queue with Dave Nicholson, my cohost and cloud analyst, man. It's great to be back, uh, in person. We also have a hybrid event. We've got two great guests here, the founders of deep fence, sham, Krista Swami, C co-founder and CTO, and said deep line founder. It's great to have you on. This is a super important topic. As cloud native is crossed over. Everyone's talking about it mainstream, blah, blah, blah. But security is driving the agenda. You guys are in the middle of it. Cutting edge approach and news >>Like, like we were talking about John, we had operating at the intersection of the awesome desk, right? Open source security and cloud cloud native, essentially. Absolutely. And today's a super exciting day for us. We're launching something called track pepper, Apache V2, completely open source. Think of it as an x-ray or MRI scan for your cloud scan, you know, visualize this cloud at scale, all of the modalities, essentially, we look at cloud as a continuum. It's not a single modality it's containers. It's communities, it's William to settle we'll list all of them. Co-exist side by side. That's how we look at it and threat map. It essentially allows you to visualize all of this in real time, think of fed map, but as something that you, that, that takes over the Baton from the CIS unit, when the lift shift left gets over, that's when the threat pepper comes into picture. So yeah, super excited. >>It's like really gives that developer and the teams ops teams visibility into kind of health statistics of the cloud. But also, as you said, it's not just software mechanisms. The cloud is evolving, new sources being turned on and off. No one even knows what's going on. Sometimes this is a really hidden problem, right? Yeah, >>Absolutely. The basic problem is, I mean, I would just talk to, you know, a gentleman 70 of this morning is two 70 billion. Plus public cloud spent John two 70 billion plus even 3 billion, 30 billion they're saying right. Uh, projected revenue. And there is not even a single community tool to visualize all the clouds and all the cloud modalities at scale, let's start there. That's what we sort of decided, you know what, let's start with utilizing everything else there. And then look for known badness, which is the vulnerabilities, which still remains the biggest attack vector. >>Sure. Tell us about some of the hood. How does this all work cloud scale? Is it a cloud service managed service it's code? Take us out, take us through product. Absolutely. >>So, so, but before that, right, there's one small point that Sandeep mentioned. And Richard, I'd like to elaborate here, right? He spoke about the whole cloud spending such a large volume, right? If you look at the way people look at applications today, it's not just single clone anymore. It's multicloud multi regions across diverse plants, right? What does the solution to look at what my interests are to this point? That is a missing piece here. And that is what we're trying to tackle. And that is where we are going as open source. Coming back to your question, right? How does this whole thing work? So we have a completely on-prem model, right? Where customers can download the code today, install it. It can bill, we give binary stool and Shockley just as the exciting announcement that came out today, you're going to see somewhat exciting entrepreneurs. That's going to make a lot more easy for folks out there all day. Yeah, that's fine. >>So how does this, how does this all fit into security as a micro service and your, your vision of that? >>Absolutely. Absolutely. You know, I'll tell you, this has to do with the one of the continual conferences I would sort of when I was trying to get an idea, trying to shape the whole vision really? Right. Hey, what about syncretism? Microservice? I would go and ask people. They mentioned that sounds, that makes sense. Everything is becoming a microservice. Really. So what you're saying is you're going to deploy one more microservice, just like I deploy all of my other microservices. And that's going to look after my microservices. That compute back makes logical sense, essentially. That was the Genesis of that terminology. So defense essentially is deployed as a microservice. You go to scale, it's deployed, operated just like you to your microservices. So no code changes, no other tool chain changes. It just is yet another microservice. That's going to look after you talk about >>The, >>So there's one point I would like to add here, which is something very interesting, right? The whole concept of microservice came from, if you remember the memo from Jeff Bezos, that everybody's going to go, Microsoft would be fired. That gave rise to a very conventional unconditionally of thinking about their applications. Our deep friends, we believe that security should be. Now. You should bring the same unconventional way of thinking to security. Your security is all bottom up. No, it has to start popping up. So your applications on microservice, your security should also be a micro. >>So you need a microservice for a microservice security for the security. You're starting to get into a paradigm shift where you starting to see the API economy that bayzos and Amazon philosophy and their approach go Beanstream. So when I got to ask you, because this is a trend we've been watching and reporting on the actual application development processes, changing from the old school, you know, life cycle, software defined life cycle to now you've got machine learning and bots. You have AI. Now you have people are building apps differently. And the speed of which they want to code is high. And then other teams are slowing them down. So I've heard security teams just screw people over a couple of days. Oh my God, I can wait five days. No, it used to be five weeks. Now it's five days. They think that's progress. They want five minutes, the developers in real time. So this is a real deal optimum. >>Well, you know what? Shift left was a good thing. Instill a good thing. It helps you sort of figure out the issues early on in the development life cycle, essentially. Right? And so you started weaving in security early on and it stays with you. The problem is we are hydrating. So frequently you end up with a few hundred vulnerabilities every time you scan oftentimes few thousand and then you go to runtime and you can't really fix all these thousand one. You know? So this is where, so there is a little bit of a gap there. If you're saying, if look at the CIC cycle, the in financial cycle that they show you, right. You've got the far left, which is where you have the SAS tools, snake and all of that. And then you've got the center where, which is where you hand off this to ops. >>And then on the right side, you've got tech ops defense essentially starts in the middle and says, look, I know you've had thousand one abilities. Okay. But at run time, I see only one of those packages is loaded in memory. And only that is getting traffic. You go and fix that one because that's going to heart. You see what I'm saying? So that gap is what we're doing. So you start with the left, we come in in the middle and stay with you throughout, you know, till the whole, uh, she asks me. Yeah, well that >>Th that, that touches on a subject. What are the, what are the changes that we're seeing? What are the new threats that are associated with containerization and kind of coupled with that, look back on traditional security methods and how are our traditional security methods failing us with those new requirements that come out of the microservices and containerized world. And so, >>So having, having been at FireEye, I'll tell you I've worked on their windows products and Juniper, >>And very, very deeply involved in. >>And in fact, you know what I mean, at the company, we even sold a product to Palo Alto. So having been around the space, really, I think it's, it's, it's a, it's a foregone conclusion to say that attackers have become more sophisticated. Of course they have. Yeah. It's not a single attack vector, which gets you down anymore. It's not a script getting somewhere shooting who just sending one malicious HTP request exploiting, no, these are multi-vector multi-stage attacks. They, they evolve over time in space, you know? And then what happens is I could have shot a revolving with time and space, one notable cause of piling up. Right? And on the other side, you've got the infrastructure, which is getting fragmented. What I mean by fragmented is it's not one data center where everything would look and feel and smell similar it's containers and tuberosities and several lessons. All of that stuff is hackable, right? So you've got that big shift happening there. You've got attackers, how do you build visibility? So, in fact, initially we used to, we would go and speak with, uh, DevSecOps practitioner say, Hey, what is the coalition? Is it that you don't have enough scanners to scan? Is it that at runtime? What is the main problem? It's the lack of visibility, lack of observability throughout the life cycle, as well as through outage, it was an issue with allegation. >>And the fact that the attackers know that too, they're exploiting the fact that they can't see they're blind. And it's like, you know what? Trying to land a plane that flew yesterday and you think it's landing tomorrow. It's all like lagging. Right? Exactly. So I got to ask you, because this has comes up a lot, because remember when we're in our 11th season with the cube, and I remember conversations going back to 2010, a cloud's not secure. You know, this is before everyone realized shit, the club's better than on premises if you have it. Right. So a trend is emerged. I want to get your thoughts on this. What percentage of the hacks are because the attackers are lazier than the more sophisticated ones, because you see two buckets I'm going to get, I'm going to work hard to get this, or I'm going to go for the easy low-hanging fruit. Most people have just a setup that's just low hanging fruit for the hackers versus some sort of complex or thought through programmatic cloud system, because now is actually better if you do it. Right. So the more sophisticated the environment, the harder it is for the hackers, AK Bob wire, whatever you wanna call it, what level do we cross over? >>When does it go from the script periods to the, the, >>Katie's kind of like, okay, I want to go get the S3 bucket or whatever. There's like levels of like laziness. Yeah. Okay. I, yeah. Versus I'm really going to orchestrate Spearfish social engineer, the more sophisticated economy driven ones. Yeah. >>I think, you know what, this attackers, the hacks aren't being conducted the way they worked in the 10, five years ago, isn't saying that they been outsourced, there are sophisticated teams for building exploiters. This is the whole industry up there. Even the nation, it's an economy really. Right. So, um, the known badness or the known attacks, I think we have had tools. We have had their own tools, signature based tools, which would know, look for certain payloads and say, this is that I know it. Right. You get the stuff really starts sort of, uh, getting out of control when you have so many sort of different modalities running side by side. So much, so much moving attack surfaces, they will evolve. And you never know that you've scanned enough because you never happened because we just pushed the code. >>Yeah. So we've been covering the iron debt. Kim retired general, Keith Alexander, his company. They have this iron dome concept where there's more collective sharing. Um, how do you see that trend? Because I can almost imagine that the open-source man is going to love what you guys got. You're going to probably feed on it, like it's nobody's business, but then you start thinking, okay, we're going to be open. And you have a platform approach, not so much a tool based approach. So just give me tools. We all know that when does it, we cross over to the Nirvana of like real security sharing. Real-time telemetry data. >>And I want to answer this in two parts. The first part is really a lot of this wisdom is only in the community. It's a tribal knowledge. It's their informal feeds in from get up tickets. And you know, a lot of these things, what we're really doing with threat map, but as we are consolidating that and giving it out as a sort of platform that you can use, I like to go for free. This is the part you will never go to monetize this. And we are certain about disaster. What we are monetizing instead is you have, like I said, the x-ray or MRI scan of the cloud, which tells you what the pain points are. This is feel free. This is public collective good. This is a Patrick reader. This is for free. It's shocking. >>I took this long to get to that point, by the way, in this discussion. >>Yeah, >>This is this timing's perfect. >>Security is collective good. Right? And if you're doing open source, community-based, you know, programs like this is for the collector group. What we do look, this whole other set map is going to be open source. We going to make it a platform and our commercial version, which is called fetch Stryker, which is where we have our core IP, which is basically think about this way, right? If you figured out all the pain points and using tech map, or this was a free, and now you wanted the remedy for that pain feed to target a defense, we targeted quarantining of those statin workloads and all that stuff. And that's what our IP is. What we really do there is we said, look, you figured out the attack surface using tech fabric. Now I'm going to use threat Stryker to protect their attacks and stress >>Free. Not free to, or is that going to be Fort bang? >>Oh, that's for, okay. >>That's awesome. So you bring the goodness to the party, the goods to the party, again, share that collective, see where that goes. And the Stryker on top is how you guys monetize. >>And that's where we do some uniquely normal things. I would want to talk about that. If, if, if, if you know public probably for 30 seconds or so unique things we do in industry, which is basically being able to monitor what comes in, what goes out and what changes across time and space, because look, most of the modern attacks evolve over time and space, right? So you go to be able to see things like this. Here's a party structure, which has a vulnerability threats. Mapper told you that to strike. And what it does is it tells you a bunch of stress has a vulnerable again, know that somebody is sending a Melissa's HTP request, which has a malicious payload. And you know what, tomorrow there's a file system change. And there is outbound connection going to some funny place. That is the part that we're wanting this. >>Yeah. And you give away the tool to identify the threats and sell the hammer. >>That's giving you protection. >>Yeah. Yeah. Awesome. I love you guys love this product. I love how you're doing it. I got to ask you to define what is security as a microservice. >>So security is a microservice is a deployment modality for us. So defense, what defense has is one console. So defense is currently self posted by the customers within the infrastructure going forward. We'll also be launching a SAS version, the cloud version of it. But what happens as part of this deployment is they're running the management console, which is the gooey, and then a tiny sensor, which is collecting telemetric that is deployed as a microservice is what I'm saying. So you've got 10 containers running defenses level of container. That's, that's an eight or the Microsoft risk. And it utilizes, uh, EDP F you know, for tracing and all that stuff. Yeah. >>Awesome. Well, I think this is the beginning of a shift in the industry. You start to see dev ops and cloud native technologies become the operating model, not just dev dev ops are now in play and infrastructure as code, which is the ethos of a cloud generation is security is code. That's true. That's what you guys are doing. Thanks for coming on. Really appreciate it. Absolutely breaking news here in the queue, obviously great stuff. Open source continues to grow and win in the new model. Collaboration is the cube bringing you all the cover day one, the three days. I'm Jennifer, your host with Dave Nicholson. Thanks for watching.

>>Oh, welcome back to the cubes coverage of coop con cloud native con 2021. I'm John is the Cuba, David Nicholson, our cloud host analyst, and it's exciting to be back in person in event. So we're back. It's been two years with the cube con and Linux foundation. So scrape, it was a hybrid event and we have a great guest here, Cuban London, Nick Dirk, and CT field CTO of harness and harness.io. The URL love the.io. Good to see you. >>Thank you guys for having me on. I genuinely appreciate >>It. Thanks for coming on. You were a part of our AWS startup showcase, which you guys were featured as a fast growing mature company, uh, as cloud scales, you guys have been doing extremely well. So congratulations. But now we're in reality now, right? So, okay. Cloud native has kind of like, okay, we don't have to sell it anymore. People buying into it. Um, and now operationalizing it with cloud operations, which means you're running stuff, applications and infrastructure is code and it costs money. Yeah. Martine Casada at Andreessen Horowitz. Oh, repatriated from the cloud. So there's a lot of, there's some cost conversations starting to happen. This is what you guys are in the middle of. >>Yeah, absolutely. What's interesting is when you think about it today, we want to shift left. When you want to empower all the engineers, we want to empower people. We're not giving them the data they need, right. They get a call from the CFO 30 days later, as opposed to actually being able to look at what change I did and how it actually affected. And this is what we're bringing in. Allowing people to have is now really empowering. So throughout the whole software delivery life cycle from CGI continuous integration, continuous delivery feature flagging, and even bringing cost modeling and in cloud cost management. And even then being able to shut down, shut down the services that you're not using, how much of that is waste. We talk about it. Every single cloud conference it's how much is waste. And so being able to actually turn those on, use those accordingly and then take advantage of even the cheapest instances when you should. That's really what >>It's so funny. People almost trip over dollars to pick up pennies in the cloud business because they're so focused on innovation that they think, okay, we've got to just innovate at all costs, but at some point you can make it productive for the developers in process in the pipeline to actually manage that. >>That's exactly it. I mean, if you think about it to me in order to breach state continuous delivery, we have to automate everything. Right. But that doesn't mean stop at just delivering, you know, to production. That means to customer, which means we've got to make them happy, but then ultimately all of those resources in dev and QA and staging and UAT, we've sticker those as well. And if we're not being mindful of it, the costs are astronomical, right. And we've seen it time and time again with every company you see, you've seen every article about how they've blown through all their budgets. So bring it to the people that can affect change. That's really the difference, making it visible, looking at it. In-depth not just at the cloud level and all the spend there, but also even at the, uh, thinking about it, the Kubernetes level down to the containers, the pods and understanding where are the resources even inside of the clusters and bringing that as an aggregate, not just for visibility and, and giving recommendations, but now more importantly, because part of a pipeline start taking action. That's where it's interesting. It's not just about being able to see it and understand it and hope, right? Hope is not a strategy acting upon it is what makes it valuable. And that's part of the automate everything. >>Yeah. We'll let that at the Dawn of the age of DevOps, uh, there was a huge incentive for a developer just to get their job done, to seize control of infrastructure, the idea of infrastructure as code, you know, and it's, it's, you know, w when it was being born, it's a fantastic, I've always wondered though, you know, be careful what you wish for. Do you really want all of that responsibility? So we've got responsibility from a compliance and security perspective and of course cost. So, so where do we, where do we go from here, I guess is the question. Yeah. So >>When we look at building this all together, I think when we think about software delivery, everybody wants to go fast. We start with velocity, right? Everybody says, that's where I want to go. And to your point with governance compliance, the next roadblock to hit is weight. In order to go fast, I have to do it appropriately. I've got governing bodies that tell me how this has to work. And that becomes a challenge. >>It slows it down too. It doesn't, I mean, basically people are getting pissed off, right? This is, this general sentiment is, is that developers are moving fast with their code. And then they have to stop. Compliance has to give the green light sometimes days, correct? Uh, it used to be weeks now. It's days, it's still unacceptable. So there's like this always been that tension to the security groups or say it, or finance was like slow down and they actually want to go faster. So that has to be policy-based something. Yep. This is the future. What is your take on that? >>Take on, this is pretty simple. When everybody talks about people, process and technology, it's kind of bogus, right? It's all about confidence. If you're confident that your developers can deploy appropriately and they're not going to do something wrong, you'll let them to play all the time. Well, that requires process. But if you have tooling that literally guarantees your governance, make sure that at no point in time, can any of your developers actually do something wrong. Now you have, >>That's the key. That's the key. That's the key because you're giving them a policy-based guardrails to execute in their programs >>And that's it. So now you can free up all those pieces. So all those bottlenecks, all those waiting all those time, and this is how all of our customers, they move from, you know, change advisory boards that approve deployments. >>Can you give us some, give us some, give us some, uh, customer anecdotal examples of this inaction and kind of the love letters you get, or, or the customer you take us through a use case of how it all. >>So this is one of my favorites. So NCR national cash register. If you slide a credit card at like a Chick-fil-A or a Safeway, right? Um, traditional technology. But what was interesting is they went from doing PCI audit, which would take seven days to go to a PCI audit right now with harness, because, >>And by the way, when you and the seventh, six day, the things that you did on day one change. >>Exactly, exactly. And so now, because of using harness and everything's audited, and all the changes are, are controlled to make sure that developers again, can only do what they're allowed. They only get to broadcast two per production. If they've met all their security requirements, all their compliance, permits, all their quality checks. Now, because of that, they literally gave a re read only view of harness to their auditor. And in three hours it was over. And it's because now we're that evidence file from code commit through to production. Yeah. It's there for point of sale compliant. >>So what is the benefits to them? What's the result saves them time, saves the money. What's the good, the free up more times. I'll see the chops it down. That's the key. >>Yeah. It's actually something we didn't build in like our ROI calculators, which was, we talked to their engineers and we gave them their nights and their weekends back, which I thought was amazing. But Thursday night, when we're doing that deploy, they don't have to be up. Harness is actually managing and understanding, using machine learning to understand what normal looks like. So they don't have to, they don't have to sit and look at the knock or sit in the war room and eat the free pizza. Yeah. Right. And then when those things break, same concept rates aren't as good. So >>I got to ask you, I got you here. You know, as the software development delivery lifecycle is radically being overhauled right now, which people generally agree that that's the case, the old models are, are different. How do you see your vision around AI and automation playing into this? Because you could say, okay, we're going to have different kinds of coding styles. This batch has got an AI block here. It's very Lego block. Like yep. Okay. Services and higher level services in the cloud. What's your reaction to how this impacts automation and >>Sure. So throughout our entire platform, we've designed our AI to take care of the worst parts of anyone's job as Guinea dev ops person. If they love babysitting deployments, they don't harness handles that for them, ask your engineers that they love sitting there waiting for their tests to run. Every time they build, they go get coffee, right. Because we're waiting for all of our tests to run. Y yeah. Right. The reality >>Is sometimes they have to wait days and >>That's it. But like, if I change the gas cap on, uh, on your car, would you expect me to check every light switch and every electronic piece? No. Well, why do we do that with code? And so our AI, our ML is designed to remove all the things that people hate. It's not to remove people's jobs. It's actually to make their jobs much better. >>How do you guys feed the data? What's the training algorithm for that? How does that work? Yeah, >>Actually, it's interesting. A lot of people think it's going to take a ton of time to figure this out. The good news is we start seeing this on the second deployment. On the second bill, we have to have a baseline of what good looks like, and that's where it starts. And it goes from there. And by the way, this isn't a lot of people say AI, and this AML, I teach a class on this because ML is not standard deviation. It's not some checks. So we use a massive amount of machine learning, but we have neural networks to think about things like engineers do. Like if we looked at a log and I saw the same log with two different user IDs, you and I would know, well, it's the same thing. It's just different users, but machine learning models. Don't so we've got to build neural networks to actually think like humans. So that, >>So that's the whole expectation maximization kind of concept of people talk about, >>Well, and that's it because at the end of the day, we're like I said, I'm not trying to take people's jobs. I want to meet. >>Yeah. You want to do the crap work out of the way. And I had to do other redundant, heavy lifting that they have to do every single time we use the cloud way. We've >>Built mechanical muscle in, in the early 19 hundreds. Right. And it made everyone's jobs easier, allowed them to do more with their time. That's exactly what we're doing here. >>I mean, we've seen the big old guys in the industry trying to evolve. You got the hot startups coming out. So you got, you know, adapt or die as classic thing. We've been saying for many years, David on the cube, you know that. So it's like, this is a moment of truth. We're going to see who comes out the other side. How do you, Nick, what would you be your, your kind of guess of when that other side is, when are we gonna know the winners and the losers truly in the sense of where we are now? >>So I think what I've found is that in this space specifically, there's a constant shift and this is something with software. And the problem is, is that we see them come in ebbs and flows, right. And very few times are there businesses that actually carry the model? And what you find is that when they focus on one specific problem, it solves it. Now, if I was working on VMs a few years ago, great, but now we're, we're here at coop con, right? And that's because it's eaten, uh, that side of the world. And so I think it's the companies that can actually grow the test of time and continue to expand to where the problems are. Right. And that's one of the things that I traditionally think about harness and we've done it. We cover our customers where they were, I think the old mainframes, if you had to, where they were, where they are at their traditional, their VM. >>I mean, if you think about it, Nick, it's one of those things where it's like, that's such a common sense way to look at it evolves with a problem. So I ride the right with tech ways. But if you think about the high order bit, here is just applications. We ended the day. Companies have applications that they want to write modern. The applications of their business is going to be codified so that you just work backwards from there. Then you say, okay, what is the infrastructure as code working for me? That's an ethos of dev ops. And that's where we're at. So that's why I think that the cloud need is kind of one already, but we still have the edge devices, more complexity. This is a huge next level conversation at one point is that we just put a hard and top on the complexity. When is that coming? Because the developers are clear. They want to go fast. They want to go shift left and have all that data, get the right analytics, the telemetry and the AI. But it's too complicated still. That is a big problem. >>It's too complicated. You ask for a full-stack developer to also know infrastructure, to also know edge computing. Like it's impossible, right? And this is where tooling helps, right? Because if you can actually parameterize that and make it to the engineers and have to care, they can do what they're best at. Hey, I'm great at turning code in artifact, let them do that and have tooling take care of the rest. This is where our goal is. Again, allow people >>We'll do what they love. And this is kind of the new roles that are changing. What SRE has done. Everyone talks about the SRE and some states just as he had dev ops guy, but it's not just that there's also, uh, different roles emerging. It's, it's an architectural game. At this point, we would say, >>I'd say a hundred percent. And this is where the decisions that you make on are architecturally. If you don't know how to then roll them out, this is what we've seen. Time and time again, you go to these large companies, I've got these great architectures on planning four years later, we haven't reached it because to that point process, >>The process killed them four >>Different new tools throughout the process. Well, yeah. >>So when do we hit peak Kubernetes peak >>Kubernetes? I think we have a bit to go in and I'm excited about the networking space and really what we're doing there and, and bringing that holistic portion of the network, like when Istio was originally released, I thought that was one of the most amazing things, uh, to truly come to it. And I think there's a vast space in networking. Um, and, and so I think in the next few years, we're going to see this, you know, turn into that a hundred percent utilized across the board. This will be that where everyone's workloads continue to exist. Um, somewhat like VMs we're in >>And, and, and no, no fear of developers as code in the very near future. You're talking about automating the mundane. Correct. Uh, there have been stories recently about the three-day workweek, you know, as a, as a fan of, um, utopian science fiction, myself, as opposed to dystopian. Absolutely. I think that, you know, technology does have the opportunity to lift all boats and, uh, and it's, it's not nothing to be afraid of. You know, the fact that I put my dishes in the dishwasher and they run by themselves for three hours. It's a good thing. It's a great thing. >>I don't need to deal with that. Yeah, I agree. No, I think that's, and that's what I said in the beginning. Right. That's really where we can start empowering people. So allow them to do what they're good at and do what they're best at. And if you look at why do people quit? We don't have to go so hard to find. Yeah. Why? Because they're secondary to babysit and implement and they're told everywhere they go, they're not going to have to >>That's the line. And that's all right. We got a break, but it's great insight to have you on the Q one final question for you. Um, I got to ask about the whole data as code something that I've been riffing on for a bunch of years now. And as infrastructures could we get that, but data is now the resource everyone needs, and everyone's trying to, okay, I have the control plane for this and that, but ultimately data cannot be siloed. This is a critical architectural element. How does that get resolved in the land of the competitive advantage and lock in and whatnot? What's your take on that? >>So data's an interesting one because it has, it has gravity and this is the problem. And as we move, as I think you guys know, as you move to the edge as remove, move it places there's insights to be taken at the edge there's insights to be taken as it moves through. And I think what you'll see honestly, going forward is you'll see compute done differently to your point. It needs to be aggregated. It needs to be able to be used together, but I think you'll see people computing it on its way through it. So now even in transport, you'll start seeing insights gained in real time before you can have the larger insights. And I see that happening more and more. Um, and I think ultimately we just want to empower that >>Nick, great to have you on CTO of field CTO of harness and harness.io is a URL. Check it out. Thanks for the insight. Thank you so much. Great comments. Appreciate it. Natural cube analysts right here, Nick, of course, we've got our, our analysts right here, David Nicholson. You're good on your own. I'm John for a, you know, we have the host. Thanks for watching. Stay with two more days of coverage. We'll be back after this short break.

>>And welcome back to the cubes coverage of coop con cloud native con 2021. We're in person physical venom, John free hosted a Q a Dave Nicholson, my CO's and Emma Laney, who is our not so roving reporter unemployed, software engineer, unemployed comedian. Great to have you on the cube. >>Thank you for that list of credentials. >>You're doing great. I saw you're having some fun down there. We've got this new show or testing out called the grill. Here it is. Okay. Um, what's the focus, what's the story behind everything. >>Uh, the focus of the show is trying to have some fun with tech. You know, tech has a lot of self seriousness. Uh, there's a lot that's ripe to make fun of. We're also having fun. We're not trying to grill people in. We're not trying to roast them. Right? We're having people come through. They're sharing funny stories. We're having a contest to find the best man split nation of Kubernetes. Right now, I got to say, a woman is in the lead. Oh, she killed that contest, like called me, sweetie. And everything. It just proves that it's not about the man. You identify as it's about the condensation in your heart when it comes to mansplaining. >>Um, what is the best criteria that you, when you get a candidate for the mansplaining competition, what is the criteria? >>I mean, number one, we're looking for condensation. You get extra points for you, the phrase, well, actually we want a supercilious attitude. Uh, if you are partially into explaining it and then you stop yourself because you think you've used too technical of a term and then step it down, all of those gets you extra points in the mansplaining. >>Can I ask you, what's your biggest observation as you kind of look at this ecosystem? I mean, it's a big event, but it's, COVID postpone even in COVID people are wearing masks, not wearing masks. >>I mean, people are wearing masks for the most part. Uh, you know, I did love this, uh, red light, yellow light green light system. They came up with green, meaning please touch me. I've been inside for too long red meaning I still care about COVID yellow. You know, ask me, we'll figure it >>Out. All right. What's the funniest thing you've heard so far. >>The funniest thing I have to say, I asked someone what their favorite tech joke is. And he said it worked on my computer That really stirred up some memories. >>Oh man, we're in LA though. This is a great area. It's literally with the best comedians you could think of or work their way through the system. But with techno and everything is tech with gadgets and with like Kubernetes, I mean, it's, it's the material writes itself. I mean, >>Surely >>You must be having, >>Oh, I'm definitely having a ton of fun. Uh, I wouldn't say the material writes itself. I would say hire me to write material, but it is quite a fertile. >>Okay. What would you write for, uh, looking at the keynote today? Looking at the vibe here, obviously a lot of people show because they're remote, but visually it's a packed house here, but what's your first comedic view of the, as the fog lifts in this community? >>I have to say the thing that really stuck out to me from the keynote addresses was that people have not yet adjusted to being in person. There were some very, very delayed applause breaks where people realize they were not muted watching on a screen and you'd still go, oh, that's right. We should interact. Like God bless those speakers. It's uh, people have been inside for a long time. >>Um, part-time comedian too. I mean, co-hosting queue. Um, I don't, I, >>I don't find anything funny with technology. And I'm curious when you use the word supercilious, is that a, is that a comedic term? I, I, yes. >>I heard that before. It's the Latin form of super silly. Yeah. Which is my brand of comedy. >>So the mansplaining, I don't know if you need to like, woman's plane, some of this stuff to me, but I'll English >>Major Splain. Okay. Okay. Super silliest. >>It sounds super silly. So is it, is it, is it okay to have a ringer come in and attempt make an attempt at the mansplaining or >>Okay. A hundred >>Percent come in wearing it. >>I'm trying to make this a safe space for women at the conference. I'm the only woman you should be mansplaining to. I'm a martyr falling on the sword of mansplaining for all the great technical women at this conference. You slip that in >>And translate that. >>Of course, John, I don't know how to explain that to them more detailed. Um, what I love about the vibe is that this technical people they're snarky. If you get at their core, I mean, we were at the bar. Everyone was like totally leaning into like comedy and more fun because it's almost like they're bust out, come out of the closet and beat comedian. >>Oh, there is a broiling anger in the soul of every developer and every person who's worked on technology. And the question is going to be, can we get it on camera when they are not drunk, we're doing our >>Best to drink. These developers don't >>Think, oh, they do desperately. >>We saw a few partaking in the bar at the GTA merit and a lot going on. You had the, you know, they had warriors game going on. You have a lot of Dodgers were playing the giants. So pretty active bar scene for this crowd. >>Yeah, no, it was, uh, it was very fun. I personally was disappointed that the warriors are not actually staying in our hotel. You know, if this software thing doesn't work out, NBA wife is a possible second. >>And the Ritz Carlton was right behind us. You could be right there too. All right. So the grill is, uh, an experiment. We're having some fun with it, but the purpose is to just chill a bit. What's the, what would you say the goal of the show is for you? >>I'd say the goal is to get people to come out of their shells a little bit, to have some fun, to poke fun at some of the tendencies that we see in tech that we often don't bring up. You know, like I'm having so much fun with the man's pollination. Uh, I've lived it a bit. And my favorite is, uh, as I asked men to mansplain it to me, the panic in their eyes, that's my ultimate goal is just to make men afraid. >>And the panic is because they don't know if they're mansplaining all the time or actually purposely mansplaining is hard enough, but they do it naturally. Sorry. >>I have three daughters and I can't wait for them to see this stuff. I cannot >>Wait. That's going to be >>Great. Well, we have cooler gen Z. >>Well, we have t-shirts right. Let me see the t-shirts give everyone a quick, if you come on, this is day one of coupons. So if you do come on the show with the grill, I'm the t-shirt ferry. The grill is real. It's like the V the cubes version of the view, but >>Wow, just because I'm a woman, the, uh, the t-shirt is a big incentive. I'm sure a lot of people go to tech conferences don't get any free. T-shirts good. >>I got grilled by a net. Lilium, the cube at cube con con not cube >>Con. It's a medium rare grilling. >>I couldn't resist the view jokes. I know I'm in color. We'll keep our day jobs here in the comedian angle. We got to >>Believe that's true. Yes. When I look at the wavelengths of >>Light on that, I'm super stoked to have you try that. I think it's a great program, Greg. God. So you guys doing a great job, loved the vibe, love the energy, love the creativity, having some fun. See the poster one last time. And the idea is to have some fun, right? It's a tough time. We're all coming back from the pandemic, welcoming back from the pandemic. And this is just a fun way to kind of let the air out and have some fun. So thanks for everyone. Thank you so much for doing that. Thank you. All right. Cute coverage here. Coop gone. Cloud native con I'm John Perry, David Nicholson. Be back with more day, one coverage of three days after the short break.

>>Hello and welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. Great guests here cube alumni Stephen Chin, vice president of developer relations for jay frog Stephen, great to see you again this remote this time this last time was in person. Our last physical event. We had you in the queue but great to see you. Thanks for coming in remotely. >>No, no, I'm very glad to be here. And also it was, it was awesome to be in person at our s a conference when we last talked and the last year has been super exciting with a whole bunch of crazy things like the I. P. O. And doing virtual events. So we've, we're transitioning to the new normal. We're looking forward to things getting to be hybrid. >>Great success with jay frog. We've been documenting the history of this company, very developer focused the successful I. P. O. And just the continuation that you guys have transitioned beautifully to virtual because you know, developer company, it runs virtual, but also you guys have been all about simplicity for developers and and we've been talking for many, many years with you guys on this. This is the theme that dr khan again, this is a developer conference, not so much an operator conference, but more of a deva deV developer focused. You guys have been there from the beginning, um nationally reported on it. But talk about jay Frog and the Doctor partnership and why is this event so important for you? >>Yeah. So I think um like like you said, jay Frog has and always is a developer focused company. So we we build tools and things which which focus on developer use cases, how you get your code to production and streamlining the entire devoPS pipeline. And one of the things which which we believe very strongly in and I think we're very aligned with with doctor on this is having secure clean upstream dependencies for your Docker images for other package and language dependencies and um you know, with the announcement of dr khan and dr Hubbs model changing, we wanted to make sure that we have the best integration with doctor and also the best support for our customers on with Docker hub. So one of the things we did strategically is um, we um combined our platforms so um you can get the best in class developer tools for managing images from Docker. Um everyone uses their um desktop tools for for building and managing your containers and then you can push them right to the best container registry for managing Docker Images, which is the jay frog platform. And just like Docker has free tools available for developers to use. We have a free tier which integrates nicely what their offerings and one of the things which we collaborate with them on is for anybody using our free tier in the cloud. Um there's there's no limits on the Docker images. You can pull no rate limiting, no throttling. So it just makes a clean seamless developer experience to to manage your cloud native projects and applications. >>What's the role of the container registry in cloud NATO? You brought that up? But can you just expand on that point? >>Yeah. So I think when you when you're doing deployments to production, you want to make sure both that you have the best security so that you're making sure that you're scanning and checking for vulnerabilities in your application and also that you have a complete um traceability. Basically you need a database in a log of everything you're pushing out to production. So what container registries allow you to do is um they keep all of the um releases all of the Docker images which are pushing out. You can go back and roll back to a previous version. You can see exactly what's included in those Docker images. And we jay frog, we have a product called X ray which does deep scanning of container images. So it'll go into the Docker Image, it'll go into any packages installed, it'll go into application libraries and it does kind of this onion peel apart of your entire document image to figure out exactly what you're using. Are there any vulnerabilities? And the funny thing about about Docker Images is um because of the number of libraries and packages and installed things which you haven't given Docker Image. If you just take your released Docker Image and let it sit on the shelf for a month, you have thousands of vulnerabilities, just just buy it um, by accruing from different reported zero day vulnerabilities over time. So it's extremely important that you, you know what those are, you can evaluate the risk to your organization and then mitigated as quickly as possible. If there is anything which could impact your customers, >>you bring up a great point right there and that is ultimately a developer thing that's been, that's generational, you know what generation you come from and that's always the problem getting the patches in the old days, getting a new code updated now when you have cloud native, that's more important than ever. And I also want to get your thoughts on this because you guys have been early on shift left two years ago, shift left was not it was not a new thing for you guys ever. So you got shift left building security at the point of coding, but you're bringing up a whole another thing which is okay automation. How do you make it? So the developments nothing stop what they're doing and then get back and say, okay, what's out there and my containers. So so how do you simplify that role? Because that's where the partnership, I think really people are looking to you guys and Dakar on is how do you make my life easier? Bottom line, what's it, what's it, what's it about? >>Yeah. So I I think when you when you're looking at trying to manage um large applications which are deployed to big kubernetes clusters and and how you have kind of this, this um all this infrastructure behind it. One of the one of the challenges is how do you know what you have that in production? Um So what, how do you know exactly what's released and what dependencies are out there and how easily can you trace those back? Um And one of the things which we're gonna be talking about at um swamp up next week is managing the overall devops lifecycle from code all the way through to production. Um And we we have a great platform for doing package management for doing vulnerability scanning, for doing um ci cd but you you need a bunch of other tools too. So you need um integrations like docker so you can get trusted packages into your system. You need integrations with observe ability tools like data, dog, elastic and you need it some tools for doing incident management like Patriot duty. And what we've, what we've built out um is we built out an ecosystem of partner integrations which with the J frog platform at the center lets you manage your entire and and life cycle of um devops infrastructure. And this this addresses security. It addresses the need to do quick patches and fixes and production and it kind of stitches together all the tools which all of the successful companies are using to manage their fast moving continuous release cycle, um and puts all that information together with seamless integration with even developer tools which um which folks are using on a day to day basis, like slack jeer A and M. S. Teams. >>So the bottom line then for the developer is you take the best of breed stuff and put it, make it all work together easily. That right? >>Yeah. I mean it's like it's seamless from you. You've got an incidents, you click a button, it sticks Ajira ticket in for you to resolve. Um you can tie that with the code, commits what you're doing and then directly to the security vulnerability which is reported by X ray. So it stitches all these different tools and technologies together for a for a seamless developer experience. And I think the great relationship we have with Docker um offers developers again, this this best in class container management um and trusted images combined with the world's best container registry. >>Awesome. Well let's get into that container issue products. I think that's the fascinating and super important thing that you guys solve a big problem for. So I gotta ask you, what are the security risks of using unverified and outdated Docker containers? Could you share your thoughts on what people should pay attention to because if they got unverified and outdated Docker containers, you mentioned vulnerabilities. What are those specific risks to them? >>Yeah, so I there's there's a lot of um different instances where you can see in the news or even some of the new government mandates coming out that um if you're not taking the right measures to secure your production applications and to patch critical vulnerabilities and libraries you're using, um you end up with um supply chain vulnerability risks like what happened to solar winds and what's been fueling the recent government mandates. So I think there's a there's a whole class of of different vulnerabilities which um bad actors can exploit. It can actually go quite deep with um folks um exploiting application software. Neither your your company or in other people's systems with with the move to cloud native, we also have heavily interconnected systems with a lot of different attack points from the container to the application level to the operating system level. So there's multiple different attack vectors for people to get into your software. And the best defense is an organization against security. Vulnerabilities is to know about them quickly and to mitigate them and fix them in production as quickly as possible. And this requires having a fast continuous deployment strategy for how you can update your code quickly, very quick identification of vulnerabilities with tools like X ray and other security scanning tools, um and just just good um integration with tools developers are using because at the end of the day it's the developers who both are picking the libraries and dependencies which are gonna be pushed into production and also they're the ones who have to react and and fix it when there's a uh production incident, >>you know, machine learning and automation. And it's always, I love that tech because it's always kind of cool because it's it's devops in action, but you know, it's it's not like a silver bullet, your machine, your machine learning is only as good as your your data and the code is written on staying with automation. You're not automating the right things or or wrong things. It's all it's all subjective based on what you're doing and you know Beauty's in the eye of the beholder when you do things like that. So I wanna hear your thoughts on on automation because that's really been a big part of the story here, both on simplicity and making the load lighter for developers. So when you have to go out and look at modifying code updates and looking at say um unverified containers or one that gets a little bit of a hair on it with with with more updates that are needed as we say, what do you what's the role of automation? How do you guys view that and how do you talk to the developers out there when posturing for a strategy on and a playbook for automation? >>Yeah, I think you're you're touching on one of the most critical parts of of any good devops um platform is from end to end. Everything should be automated with the right quality gates inserted at different points so that if there's a um test failure, if you have a build failure, if you have a security vulnerability, the the automatic um points in there will be triggered so that your release process will be stopped um that you have automated rollbacks in production um so that you can make sure that their issues which affect your customers, you can quickly roll back and once you get into production um having the right tools for observe ability so that you can actually sift through what is a essentially a big data problem. So with large systems you get so much data coming back from your application, from the production systems, from all these different sources that even an easy way to sift through and identify what are the messages coming back telling you that there's a problem that there's a real issue that you need to address versus what's just background noise about different different processes or different application alerts, which really don't affect the security of the functionality of your applications. So I think this this end to end automation gives you the visibility and the single pane of glass to to know how to manage and diagnose your devops infrastructure. >>You know, steve you bring up a great point. I love this conversation because it always highlights to me why I love uh Coop Con and Cloud Native con part of the C N C F and dr khan, because to me it's like a microcosm of two worlds that are living together. Right? You got I think Coop khan has proven its more operated but not like operator operator, developer operators. And you got dr khan almost pure software development, but now becoming operators. So you've got that almost those two worlds are fusing together where they are running together. You have operating concerns like well the Parachute open, will it work? And how do I roll back these roll back? These are like operating questions that now developers got to think about. So I think we're seeing this kind of confluence of true devops next level where you can't you can be just a developer and have a little bit of opposite you and not be a problem. Right? Or or get down under the under the hood and be an operator whenever you want. So they're seeing a flex. What's your thoughts on this is just more about my observation kind of real time here? >>Yeah, so um I think it's an interesting, obviously observation on the industry and I think you know, I've been doing DEVOPS for for a long time now and um I started as a developer who needed to push to production, needed to have the ability to to manage releases and packages and be able to automate everything. Um and this naturally leads you on a path of doing more operations, being able to manage your production, being able to have fewer incidents and issues. Um I think DEVOPS has evolved to become a very complicated um set of tools and problems which it solves and even kubernetes as an example. Um It's not easy to set up like setting up a kubernetes cluster and managing, it is a full time job now that said, I think what you're seeing now is more and more companies are shifting back to developers as a focus because teams and developers are the kingmakers ends with the rise of cloud computing, you don't need a full operations team, you don't need a huge infrastructure stack, you can you can easily get set up in the cloud on on amazon google or as your and start deploying today to production from from a small team straight from code to production. And I think as we evolve and as we get better tools, simpler ways of managing your deployments of managing your packages, this makes it possible for um development teams to do that entire site lifecycle from code through to production with good quality checks with um good security and also with the ability to manage simple production incidents all by themselves. So I think that's that's coming where devoPS is shifting back to development teams. >>It's great to have your leadership and your experience. All right there. That's a great call out, great observation, nice gym there. I think that's right on. I think to get your thoughts if you don't mind going next level because you're, you're nailing what I see is the successful companies having these teams that could be and and workflows and have a mix of a team. I was talking about Dana Lawson who was the VP of engineering get up and she and I were riffing on this idea that you don't have to have a monolithic team because you've got you no longer have a monolithic environment. So you have this microservices and now you can have these, I'm gonna call micro teams, but you're starting to see an SRE on the team, that's the developer. Right? So this idea of having an SRE department maybe for big companies, that could be cool if you're hyper scalar, but these development teams are having certain formations. What's your observation to your customer base in terms of how your customers are organizing? Because I think you nailed the success form of how teams are executing because it's so much more agile, you get the reliability, you need to have security baked in, you want end to end visibility because you got services starting and stopping. How are teams? How are you seeing developers? What's the state of the art in your mind for formation? >>Yeah, so I think um we we work with a lot of the biggest companies who were really at the bleeding edge of innovation and devoPS and continuous delivery. And when you look at those teams, they have, they have very, very small teams, um supporting thousands of developers teams um building and deploying applications. So um when you think of of SRE and deVOPS focus there is actually a very small number of those folks who typically support humongous organizations and I think what we're hearing from them is their increasingly getting requirements from the teams who want to be self service, right? They want to be able to take their applications, have simple platforms to deploy it themselves to manage things. Um They don't they don't want to go through heavy way processes, they wanted to be automated and lightweight and I think this is this is putting pressure on deVOPS teams to to evolve and to adopt more platforms and services which allow developers to to do things themselves. And I think over time um this doesn't this doesn't get rid of the need for for devops and for SRE roles and organizations but it it changes because now they become the enablers of success and good development teams. It's it's kind of like um like how I. T. Organizations they support you with automated rollouts with all these tools rather than in person as much as they can do with automation. Um That helps the entire organization. I think devops is becoming the same thing where they're now simplifying and automating how developers can be self service and organizations. >>And I think it's a great evolution to because that makes total sense because it is kind of like what the I. T. Used to do in the old days but its the scale is different, the services are different, the deVOPS tools are different and so they really are enabling not just the cost center there really driving value. Um and this brings up the whole next threat. I'd love to get your thoughts because you guys are, have been doing this for developers for a while. Tools versus platform because you know, this whole platform where we're a platform were control plane, there's still a need for tooling for developers. How do we thread the needle between? What's, what's good for a tool? What's good for a platform? >>Yeah, So I I think that um, you know, there's always a lot of focus and it's, it's easier if you can take an end to end platform, which solves a bunch of different use cases together. But um, I I think a lot of folks, um, when you're looking at what you need and how you want to apply, um, devops practices to your organization, you ideally you want to be able to use best in breed tools to be able to solve exactly what your use cases. And this is one of the reasons why as a company with jay frog, we we try to be as open as possible to integrations with the entire vendor ecosystem. So um, it doesn't matter what ci cd tool you're using, you could be using Jenkins circle, ci spinnaker checked on, it doesn't matter what observe ability platform you're using in production, it doesn't matter what um tools you're using for collaboration. We, we support that whole ecosystem and we make it possible for you to select the the best of breed tools and technologies that you need to be successful as an organization. And I think the risk is if, if you, if you kind of accept vendor lock in on a single platform or or a single cloud platform even um then you're, you're not getting the best in breed tools and technologies which you need to stay ahead of the curve and devops is a very, very fast moving um, um, discipline along with all the cloud native technologies which you use for application development and for production. So if you're, if you're not staying at the bleeding edge and kind of pushing things forward, then you're then you're behind and if you're behind, you're not be able to keep up with the releases, the deployments, you need to be secure. So I think what you see is the leading organizations are pushing the envelope on on security, on deployment and they're they're using the best tools in the industry to make that happen. >>Stephen great to have you on the cube. I want to just get your thoughts on jay frog and the doctor partnership to wrap this up. Could you take them in to explain what's the most important thing that developers should pay attention to when it comes to security for Docker images? >>Yeah. So I think when you're when you're developer and you're looking at your your security strategy, um you want tools that help you that come to you and that help you. So you want things which are going to give you alerts in your I. D. With things which are going to trigger your in your Ci cd and your build process. And we should make it easy for you to identify mitigate and release um things which will help you do that. So we we provide a lot of those tools with jay frog and our doctor partnership. And I think if you if you look at our push towards helping developers to become more productive, build better applications and more secure applications, this is something the entire industry needs for us to address. What's increasingly a risk to software development, which is a higher profile vulnerabilities, which are affecting the entire industry. >>Great stuff. Big fan of jay frog watching you guys be so successful, you know, making things easy for developers is uh, and simpler and reducing the steps it takes to do things as a, I say, is the classic magic formula for any company, Make it easier, reduce the steps it takes to do something and make it simple. Um, good success formula. Great stuff. Great to have you on um for a minute or two, take a minute to plug what's going on in jay frog and share what's the latest increase with the company, what you guys are doing? Obviously public company. Great place to work, getting awards for that. Give the update on jay frog, put a plug in. >>Yeah. And also dr Frog, I've been having a lot of fun working at J frog, it's very, very fast growing. We have a lot of awesome announcements at swamp up. Um like the partnerships were doing um secure release bundles for deployments and just just a range of advances. I think the number of new features and innovation we put into the product in the past six months since I. P. O. Is astounding. So we're really trying to push the edge on devops um and we're also gonna be announcing and talking about stuff that dr khan as well and continue to invest in the cloud native and the devops ecosystem with our support of the continuous delivery foundation and the C. N C F, which I'm also heavily involved in. So it's it's exciting time to be in the devoPS industry and I think you can see that we're really helping software developers to improve their art to become better, better at release. Again, managing production applications >>and the ecosystem is just flourishing. It's only the beginning and again Making bring the craft back in Agile, which is a super big theme this year. Stephen. Great, great to see you. Thanks for dropping those gems and insights here on the Cube here at Dr. 2021 virtual. Thanks for coming on. >>Yeah. Thank you john. >>Okay. Dr. 2020 coverage virtual. I'm John for your host of the Cube. Thanks for watching. Mhm. Mhm. Yeah.

>>mhm Yes, everyone, welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. Got a great segment here. One of the big supporters and open source amazon web services returning back second year. Dr khan virtual Deepak Singh, vice president of the compute services at AWS Deepak, Great to see you. Thanks for coming back on remotely again soon. We'll be in real life. Reinvent is going to be in person, we'll be there. Good to see you. >>Good to see you too, john it's always good to do these. I don't know how how often I've been at the cube now, but it's great every single time your >>legend and getting on there, a lot of important things to discuss your in one of the most important areas in the technology industry right now and that is at the confluence of cloud scale and modern development applications as they shift towards as Andy Jassy says, the new guard, right. It's been happening. You guys have been a big proponent of open source and enabling open source is a service creating business models for companies. But more importantly, you guys are powering, making it easier for folks to use software. And doctor has been a big relationship for you. Could you take a minute to first talk about the doctor, a W S relationship and your involvement and what you're doing? >>Yeah, actually it goes back a long way. Uh you know, Justin, we announced PCS had reinvented 2014 and PCS at that time was very much managed orchestration service on top of DACA at that time. I think it was the first really big one out there from a cloud provider. And since then, of course, the world has evolved quite a bit and relationship with DR has evolved a lot. The thing I'd like to talk to is something that we announced that Dr last year, I don't remember if I talked about it on the cube at that time. But last year we started working with DR on how can we go from doctor Run, which customers love or DR desktop, which customers love and make it easy for people to run containers on pcs and Fergie. Uh so most new customers running containers and AWS today start with this Yes and party or half of them and we wanted to make it very easy for them to start with where they are on the laptop which is often bucket to stop and have running services the native US. So we started working with DR and that that collaboration has been very successful. We want to keep you look forward to continuing to work on evolving that where you can use Docker compose doctor, desktop, doctor run the fuel that darker customers used and the labour grand production services on the end of your side, which is the part that we've got that on. So I think that's one area where we work really well together. Uh, the other area where I think the two companies continue to work well together. It's open source in general as some of, you know, AWS has a very strong commitment to contain a. D uh, EKS our community service is moving towards community. Forget it actually runs all on community today and uh, we collaborate dr Rhonda on the Ocr specification because, you know, the Oc I am expect is becoming the de facto packaging format idea. W S. This morning we launched yesterday, we launched a service called Opera. And the main expected input for opera is an Ocr image are being in this Atlanta as well, where those ci images now a way of packaging for lambda. And I think the last one I like to call out and it has been an amazing partnership and it's an area where most people don't pay attention is amid signing. Uh, there's a project called Notary. We do the second version of the Notary Spec for remit signing and AWS Docker and a couple of other companies have been working very closely together on bringing that uh, you know, finalizing no tv too, so that at least in our case we can start building services for our customers on top of that. You know, it's it's a great relationship and I expect to see it continue. >>Well, I think one of the themes this year is developer experience. So good. Good call out there in the new announcements on the tools you have and software because that seems to be a great developer integration with Docker question I have for you is how should the customers think about things like E C. S and versus E K. S. App, Runner lambda uh for kind of running their containers. How do they understand the difference is, what's there? What's the, what's the thought process there? What's >>that? It's a good question actually been announced after. And I think there was one of the questions I started getting on twitter. You know, let's start at the very beginning. Anyone can pick up a Docker container and run it on easy to today. You can run it on easy to, we can run a light sail, but doc around works just fine. It's the limits machine. Then people want to do more complex things. They want to run large scale orchestrated services. They won't run their entire business and containers. We have customers will do that today. Uh, you know, you have people like Vanguard who runs a significant portion of the infrastructure on pcs frg or you have to elope with the heavy user of chaos, our community service. So in general, if you're running large scale systems, you're building your platforms, you're most likely to use the csny Chaos. Um, if you come from a community's background, you're, you're running communities on prem or you want the flexibility and control the communities gives you, you're gonna end up with the chaos. That's what we see our customers doing. If you just want to run containers, you want to use AWS to its fullest extent where you want the continue a P I to be part of the W A S A P. I said then you pick is yes. And I think one of the reasons you see so many customers start with the CSN, Forget is with forget to get the significant ease of use from an operational standpoint. And we see many start ups and you know, enterprises, especially security focus enterprises leaning towards farming. But there's a class of customers that doesn't want to think about orchestration that just wants. Here's my code, here's my container image just run my service for me and that's when things like happen, I can come and that's one of the reasons we launched it. Land is a little bit different. Lambda is a unique service. You buy into an event driven architecture. If you do that, then you can figure our application into this. That's they should start its magic. Uh, the container part, there is what land announced agreement where they now support containers, packaging. So instead of zip files, you can package up your functions as containers. Then lambda will run them for you. The advantage it gives you with all the tooling that you built, that you have to build your containers now works the land as well. So I won't call and a container orchestration service in the same sense of the CSC cso Afrin are but it definitely allows the container image format as a standard packaging format. I think that's the sort of universal common theme that you find across AWS at this point of time. >>You know, one of the things that we're observing at this at this event here is a lot of developers Coop con and Lennox foundations. A lot of operators to kubernetes hits that. But here's developers. And the thing is I want to ease of use, simplicity experience, but also I want the innovation. Yeah, I want all of it. When I ask you what is amazon bring to the table for the new equation, what would you say? >>Yeah, I mean for me it's always you've probably heard me say this 100 times. Many 1000 times. It's foggy fog. It's unique to us. It takes a lot of what we have learned about operating infrastructure scale. The question we asked ourselves, you know, in many ways we talk about forget even before belong pcs but we have to learn on what it meant and what customers really wanted. But the idea was when you are running clusters of instances of machines to run containers on, you have to start thinking about a lot of things that in some ways VMS but BMS in the car were taken away capacity. What kind of infrastructure to run it on? Should have been touched. Should have not been back. You know, where is my container running? Those are things. They suddenly started having to think about those kind of backwards almost. So the idea was how can we make your containerized bundles? So TCS task or community is part of the thing that you talk to and that is the main unit that you operate on. That is the unit that you get built on and meet it on. That's where Forget comes in and it allows us to do many interesting things. We've effectively changed the engine of forget since we've launched it. Uh, we run it on ec two instances and we run it on fire cracker. Uh, we have changed the forget agent architecture. We've made a lot of underneath the hood, uh, changes that even take the take advantage of the broader innovation, the rate of us, We did a whole bunch more to launch acronym trans on top of family customers don't have to think about it. They don't have to worry about it. It happens underneath the hood. It's always your engine as as you go along and it takes away all the operational pain of managing clusters of running into picking which instances to use to getting out, trying to figure out how to bend back and get efficiency. That becomes our problem. So, you know, that is an area where you should expect to see a Stuart done more. It's becoming the fabric of so many things that eight of us now. Uh, it's, you know, in some ways we're just talking a lot more to do. >>Yeah. And it's a really good time. A lot more wave of developers coming in. One of the things that we've been reporting on on Silicon England cube with our cute videos is more developers keep on coming on, more people coming in and contributing to the open source community. Even end users, not just the normal awesome hyper scholars you're talking about like classic, I call main street enterprises. So two things I want to ask you on the customer side because you have kind of to customers, you have the community that open source community and you have enterprise customers that want to make it easier. What are you seeing and hearing from customers? I know you guys work backwards from the customer. So I got to ask you work backwards from the community and work backwards from the enterprise customer. What's going on in their environment? What's the key trends that they're riding? What's the big challenges? What's the big opportunities that they're facing and saying for the community? >>Yeah, I start with the enterprise. That's almost an easier answer. Which is, you know, we're seeing increasingly enterprises moving into the cloud wholesale. Like in some ways you could argue that the pandemic has just accelerated it, but we have started seeing that before. Uh they want to move to the cloud and adult modern best practices. Uh If you see my talk agreement last few years, I've talked about modernization and all the aspects of modernization, and that's 90% of our conversation with enterprises, I've walked into a meeting supposedly to talk about containers, whatever half a conversation is spent on. How does an organization modernize? What does an organization need to do to modernize and containers and serverless play a pretty important part in it, because it gives them an opportunity to step away from the shackles of sort of fixed infrastructure and the methods and approaches that built in. But equally, we are talking about C I C. D, you know, fully automated deployments. What does it mean for developers to run their own services? What are the child, how do you monitor and uh, instrument uh, your services? How do you do observe ability in the modern world? So those are the challenges that enterprises are going towards, and you're spending a ton of time helping them there. But many of them are still running infrastructure on premises. So, you know, we have outpost for them. Uh, you know, just last week, you're talking to a bunch of our customers and they have lots of interesting ideas and things that they want to do without both, but many of them also have their own infrastructure and that's where something like UCS anywhere came from, which is hey, you like using Pcs in the cloud, You like having the safety i that just orchestrates containers for you. It does it on on his in an AWS region. It will do it in an outpost. It'll do it on wavelength, it'll do it on local zone. How about we allow you to do it on whatever infrastructure you bring to us. Uh you want to bring a raspberry pi, you can do that. You want to bring your on premises data center infrastructure, we can do that or a point of sale device, as long as you can get the agent running and you can connect to an AWS region, even though it's okay to lose connectivity every now and then. We can orchestrate a container for you over there and, you know, the same customer that likes the ease of use of Vcs. And the simplicity really resonated with that message really resonates with them. So I think where we are today with the enterprise is we've got some really good solutions for you in eight of us and we are now allowing you to take those a. P. I. S and then launch containers wherever you want to run them, whether it's the edge or whether it's your own data center. I think that's a big part of where the enterprise is going. But by and large, I think yes, a lot of them are still making that change from running infrastructure and applications the way they used to do a modern sort of, if you want to use the word cloud native way and we're helping them a lot. We've done, the community is interesting. They want to be more participatory. Uh that's where things like co pilot comes from. God, honestly, the best thing we've ever done in my order is probably are open road maps where the community can go into the road map and engage with us over there, whether it's an open source project or just trying to tell us what the feature is and how they would like to see it. It's a great engagement and you know, it's not us a lot. It's helped us prioritize correctly and think about what we want to do next. So yeah, I think that's, that >>must be very hard to do for opening up the kimono on the road map because normally that's the crown jewels and its secretive and you know, and um, now it's all out in the open. I think that is a really interesting, um, experiment and what's your reaction to that? What's been the feedback on the road map peace? Because I mean, I definitely want to see, uh, >>we do it pretty much for every service in my organization and we've been doing it now for three years. So years forget, I think about three years and it's been great. Now we are very we are very upfront, which is security and availability. Our job 000 and you know, 100 times out of 100 at altitudes between a new feature and helping our customers be available and safe. We'll do that. And this is why we don't put dates in that we just tell you directionally where we are and what we are prioritizing Uh, there every now and then we'll put something in there that, you know, well not choose not to put a feature in there because we want to keep it secret until it launches. But for the most part, 99% of our own myself there and people engaged with it. And it's not proven to be a problem because you've also been very responsible with how we manage and be very transparent on whether we can commit to something or not. And I think that's not. >>I gotta ask you on as a leader uh threaded leader on this group. Open source is super important, as you know, and you continue to do it from under years. How are you investing in the future? What's your plan? Uh plans for your team, the industry actually very inclusive, Which is very cool. It's gonna resonate well, what's the plans? Give us some details on what you're investing in, what your priorities? What's your first principles? >>Yeah, So it goes in many ways, one when I I also have the luxury also on the amazon open source program office. So, you know, I get the chance to my team, rather not me help amazon engineers participate in open source. That that's the team that helps create the tools for them, makes it easy for them to contribute, creates, you know, manages all the licenses, etcetera. I'll give you a simple example, you know, in there, just think of the cr credential helper that was written by one of our engineers and he kind of distorted because he felt it was something that we needed to do. And we made it open source in general, in in many of our teams. The first question we asked is should something the open why is this thing not open source, especially if it's a utility or some piece of software that runs along with services. So they'll step one. But we've done some big things also, I, you know, a couple of years ago we launched Lennox operating system called bottle Rocket. And right from the beginning it was very clear to us that bottle Rocket was two things. It was both in AWS product. But first it was an open source project. We've already learned a little bit from what we've done at Firecracker. But making bottle rocket and open source operating system is very important. Anyone can take part of Rocket the open source to build tooling. You can run it whatever you want. If you want to take part of Rocket and build a version and manage it for another provider. For another provider wants to do it, go for it. There's nothing stopping you from doing that. So you'll see us do a lot there. Obviously there's multiple areas. You've seen WS investing on the open source side. But to me, the winds come from when engineers can participate in small things, released little helpers or get contributions from outside. I think that's where we're still, we can always have that. We're going to continue to strive to make it better and easier. And uh, you know, I said, I have, you know, me and my team, we have an opportunity to help their inside the company and we continue to do so. But that's what gets me excited. >>Yeah, that's great stuff. And congratulations on investing in the community, really enjoys it and I know it moves the needle for the industry. Deepak, I gotta ask you why I got you here. Dr khan obviously, developers, what's the most important story that they should be paying attention to as a developer because of what's going on shift left for security day two operations also known as a I ops getups, whatever you wanna call it, you know, ongoing, you get server lists, you got land. I mean, all kinds of great things are going on. You mentioned Fargate, >>um >>what should they be paying attention to that's going to really help their life, both innovation wise and just the quality of life. >>Yeah, I would say look at, you know, in the end it is very easy developers in particular, I want to build the buildings and it's very easy to get tempted to try and get learn everything about something. You have access to all the bells and whistles and knobs, but in reality, if you want to run things you want to, you want to focus on what's important, the business application, that and you the application. And I think a lot of what I'll tell developers and I think it's a lot of where the industry is going is we have built a really solid foundation, whether it's humanity, so you CSN forget or you know, continue industries out there. We have very solid foundation that, you know, our customers and develop a goal of the world can use to build upon. But increasingly, and you know, they are going to provide tools that sort of take that wrap them up and providing a nice package solution After another great example, our collaboration, the doctor around Dr desktop are a great example where we get all the mark focus on the application and build on top of that and you can get so much done. I think that's one trend. You'll see more and more. Those things are no longer toys, their production grade systems that you can build real world applications on, even though they're so easy to use. The second thing I would add to that is uh, get uh, it is, you know, you can give it whatever name you want. There's uh, there's nuances there, but I actually think get up is the way people should be running the infrastructure, my virus in my personal, you know, it's something that we believe a lot in homicide as hard as you go towards immutable infrastructure, infrastructure, automation, we can get off plays a significant role. I think developers naturally gravitate towards it. And if you want to live in a world where development and operations are tightly linked, I think it after the huge role to play in that it's actually a big part of how we're planning to do things like yes, anywhere, for example, a significant player and that it would be a proton. I think get up will be a significant in the future of proton as well. So I think that's the other trend. If you wanted to pick a trend that people should pay attention. That's what I believe in a lot. >>Well you're an expert. So I want to get you a quick definition. What is get Ops, how would you define it? Because that's a big trend. What does it, what does that mean? >>Electricity will probably shoot me for getting this wrong. I tell you how I think about it. Which is, you know, in many cases, um, you when you're doing deployments are pushing a deployment getups is more of a full deployment. When you are pushing code to get depository, you have a system that knows that the event has happened and then pulls from there and triggers the thing as opposed to you telling it take I have this new piece of code now go deployed everywhere. So to me, the biggest changes that Two parts one is it's more for full mechanism where you're pulling because something has changed. So it needs systems like container orchestrators to keep them, you know, to keep them in sync. And the second part of the natural natural evolution of infrastructure score, which is basically everything is called the figures code. Infrastructure as code, code is code and everything is getting stored in that software repo and the software repo becomes your store of record and drives everything. Uh So for a glass of customers, that's going to be a pretty big deal. >>Yeah, when you're checking in code, that's again, it's like a compiler for the compiler, a container for the container, you've got things for each other. Automation is ultimately what we're talking about here. And that's to me where machine learning kicks in. So again, having this open source foundational fabric, as you said, forget out the muck or the undifferentiated heavy lifting. This is what we're talking about automation, isn't it? Deepak? >>Yes. I mean I said uh one thing where we hang our hat on is there's such good stuff out there in the world which we like to contribute to, but the thing we like to hang our hat on is how do you run this? How do you do it this in ways that you can uniquely bring capabilities to customers where there's things like nitro or things are nitro open stuff. Well, the fact that we have built up this operational infrastructure over the last in a decade plus or in the container space over the last seven years where we really really know how to run these things at scale and have made all the investments to make it easy to do. So that's that's where we have hanger hard keeping people safe, helping them only available applications, their new startup, that just completely takes off in over the weekend. For whatever reason, because, you know, you're the next hot thing on twitter and our goal is to support you whether you are, you know, uh enterprise that's moving from the main train or you are the next hot startup, that's you know, growing virally and uh, you know, we've done a lot to build systems help both sides and yeah, it's >>interesting if you sing about open source where it's come from, I mean I remember that base wouldn't open source wasn't open, I would be peddling software, there's a free copy of Linux, UNIX um in college and now it's all free. But I mean just what's changed now. It used to be just free software, download software. You got it now, it's a service. Service now can be monetized quickly. And what you guys are offering with AWS and cloud scale is you've done all these things as I don't have to have a developer. I get the benefits of the scale, I can bring my open source code to the table, make it a service integrated in with other services and be the next snowflake, be the next, you know, a company that could scale. And that is that's the that's the innovation, right? That's the this is a new phenomenon. So it also changes the business model. >>Yeah, actually you're you're quite right. Actually, I I like one more thing to it. But you look at how a lot of enterprises use containers today. Most of them are using something like this year, Symphony or GS to build an internal developer platform and internal developer portal. And then the question then becomes this hard to scale this modern and development practices to an entire organization. What is your big bank that's been around as thousands and thousands of ID stuff That may not all be experts are running communities running container is when you scale it out different systems that proton come into play. That was actually the inspiration is how do you help an organization where they're building these developer Portholes and developer infrastructure, developer platforms, How do you make it easy for them to build it? Be almost use it as a way to get these modern practices into the hands of all the business units, where they may not have the time to become experts at the modern ways of running infrastructure because they're busy doing other things. And I think you'll see the a lot more happening that space that's not happening in the open source community. There's proton, there's a bunch of interesting things happening here and be interesting to see how that evolves. >>And also, you know, the communal, communal aspect of not just writing code together, but succeeding, right, building something. I mean, that's when you start to see the commercial meets open kind of ethos of communal activity of working together and sharing a big part of this year's. Dakar Con is sharing not just running and shipping code but sharing. >>Yeah, I mean if you think about it uh Dockers original value was you build run and shit right? You use the same code to build it, you use the same code to ship it, the same sort of infrastructure interface and then you run it and that, you know, the fact that the doctor images such a wonderfully shareable entity uh that can run every girl is such a powerful and it's called the Ci Image. Now I still call him Dr images because it's just easier. But that to me like that is a big deal and I think it's becoming and become an even bigger deal over the years. I came from something before, Amazon has to work in The sciences and bioinformatics and you know, the ability to share codeshare dependencies, package all of that up in a container image is a big deal. It's what got me one of the reasons I got fascinated with container 78 years ago. So it will be interesting to see where all of systems. >>It's great, great stuff. Great success. And congratulations. Deepak, Great to always talk to you got a great finger on the pulse. You lead a really important organizations at AWS and you know, doctor has such a huge success with developers, even though the company has gone through kind of a uh change over and a pivot to what they're doing now. They're back to their open source roots, but they have millions and millions of developers use Docker and new developers are coming in dot net developers are coming in. Windows developers are coming in and and so it's no longer about Lennox anymore. It's about just coding. >>Yeah. And it's it's part of this big trend towards infrastructure, automation and and you know development and deployment practices that I think everyone is going to adopt faster than we think they will. But you know, companies like Doctor and opens those projects that they involved are critical in making that a lot easier for them. And then you know, folks like us get to build on top of that orbit them and make it even easier. >>Well, great testimony the doctor that you guys based your E C. S on Docker Doctor has a critical role in developing community. I run composed in their hub with dr desktop and we'll be watching amazon and and the community activity and see what kind of experiences you guys can bring to the table and continue that momentum. Thank you Deepak for coming on the >>cube. Thank you, john. That's always a pleasure. >>Okay. Mr cubes. Dr khan 2021 virtual coverage. I'm john for your host of the cube. Thanks for watching.

(upbeat music) >> Okay, welcome back to theCUBES's coverage of Dockercon 2021. I'm John Furrier, your host of theCUBE. We have Justin Cormack, CTO of Docker. Was also involved in the CNCF technical oversight and variety of other technical activities. Justin, great to see you. Thanks for coming on theCUBE Virtual this year, again, twice in a row and maybe next year will be in person but certainly hybrid, great to see you. >> Yeah, great to see you too. Yeah, in person would be nice one of these days, yes. >> Yeah, when we get real life back. It's almost there, I can feel it, but there's so much activity. One of the things that we've been talking about, certainly in theCUBE and even here at DockerCon, same story. The pandemic really hasn't truly impacted developer community, because most of the people have been working remotely and virtually for many, many decades. And if you think about just in the past 10 years, all the innovation in cloud has come from virtual teams, open-source softwares, always had good kind of governance and a democratization of kind of how it becomes built. So not a bit's been skipped during the pandemic. In fact, if anything supply chain of software development has increased. So- >> Yeah, I think that it's definitely true that open-source was really the place that pioneered remote working. And a lot of the work methods the people worked out to do open-source as in communication and things like that, were things that people have adopted. It's a slightly different community. I'd say open-source projects like meetings less than some other organizations, but there was definitely that pioneering thing. And a lot of the companies that started off remote first, were in open-source software, and they started off for those reasons as well because developers were already working like that, and they could just hire them and they could continue to work like that. >> Yeah, one of the upsides of all this is that people won't tolerate even zoom or in person meetings that just go on, 15, 30 minutes good call. Why do we have a meeting? What's the purpose? (faintly speaking) the way to go. Let's get into the developer community. One of the things I love about DockerCon this year 2021 is the envelopes being pushed again almost to another level, it's almost a new level, this next level of containers is bringing more innovation to the table and productivity and simplicity. Some of the same messages last year but now more than ever, stuff's going on. What are you hearing directly from the community? You talk to a lot of the developers out of the millions of developers in the Docker ecosystem. What are they saying now in 2021? What's going on in their mind? >> Yeah, I think it's an area... More and more people are using Docker, and they're using it every day and it's a change that's been going on, obviously for a while, but it begins to sort of, as it spreads, the kind of developers using Docker, so different from... When I started at Docker, coming up for six years ago, it was a very bleeding edge type thing for early adopters. Now it's everywhere, millions and millions of ordinary developers are using Docker every day. And the kinds of things that's telling us is, well, some of this stuff that we thought, well, five years ago was an amazing breakthrough and simplicity. Now that's on its own still too hard. One of the things I mentioned in my keynote was that, we're talking to developers who just primarily have been working windows all their life but more and more applications being shipped on Linux. And they using Linux containers, but they find Docker files really hard because they have really, Linux shell scrapes and not a windows developer doesn't know how to use a Linux shell script. And it's bringing it down to that next level of use where you can adopt these things more easily, the pitched to the kind of level of developer who is just thinking about their language, their APIs and they don't want to have to learn kind of lots of new things to do Docker. They'll learn some, but they really wanted to kind of integrate better into the environments they work in and help them more. We've been working on a lot of detailed instructions about like how to use Docker better with JavaScript and Python, because people have told us, be specific about these things, tell us exactly how I do make things work well with the way I'm doing things now. >> What is the big upside for containers for the folks watching? And last year, one of the most popular sessions was the one-on-one Peter McKay did, which was fascinating, packed with people. And the adoption of containers is going everywhere and enabling a lot of growth. What's the main message to these new developers that are coming on board to ecosystem. >> I think what's happening is that people are gradually, very slowly starting to think about containers in a different way. When we started, the question everyone kept asking was about containers and VMS, what's the difference? That question didn't really, kind of really address what the big fundamental changes that containers made to how people work was. I'd like to think about it in terms of the physical shipping containers, like people are concerned about like, can you escape from the box? Can I get out of a container? These kinds of questions. This is not really the important question about containers is kind of escape from the box. The question is, what does it enable you to build? The shipping container let us build the supply chains that let people build products and factories and things that would never have been possible without the ability to actually just ship things in a routine and predictable and reliable and secure way, getting that content and the things that come in the container and you actually work more effectively. And, so I think that now we're talking about like what's the effect of containers on the industry as a whole? What are the things that we can learn about repeatability and documentation and metadata and reliability, that we kind of talked about a little bit before, but these are becoming the important use cases for containers. Containers are really about, they're not about that kind of security and escape piece, there're about the content, the supply chain and your actual process of working. >> What do you, first of all, great call out on the security piece. I want to get that in a second. I think that's a killer one. You've mentioned supply chain, can you define software supply chain, and is that where the automation value comes in? Because a lot of people are talking about automation is improving the developer experience. So can you clarify quickly, what do you mean by the software supply chain? And is that where automation comes in? Am I getting that right? >> Yeah, so the software supply chain is really that process by which you get components of software to build your applications. Around 99% of companies are using open-source software to build applications. And the vast majority of the pieces of any modern application art consists mainly of open-source software and some tries source software, and some software that people are writing themselves. But you've got to get these components in, you've got to make sure that they're updated and scanned and they're reliable. And that's the software supply chain is that process for bringing in components that you're using to build your applications. And so, the way automation comes in, is just because there's so much of the software dealing with it manually is just difficult, and it's an ongoing process of build and test and CI and all those scanning and all those processes. And I think as software developers, we fundamentally know that the most valuable things are the things that we automate. They're the things that we do all the time and they're important. And that a lot of building a software is about building repeatable processes, rather than just doing things one by one, because we know that we have to keep updating software, we have to keep fixing bags, we have to keep improving software. And so you've got to be able to keep doing these things, and automation is what helps us do that. >> I was talking to Dana Lawson the VP of Engineering at GitHub, and she and I were chatting about this one topic. I want to get your thoughts on it, because she was definitely of the camp of automation helps with productivity. No doubt, check, double check there. The question I have for you is how do you see the impact on say the developer experience and innovation specifically? Because, okay, I can see the productivity, okay, something happens a bunch of times automated. Then you start thinking about supply chain, then you thought about developer experience and ultimately with Kubernetes around the corner, with the relationship with containers, you can see the cloud-native benefits from an innovation standpoint. Can you share your thoughts on the automation impact to experience for the developer and the innovation strategies they need? >> Well, I think that one of the ways we're trying to think about everything we do at Docker is that we should be helping build processes rather than helping you do something once, because, if you do something three times, you want to automate it, but what if the first time you did it, that could also build that automated process. And if it was, why isn't it as easy to make something automated as it is to do it once? There's no real reason why it shouldn't be. And I think that kind of... I was having a conversation with someone the other day about how they would... They had kind of reversed their thinking and they found that often it was easier to start with automation and harder to do things manually. And that's a kind of real reversal of that kind of role between automation and doing stuff run, so, and it's not how we think about it, but I think it's really interesting to think about that kind of thing, and how could we make automation really, really simple. >> Well, that's a great example when you have that kind of environment, and certainly the psychology is better to have automation but if everyone's saying it's hard to do manual, that means they're at some sort of scale, right? So scale matters, right? So as you start getting the SRE vibes going, and you start getting Cloud Scale in cloud-native apps, that's going to be cool. Now, the question I want to ask you, because while the other thing that's happening is more people are coming into open-source than ever before, not just young developers, but also end users. Not like the hardcore-end users, looking like classic enterprises are coming in. So as more developers come in and increase over the year, what does that mean for the experience for developers? Now you have, does that change it? How do you view that? Because as more developers come in, you have institutional knowledge, you have scale, you have learnings, what's your thoughts on on the impact as the population of developers increase? How does Docker view that? >> Yeah, now, I think it's really interesting trend. It's been very visible in CNCF for the last few years. We've been seeing a lot more active end-user, company's doing open-source. Spotify has been one of the examples with a backstage project they brought into CNCF and other areas where they work. And I think it's part of this growing trend that's really important to Docker, Docker is a bottom up technology adoption company. Developers are using Docker because it works for them and they love it. And developers are doing open-source in their companies because open-source works for them and they love it. And it works for their business as well. And whereas historically like the the model was, you would buy kind of large enterprise products, with big procurement deals that were often not what the developers wanted, but now you're getting developers saying, what we want to do is adopt these open-source projects, because we know how they work, we already understand that we know how to integrate them better into our processes. And I think it's that developer lad demand that's really important, and it's the kind of integration that developers want to do, the kind of products that they want to work with, because they understand them and love them, and they had targeted at developers and that's incredibly important. And I think that's very much where Docker's focused and we really want to... Open-source is of the core of everything we've always done. We've built with the open-source community, and we've kind of come from that kind of environment. And we built things that we love as developers and that other developers love. >> Talk about your thoughts on security. Obviously it's always built in from the beginning, Shift-Left is the ethos, day two operations, AI apps, whatever people want to call that. Post-deployment mode, security has to be at the center of this, containers can be a great solution and give some great flexibility for developers. Can you talk about your view and Docker view on the security posture and situation? >> Yeah, I think Shift-Left is incredibly important because just doing things late, everyone knows is the wrong thing from the point of view of productivity. But I think Shift-Left can just mean, ask the developers to do everything, which is really a bit too much. I think that sometimes things need to be shifted even further left than people have actually thought. So like, why are you expecting developers to scan components to see if they're allowed to use? If they should be using them or they should be updated, why hasn't that happened before the developer even gets there? I think there's a, I sorted my keynote about this whole piece, about trusted content. And it's really important that we really shift that even further left, so it's long before it gets to the developer, those things that are happening. Security, it's a huge area, of course, but it's very much, we need to help developers because security is non-obvious. I think the more you understand about security, the more you understand that it doesn't come naturally to people and they need to be helped with it, and they need to learn a lot about things in a way to, I found myself that, learning how to think like an attacker is a really important way of thinking about how to secure softwares, like what what would they do rather than just thinking about the normal kind of, oh, this works in the (faintly speaking) What happens if things go wrong? That you have to think about as well. So there's a lot of work to do to educate and help and build tools that help developers there. And it's been really good working with Snyk, cause they're a very developer focused security company, that's why we chose to work with them. Whereas historically, security companies have been very oriented towards kind of the operator side of it, not the development side, not the developer experience. And the other piece is really around supply chain security. That's just kind of a new security area. And it's very important from the container point of view, because one of the things containers let you do is really control the components that you're using to build applications and manage them better. And so we can really build tooling that helps you manage, that helps you understand what's in a container, helps you understand where it came from, how it was built and automate those processes and sign and authenticate them as well. And we've been working with CNCF on Nature V2, which is for signing revamp of the container signing process, because people really want to know who originated this container? Where did it come from? What did they say is in it? There's a lot of work about build up materials and composition analysis and all those things that you need to know about. What's in a container, and the... >> Everyone wants to know what's in a container. If you've got a Kubernetes cluster for instance, that's all highly secure and in comes a container, how do you know what the... There's no perimeter, right? So again, as you said, thinking like an attack vector there, you got to understand that, this is where the action is, right? This is where a lot of work's being done on this idea of always on security. You don't know when the container's coming in. during the run stage, you're running a business now, it's not just build and share, your running infrastructure. >> Absolutely, you really want full control about everything that goes into it, and you want to know where everything that you're running in production came from, and you pretty tired of this, and that's your end to end supply chain. It's everything from developer inputs through the build process and grow to production. And in production, understanding whether it needs to be updated and whether there's new discover vulnerabilities and whether it's being attacked and how that relates back to what came into it in the first place. >> Lot more intelligence, lot more monitoring. You guys are enabling all that I know it's cool. Great stuff. Hey, I want to get your thoughts on just what got you here on the calendar, looking at the DockerCon '21 event, and we're having a fun time here with, we're on theCUBE track, get the keynote track. But if you look at the sessions that's going on, you got, and I'll get your comment on this, cause it's really interesting how it's cleverly laid out this is. You've got the classic run share build and then you've got a track called accelerate, interesting metadata around these labels. Take us through, because this basically shows the maturation of containers. We already talked about the relationship, somewhat with Kubernetes, everyone kind of sees that direction clearly, but you got acceleration, which is a key new track, but run, share, build, what's your reaction to that? Share your observations of what the layout of those names and what it means to an enterprise and people building. >> Yeah, (faintly speaking) has been Docker's kind of motto for a long time. It kind of encapsulates that kind of process of like, the developer building application, the collaborative piece that's really important about sharing content in containers and then obviously putting into production because that's the aim. But, accelerate is incredibly important too. Developers are just being asked to do a lot. Everything is software, there's a lot of software, and a lot of software has to be created and we've got to make it easier to do this. And that kind of getting quickly from idea to business outcomes and results is what modern software teams are really driving at. And, I think we've really been focused this last year on what the team needs to succeed, and especially, small focused teams delivering business value. It's how we're structured internally as well and is how our customers, to a large extent are structured. And there's that kind of focus on accelerating those business outcomes and the feedback loops from your ideas to what the feedback that your customers give you at helping you understand that it's really important. >> Talk about final question for you in terms of the topic here, cloud, hybrid cloud, multicloud, this is, put multicloud asides more hype. Everyone has multiple clouds, but it speaks to the general distributed computing architecture when you talk about public cloud and on-premises cloud operations. So modern developers looking at that as, okay, distributed environment, edge, whatever you're going to call it. What's your view of Docker as it goes forward for the folks watching, who have experience with Docker, loved the vibe, loved the open-source, but now I've got to start thinking about putting the containers everywhere. What's the Docker pitch, so to speak, with a tech story that they should walk away with from you? What's the story, what's the pitch? >> Yeah, so containers everywhere has been a sort of emerging trend for a while, the last year or so. The whole Kubernetes at the edge thing has really exploded with people experimenting with lots and lots of different architectures for different kinds of environments at the edge. What's totally clear is that people want to be able to update software really easily at the edge the way you can in the cloud. We can't have the sort of, there's no point in shipping a modern piece of manufacturing equipment that you can't update the software on, because the software is how it works, more and more equipment is becoming very general purpose, people making general purpose robots, general purpose factories, general purpose everything which need to be specialized into the application they're going to run that week. And also people are getting more and more feedback and data and feedback from the data. So if you're building something that runs on a farm, you're getting permanent feedback about how well it's doing and how well the crops are growing was coming back. And so everywhere you've got this, we need to update. And everywhere you need to update, you want containers because containers are the simple reliable way to update software. >> I know you talked about CNCF and your role there. Also the CTO of Docker, I have to ask cause we were just covered Coop con and cloud-native con just last month and this month. And it's clear that Kubernetes is becoming boringly good in a way that's good to be boring, right? It means it's working. And it's becoming more cloud-native con than Coop-con. That has been kind of editorial observation, which speaks to what we feel is a trend towards more cloud-native discussions, less about Kubernetes. So, it's still Kubernetes stuff going on, don't get me wrong, just saying it's not as controversial in the sense that people kind of clearly understand why that's important, and all the discussions now seem to be on cloud-native modern developer workflows. What's your reaction to that? Do you agree, if not, what's your take? >> Yeah, I think that's definitely true. Kubernetes is definitely much more boring. Everyone is using it. They're using it in production now vastly more than they were a few years ago, when it was just experiment, experiment, experiment, now it's production scale out. The ecosystem in CNCF is kind of huge. There's so many little bits that have to be filled in storage and networking and all that. So there's actually a lot of pieces that are around Kubernetes, but, there's definitely more of a focus coming on the developer experience there. Compared to DockerCon, the audience at Coop Con is incarnated kind of still much more operator focused rather than developer focused. And it's very nice coming to DockerCon, just to feel like being amongst that developer community, Coop Con still has a way to gauge to have more of a real developer audience, but the project is starting to pair with a more developer focused kind of aim or things like backstage from Spotify is a really interesting one where it's about operations, but it's a developer portal focused things. So, I think it's happening, and there's a lot more talk about that. There's a whole bunch of infrastructure, there's a lot more security projects in CNCF than they were before. And we're doing a lot of work on supply chain security and CNCF just released a white paper on that few days ago. So there's a lot of work there that touches on developer needs. I still think that audience (faintly speaking) that much different from DockerCon which is I think 80% developers and maybe 10% infrastructure rather than the other way round. >> I think if you're going to get operators it can be SRE/platformleads. The platform leads are definitely inside DockerCon now than they've ever been before from my observation. So, but that speaks to the sign of the times. Most development teams have an SRE in the team, not an SRE team. They're just starting to see much more integration amongst the kind of a threaded or threaded teams or whatnot. So... >> Yeah. (faintly speaking) Operate your apps is the model. And I think that it's going to lead to more and more crossover between these communities. It's what DevOps was supposed to be about, somehow got diverted into building DevOps teams instead of working together, but we'll get there. >> It's clear from my standpoint, at least from reporting here is that, from the DockerCon and community at large, cloud-native community, having end-to-end work-load visibility on developer test run, everything seems to be the consensus, without a doubt. And then having multiple teams, and then having some platform, have some flexing people moving between teams for the most part, but built insecurity, built in SRE, built in DevOps, DevSecOps, all the way from end-to-end. >> Absolutely, we know that that's what does work best, it's where most organizations are heading at different speeds, because it's very different from the traditional architecture. It takes time to get there, but that's the model that has come out of microservices that really containers enabled and allow that model to happen. And it's the team architecture of containers. >> Hey, monolithic applications have monolithic organizations, microservices have microservices teams. Justin, great to have you on theCUBE for this conversation. If folks watching this interview, check out Justin's keynote, came from the main stage, great stuff. Justin, thanks for coming on theCUBE, we really appreciate your time and insight. >> Thank you, good to see you again. >> Okay, this is theCUBES's coverage of DockerCon 2021 Virtual. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>from around the globe. It's the cube with coverage of Kublai >>Khan and Cloud Native Con, Europe 2021 >>virtual brought to you by red hat. The cloud Native >>computing foundation >>and ecosystem partners. >>Welcome back to the cubes coverage everyone of Coop Con 2021 Cloud Native Con 21 virtual europe. I'm john for your host of the cube. We've got two great guests here, James Labaki, senior Director of Product management, Red Hat and Richer Puree. IBM fellow and chief scientist at IBM Gentlemen, thanks for coming on the cube, appreciate it. >>Thank you for having us. >>So, um, got an IBM fellow and Chief scientist, Senior Director Product management. You guys have the keys to the kingdom on cloud Native. All right, it's gonna be fun. So let's just jump into it. So I want to ask you before we get into some of the questions around the projects, what you guys take of cube con this year, in terms of the vibe, I know it's virtual in europe north America, we looked like we might be in person but this year with the pandemic cloud native just seems to have a spring to its step, it's got more traction. I've seen the cloud native piece even more than kubernetes in a way. So scott cooper diseases continues to have traction, but it's always about kubernetes now. It's more cloud native. I what do you guys think about that? >>Yeah, I'm sure you have thoughts and I could add on >>Yes, I I think well I would really think of it as almost sequential in some ways. Community is too cold now there's a layer which comes above it which is where all our, you know, clients and enterprises realize the value, which is when the applications really move. It's about the applications and what they can deliver to their end customers. And the game now is really about moving those applications and making them cloud native. That's when the value of that software infrastructure will get realized and that's why you are seeing that vibe in the, in the clients and enterprises and at two corners. Well, >>yeah, I mean, I think it's exciting. I've been covering this community since the beginning as you guys know the cube. This is the enablement moment where the fruit is coming off the tree is starting to see that first wave of you mentioned that enablement, it's happening and you can see it in the project. So I want to get into the news here, the conveyor community. What is this about? Can you take a minute to explain what is the conveyor community? >>Yeah, yeah. I think uh, you know, uh, what, what we discovered is we were starting to work with a lot of end users and practitioners. Is that what we're finding is that they kind of get tired of hearing about digital transformation and from multiple vendors and and from sales folks and these sorts of things. And when you speak to the practitioners, they just want to know what are the practical implications of moving towards a more collaborative architecture. And so, um, you know, when you start talking to them at levels beyond, uh, just generic kind of, you know, I would say marketing speak and even the business cases, the developers and sys admins need to know what it is they need to do to their application architecture is the ways they're working for to successfully modernize their applications. And so the idea behind the conveyor community was really kind of two fold. One was to help with knowledge sharing. So we started running meetups where people can come and share their knowledge of what they've done around specific topics like strangling monoliths or carving offside containers or things that sidecar containers are things that they've done successfully uh to help uh kind of move things forward. So it's really about knowledge sharing. And then the second piece we discovered was that there's really no place where you can find open source tools to help you re host re platform and re factor your applications to kubernetes. And so that's really where we're trying to fill that void is provide open source options in that space and kind of inviting everybody else to collaborate with us on that. >>Can you give an example of something uh some use cases of people doing this, why the need the drivers? It makes sense. Right. As a growing, you've got, you have to move applications. People want to have um applications moved to communities. I get that. But what are some of the use cases that were forcing this? >>Yeah, absolutely, for sure. I don't know if you have any you want to touch on um specifically I could add on as well. >>Yeah, I think some of the key use cases, I would really say it will be. So let let me just, I think James just talked about re host, re hosting, re platform ng and re factoring, I'm gonna put some numbers on it and then they talk about the use case a little bit as well. I would really say 30 virtual machines movement. That's it. That's the first one to happen. Easy, easier one, relatively speaking. But that's the first one to happen. The re platform in one where you are now really sort of changing the stack as well but not changing the application in any major way yet. And the hardest one happened around re factoring, which is, you are, you know, this is when we start talking about cloud native, you take a monolithic application which you know legacy applications which have been running for a long time and try to re factor them so that you can build microservices out of them. The very first, I would say set of clients that we are seeing at the leading edge around this will be around banking and insurance. Legacy applications, banking is obviously finances a large industry and that's the first movement you start seeing which is where the complexity of the application in terms of some of the legacy code that you are seeing more onto the, into the cloud. That for a cloud native implementation as well as their as well as a diversity of scenarios from a re hosting and re platform ng point of view. And we'll talk about some of the tools that we are putting in the community uh to help the users and uh and the developer community in many of these enterprises uh move into a cloud native implementation lot of their applications. And also from the point of view of helping them in terms of practice, is what I describe as best practices. It is not just about tools, it's about the community coming together. How do I do this? How do I do that? Actually, there are best practices that we as a community have gathered. It's about that sharing as well, James. >>Yeah, I think you hit the nail on the head. Right. So you re hosting like for example, you might have uh an application that was delivered, you buy an SV that is not available containerized yet. You need to bring that over as a VM. So you can bring that into Q Bert, you know, and actually bring that and just re hosted. You can, you might have some things that you've already containerized but they're sitting on a container orchestration layer that is no longer growing, right? So the innovation has kind of left that platform and kind of kubernetes has become kind of that standard one, the container orchestration layer, if you want become the de facto standard. And so you want to re platform that that takes massaging and transforming metadata to do that to create the right objects and so on and so forth. So there's a bunch of different use cases around that that kind of fall into that re host tree platform all the way up to re factoring >>So just explain for the audience and I know I love I love the three things re hosting re platform in and re factoring what's the difference between re platform NG and re factoring specifically, what's the nuance there? >>Yeah, yeah, so so a lot of times I think people have a lot of people, you know, I think obviously amazon kind of popularized the six hours framework years ago, you know, with, with, with, with that. And so if you look at what they kind of what they popularize it was replied corn is really kind of like a lift tinker and shift. So maybe it's, I, I'm not just taking my VM and putting it on new infrastructure, I'm gonna take my VM, maybe put on new infrastructure, but I'm gonna switch my observer until like a lighter weight observer or something like that at the same time. So that would fall into like a re platform or in the case, you know, one of the things we're seeing pretty heavily right now is the move from cloud foundry to kubernetes for example, where people are looking to take their application and actually transform it and run it on kubernetes, which requires you to really kind of re platform as well. And re factoring >>is what specific I get the >>report re factoring is, I think just following on to what James said re factoring is really about um the complexity of the application, which was mainly a monolithic large application, many of these legacy applications which have so many times, actually hundreds of millions of dollars of assets for these uh these enterprises, it's about taking the code and re factoring it in terms of dividing it into uh huh different pieces of court which can themselves be spun as microservices. So then it becomes true, it takes starting advantage of agility or development in a cloud native environment as well. It's not just about either lift and shift of the VM or or lift tinker and shift from a, from a staff point of view. It's really about not taking applications and dividing them so that we can spin microservices and it has the identity of the development of a cloud. >>I totally got a great clarification, really want to get that out there because re platform ng is really a good thing to go to the cloud. Hey, I got reticent open source, I'll use that, I can do this over here and then if we use that vendor over there, use open source over there. Really good way to look at it. I like the factory, it's like a complete re architecture or re factoring if you will. So thank you for the clarification. Great, great topic. Uh, this is what practitioners think about. So I gotta ask the next question, what projects are involved in in the community that you guys are working? It seems like a really valuable service uh and group. Um can you give an overview and what's going on in the community specifically? >>Yeah, so there's really right now, there's kind of five projects that are in the community and they're all in different, I would say different stages of maturity as well. So, um there's uh when you look at re hosting, there's two kind of primary projects focused on that. One is called forklift, which is about migrating your virtual machines into cuba. So covert is a way that you can run virtual machines orchestrated by kubernetes. We're seeing kind of a growth in demand there where people want to have a common orchestration for both their VMS and containers running on bare metal. And so forklift helps you actually mass migrate VMS into that environment. Um The second one on the re hosting side is called Crane. So Crane is really a tool that helps you migrate applications between kubernetes clusters. So you imagine you have all your you know, you might have persistent data and one kubernetes cluster and you want to migrate a name space from one cluster to another. Um That's where Crane comes in and actually helps you migrate between those um on the re platforms that we have moved to cube, which actually came from the IBM research team. So they actually open source that uh you sure you want to speak about uh moved to >>cube. Yeah, so so moved to cuba is really as we discuss the re platform scenario already, it is about, you know, if you are in a docker environment or hungry environment uh and you know, kubernetes has become a de facto standard now you are containerized already, but you really are actually moving into the communities based environment as the name implies, It's about moved to cuba back to me and this is one of the things we were looking at and as we were looking, talking to a lot of, a lot of users, it became evident to us that they are adapting now the de facto standard. Uh and it's a tool that helps you enable your applications in that new environment and and move to the new stuff. >>Yeah. And then the the the only other to our tackle which is uh probably like the one of the newest projects which is focused on kind of assessment and analysis of applications for container reservation. So actually looking at and understanding what the suitability is of an application for being containerized and start to be like being re factored into containers. Um and that's that's uh, you know, we have kind of engineers across both uh Red hat IBM research as well as uh some folks externally that are starting to become interested in that project as well. Um and the last, the last project is called Polaris, which is a tool to help you measure your software delivery performance. So this might seem a little odd to have in the community. But when you think about re hosting re platform and re factoring, the idea is that you want to measure your software delivery performance on top of kubernetes and that's what this does. It kind of measures the door metrics. If you're familiar with devops realization metrics. Um so things like, you know, uh you know, your change failure rate and other things on top of their to see are you actually improving as you're making these changes? >>Great. Let me ask the question for the folks watching or anyone interested, how do they get involved? Who can contribute, explain how people get involved? Is our site, is there up location slack channel? What's out there? >>Yeah, yeah, all of the above. So we have a, we have, we have a slack channel, we're on slack dot kubernetes dot io on town conveyor, but if you go to www dot conveyor dot io conveyor with a K. Uh, not like the cube with a C. Uh, but like cube with a K. Uh, they can go to a conveyor to Ohio and um, there they can find everything they need. So, um, we have a, you know, a governance model that's getting put in place, contributor ladder, all the things you'd expect. We're kind of talking into the C N C F around the gap delivery groups to kind of understand if we can um, how we can align ourselves so that in the future of these projects take off, they can become kind of sandbox projects. Um and uh yeah, we would welcome any and all kind of contribution and collaboration >>for sure. I don't know if you have >>anything to add on that, I >>think you covered it at the point has already um, just to put a plug in for uh we have already been having meetups, so on the best practices you will find the community, um, not just on convert or die. Oh, but as you start joining the community and those of meet ups and the help you can get whether on the slack channel, very helpful on the day to day problems that you are encountering as you are taking your applications to a cloud native environment. >>So, and I can see this being a big interest enterprises as they have a mix and match environment and with container as you can bring and integrate old legacy. And that's the beautiful thing about hybrid cloud that I find fascinating right now is that with all the goodness of stade Coubertin and cloud native, if you've got a legacy environments, great fit now. So you don't have to kill the old to bring in the news. So this is gonna be everything a real popular project for, you know, the class, what I call the classic enterprise, So what you guys both have your companies participated in. So with that is that the goal is that the gulf of this community is to reach out to the classic enterprise or open source because certainly and users are coming in like, like, like you read about, I mean they're coming in fast into the community. >>What's the goal for the community really is to provide assistant and help and guidance to the users from a community point of view. It's not just from us whether it is red hat or are ideal research, but it's really enterprises start participating and we're already seeing that interest from the enterprises because there was a big gap in this area, a lot of vendor. Exactly when you start on this journey, there will be 100 people who will be telling you all you have to do is this Yeah, that's easy. All you have to do. I know there is a red flag goes up, >>it's easy just go cloud native all the way everything is a service. It's just so easy. Just you know, just now I was going to brian gracefully, you get right on that. I want to just quickly town tangent here, brian grazer whose product strategist at red hat, you're gonna like this because he's like, look at the cloud native pieces expanding because um, the enterprises now are, are in there and they're doing good work before you saw projects like envoy come from the hyper scales like lift and you know, the big companies who are building their own stuff, so you start to see that transition, it's no longer the debate on open source and kubernetes and cloud native. It's the discussion is integration legacy. So this is the big discussion this week. Do you guys agree with that? And what would, what would be your reaction? >>Yeah, no, I, I agree with you. Right. I mean, I think, you know, I think that the stat you always here is that the 1st 20 of kind of cloud happened and now there's all the rest of it. Right? And, and modernization is going to be the big piece right? You have to be able to modernize those applications and those workloads and you know, they're, I think they're gonna fall in three key buckets, right? Re host free platform re factor and dependent on your business justification and you know, your needs, you're going to choose one of those paths and we just want to be able to provide open tools and a community based approach to those folks too to help that certainly will have and just, you know, just like it always does, you know, upstream first and then we'll have enterprise versions of these migration tool kits based on these projects, but you know, we really do want to kind of build them, you know, and make sure we have the best solution to the problem, which we believe community is the way to do that. >>And I think just to add to what James said, typically we are talking about enterprises, these enterprises will have thousands of applications, so we're not talking about 10 40 number. We're talking thousands or 20% is not a small number is still 233 400. But man, the work is remaining and that's why they are getting excited about cloud negative now, okay, now we have seen the benefit but this little bit here, but now, let's get, you know serious about about that transformation and this is about helping them in a cloud native uh in an open source way, which is what red hat. XL Sad. Let's bring the community together. >>I'm actually doing a story on that. You brought that up with thousands of applications because I think it's, it's under underestimate, I think it's going to be 1000s and thousands more because businesses now, software driven everywhere and observe ability has pointed this out. And I was talking to the founder of uh Ravana project and it's like, how many thousands of dashboards you're gonna need? Roads are So so this is again, this is the problems and the opportunities are coming together, the abstraction will get you to move up the stack in terms of automation. So it's kind of fascinating when you start thinking about the impact as this goes the next level. And so I have to ask your roaches since you're an IBM fellow and chief scientist, which by the way, is a huge distinction. Congratulations. Being an IBM fellow is is a big deal. Uh IBM takes that very seriously. Only a few of them. You've seen many waves and cycles of innovation. How would you categorize this one now? Because maybe I'm getting old and and loving this right now. But this seems like everything kind of coming together in one flash 10.1 major inflection point. All the other waves combined seemed to be like in this one movement very fast. What's your what's your take on this wave that we're in? >>Yes, I would really say there is a lot of technology has been developed but that technology needs to have its value unleashed and that's exactly where the intersection of those applications and that technology occurs. Um I'm gonna put in yet another. You talked about everything becoming software. This was Anderson I think uh Jack Lee said the software is eating the world another you know, another wave that has started as a i eating software as well. And I do believe these two will go inside uh to uh like let me just give you a brief example re factoring how you take your application and smart ways of using ai to be able to recommend the right microservices for you is another one that we've been working towards and some of those capabilities will actually come in this community as well. So when we talk about innovations in this area, We are we are bringing together the best of IBM research as well. As we are hoping the community actually uh joints as well and enterprises are already starting to join to bring together the latest of the innovations bringing their applications and the best practices together to unleash that value of the technology in moving the rest of that 80%. And to be able to seamlessly bridge from my legacy environment to the cloud native environment. >>Yeah. And hybrid cloud is gonna be multi cloud really is the backbone and operating system of business and life society. So as these apps start to come on a P i is an integration, all of these things are coming together. So um yeah, this conveyor project and conveyor community looks like a really strong approach. Congratulations. Good >>job bob. >>Yeah, great stuff. Kubernetes, enabling companies is enabling all kinds of value here in the cube. We're bringing it to you with two experts. Uh, James Richard, thanks for coming on the Cuban sharing. Thank you. >>Thank you. >>Okay, cube con and cloud native coverage. I'm john furry with the cube. Thanks for watching. Yeah.

>>from around the >>globe, it's the >>cube with coverage of Kublai >>khan and cloud Native con, europe 2021 virtual brought to you by red hat. The cloud >>native computing >>foundation and ecosystem partners. Welcome back to the cubes coverage of Yukon 21 cloud native con part of the C n C f s event. This is the cubes continuing coverage. You got a great guest cube alumni entrepreneurs to borrow founder and ceo of up bound. Great to see you remotely too bad. We're not in person. But soon the pandemic Is right around the corner will be post pandemic with searing events are coming back. Great to see you. Thanks for coming on for coop con 21 >>Good, good to be back on the cube, john >>great to see you. You know, I've always loved your career, what you've been doing with that many conversations on the Cuban. Also in person, you're the creative rook and cross plane um, C N C F projects there. Um great venture, really part of this cloud native revolution that's happening, you were early on and the history of your career, but now you're seeing it go mainstream. Let's get into that on this session, because I really want to dig into this across cloud and now get ops is hugely popular. This is kind of what you call day to operate your ongoing, this is the future. This is a new environment. Before we get going, talk about the update on your in what's new with cross plane. >>Uh, So cross plane is growing as you know, it's a multi cloud control plane that essentially lets you uh you can connect it up to all the different infrastructure vendors and lets you manage infrastructure in a consistent way consistent with what, you know, what we do with the tops and and on the kubernetes ap I um and so the community has been growing tremendously. We've just applied for it together, the incubation status at the CNC F and really happy with all the progress around it. It's, it's such an amazing journey we've been on with cross plane, >>you know, it's funny you watch all the, the evolution of the cloud in the early days, it was, what is cloud, the big debate, people define what cloud is that? It was Oh yeah, clouds great. You can, you know, start up cloud developers, Greenfield, then it became enterprise cloud around 2015. Now, you know, today the cloud is not so much, you know, moving to the cloud as it was in 2015, it's like scaling and cloud, that is true enterprise grade. Um real serious operational security impacts multiple resources and this is where cross cloud comes in or, or, you know, I see hybrid clouds operating model, everyone has agreed on that. That's the architecture, but that also brings in assumes multiple clouds, right? This is where the new kind of control plane or you guys called cross cloud management kicks in. This is an enterprise priority. From what I can see. Do you agree with that? Can you share your commentary on how much our enterprises of prioritizing cross cloud management? Because that seems to be the Hot one. What's your take on us? >>Yeah, the way, the way we see it is that and we see this with customers and we see those folks in the community. Almost every enterprise we talked to is modernizing their I. T. You know, that, as you said, they're not going to cloud, they're already in cloud, but they're doing so many more things to kind of accelerate the pace of innovation and reduce the time for them to ship applications, which is now a fundamental part or fundamental measure uh of their success. Right. And so what we're seeing is that they're organizing into platform teams internally, and these teams are the ones that own the cloud accounts, they're the ones that are responsible for deploying infrastructure cross, whether it's cross cloud or hybrid cloud. Um and these teams are essentially organizing to build what looks like an internal platform and a key ingredient of this. Internal platform is a control plane and this is what enables getups. You see kubernetes as a control plane, that's in there, um it's it's the piece that's allowing them to actually connect to different clouds. It's the piece that's allowing them to manage their infrastructure, whether it's on premise or in cloud, it's the thing that's allowing them to do day to operations, all of that's happening in an interesting way. It's, it's happening within the enterprise. It is their own platform and it layers on top of the back and infrastructure that they're using, whether it's cloud providers or hybrid, you know, infrastructure, it's happening in a way that's enterprise from the enterprise and going out to the vendors, which is a little different model than we've seen in the past. And that's where multi cloud tends to come in and multi vendor or heterogeneity in general. Uh we see that very, very commonly in in the enterprise, >>you know, I think you're exactly right. That's classic market evolution in computer industry, you know, multi multi vendors, ultimately when things start to settle in on the massive growth. Hybrid cloud, however, is really kind of where the action is today. And you can see people struggling and innovating around the area of continuous operations and as you can use development develops concept. But the problem is that as they realize, well stuffs in production, it's in the public cloud, its on premises, you know, this, the operational piece starts to rear its head and we gotta fix that. And then they connect the dots a saying, if multi cloud is coming, which people generally agree upon, then they go, if we don't clean this up, we're gonna be screwed. That's generally the consensus that I can that I hear from people so explain, explain with the rise of multi cloud what cross plane is, I mean, what is cross playing about? Give us an overview around this. >>So, I mean there's a lot of ways to describe this, but we see it as like the rise of platform engineering, there's a lot happening around people building their own platforms that layer on top of cloud, which happens to also be multi vendor and multi cloud. So when you're building a platform in an enterprise that can talk to amazon that can talk to Microsoft Azure that can talk to your on premise infrastructure, whether it's VM ware or open shift, you need a, you need a layer that is able to orchestrate and deploy and manage and deal with day to operations, Right. That that is an important piece. It's the piece that is, you know, the way you can enforce your policies, you can set out your controls, whether your compliance, do your compliance and governance and essentially sell sell served uh this to your developers so that they can actually get productive and deploy applications on on this platform. And we see cross plane and what what Kubernetes has started with a control plane as a critical approach in this, in this new platform. In fact, the approach that's kind of pioneered by kubernetes with the kubernetes Api and control plane is now becoming the dominant way of managing infrastructure and deploying applications on it. This is you hear this in different ways, like this is why get off has become popular. Get Office is a really great thing. It's a way to essentially let you manage infrastructure through, you know, configuration that's stored in GIT repositories. But the thing that it connects to is a control plane that's going to make it happen, right? And we see that with kubernetes uh predominantly with kubernetes. Right. And so what cross plane does is lets you extend the getups approach and the management approach that's pioneered by the kubernetes community to the entire surface area of cloud. So not only can you deploy your containers using get apps, you can actually manage through the tops VMS server lists, databases and cloud Hybrid environments. Multi cloud environments. You know, even, you know, your load balances that are on premise could be managed through tops anything that speaks in a p I could be managed to get off if you go through a project like cross plane. Now, that part is that part is where we're seeing the most success right now. We're seeing a lot of people that are adopting these approaches to managing infrastructure while they're building their platforms and they're pulling in cross plains, we're seeing massive end user adoption of cross plane right >>now. I want to get into this. I want to get this impact of the control playing but before we get there I want a real quick while I got you an expert. I know this coupon. You don't need to explain what get upset. Everyone knows what that is. But for the folks that aren't aren't aren't in the community, I want to grab the sound bite if you don't mind. Could you define what is getups? >>Uh huh. So so get up is somewhat of a marketing term. Uh but the way I interpreted is essentially storing your configuration in a git repository. Are you using, you know, uh versioning techniques that are pioneered to manage code, right? Whether using Pr flows, storing things and get doing the collaboration of what changes happen in get and then having that be essentially mirrored to uh control plane that is able to implement the declarative configuration that you've specified. So a good example of this is if you wanted to deploy, say, you know, start up a cluster of kubernetes cluster in the cloud vendor and then run applications on it and then configure it to connect to databases. You can describe your intent and store it and get collaborate with your team members on it, make sure it's all correct. And then through getups pipeline, you're able to take those, you know, essentially, configuration and then apply it via control plane onto your vendor of choice. Right? That's that's the style. It's great because, you know, get is a great place to store configuration. It's a great place to collaborate. There are amazing tools around pr flows, pull request flows. They're amazing tools for audit ability and versioning and you get to leverage all of those when you are deploying infrastructure that runs your entire >>enterprise. Yeah. And I would also add to that. I I explain it simply for people that aren't in the weeds on the tech is think of it like a QA for srs it's like you need to manage the infrastructure because we're talking about devops infrastructure as code, we're programming infrastructure. So you've got to have some sort of process. And I think this brings up my next point about this control plane, because you mentioned um Cross plans has these nice has this nice uh program to it. Most people write their own code, they'll like they'll they'll like do homegrown work to create in their platform, mainly because there's gaps in there. Can you comment on how you guys are different than someone saying? I'm just gonna write my own code and do my own thing, my own platform team. I don't need cosplaying what I need you for. I'm gonna do it myself. >>So what we see predominantly is folks that are doing get ops or infrastructure as code and setting up pipelines for their compute workloads and specifically for containers. Right. And then, like you said, they're actually writing homegrown scripts or doing Tara forum or doing other things that are on the side to deploy. The other parts, uh including, you know, state full workloads or things that are running across a I M L on premise, hybrid, all of that stuff is done organically on the side of this beautiful path. Forget ops right. What we're doing with cross plane is essentially letting you bring all of the things that you're managing organically into the same pipelines with get offs. So you're able to actually normalize on a single approach for management for orchestration of infrastructure and applications. So you're you're able to, you know, get rid of your custom scripts and use a P I. S to define what your developers should do. You're able to, you know, use the mechanisms that are in the tools that are available to you forget ups and for the in the company's ecosystem to manage the entire surface area of, you know, infrastructure that you're managing within the enterprise in a consistent way. Right? That's where cross money comes in cross plane enables you to extend the control plane of kubernetes to manage everything that's offered by amazon and Microsoft and google and VM ware and open shift and red hat, Everything else can become falls into the same orchestrator, the same control plane that's managing it all and you can access it and give it to your developers in a safe way using, you know, get ups like approaches. >>You know, I've heard horror stories where people pushed new codes, trivial stuff and then all of a sudden breaks because um, code or script was written for a different purpose, but the impact was created into a small little dependency, but it's essentially the human error aspect of software. It's like, well we didn't really kind of see that coming, but at that point that script worked. Now this new thing, something trivial and easy breaks because and then it crashes. This is the kind of day to operations >>that very amounting >>about. Is that right? >>That's that's very much that's very much the case. And we see a lot of people kind of normalizing on templates and scripts, you know, where it's like, okay, you want to deploy database, here's a we'll open a ticket. Uh, and then some human runs, uh, you know, a template, a Terror form template, etcetera, that deploys a script and then shuttle credentials back to the developers over email or over slack and then they plug them into their manifest to deploy on through getups, pipelines. That there's a lot of interesting things that are happening and what we we want to do is to prevent the human error. To put the guard rails in place is essentially arrive at a consistent approach for all of it. Your legacy workloads, your multi cloud workloads, your hybrid workloads, your the little system that's sitting on the side. You can, you can do, you can essentially normalize on using a single approach to manage all of it. One that is safe, that you can give to developers directly there. It has all the guardrails in place, has policy and controls factored in and is exposed through an api that's the part that I think is uh, you know, leads to the largest, most scalable platforms in the world. >>You know, I think that's just natural evolution to us as your customers and enterprises get visibility on the operational standards like, Okay, let's lock that input. The guard rails down. Makes a lot of sense. I gotta ask you on the enterprise adoption pieces, something that we've been covering on silicon angle on the cube this year is looking at the mainstream adoption of kubernetes and whatnot and the rest of the cloud native. It's certainly with Covid, it's accelerated everything. How is the enterprise adoption of cross plane changing? Uh is a game that kind of momentum you expected when you started the project a few years ago? >>Um We're very pleasantly surprised by the adoption, especially in the last six months since we declared cross plane one point. Oh, it has reached a maturity level now that it's actually in Fortune 100 massive production deployments in Fortune 100 companies. Um This is why we're actually, you know, taking to the next level of C N C F, we're also proud of the ecosystem convergence on it, so we're seeing the cloud providers, working with all of them on ensuring that Crossman can address their infrastructure and we're seeing main, the community rally around us. Uh We think the ecosystem part is super interesting for cross money, as you can imagine having an orchestrator control plane that's able to, you know, address the entire surface area of infrastructure offered by all these different vendors requires the vendors to be involved. Right? Uh and so both, uh, it's a two sided network. Both the ecosystem, you know, adoption and the end user adoption are important for cross plane and we're seeing like massive traction on both right >>now. That's awesome. Traditionally, the the adoption arises that users want more things actually enterprise. They they want everything every nook and cranny, they want every feature, they want every integration. I mean they prioritize but, but as you get more, it's not just like a consumer product, although it is cloud native and you've got that, but there's, there's certain things that are table stakes and then there's innovation, but they really want the well known integrations, um, and support and so forth. How is cross playing in the community responding to the challenges as you guys get more popular and as the standards become clear around multi cloud? >>Yeah, I mean, this is the beauty of open source. I mean, we're seeing a lot of different folks contributing to open source. The majority of contributors right now to cross plane are outside of a pound. The company that started cross plane and essentially donated C N C. F. We're seeing folks that are coming in and adding the resources that they are needing, um, or adding features, really significant features to the code base and improving, which is, you know, again, it's the network effect around open source and it's just unbelievable to see and, and I'm able to see it happen and happen so quickly around the project. >>That's awesome. Well something great to have you on, your always great to talk to your super smart, we've had many great conversations in person on camera on the cube. Now, remote CNC F is again um doing such a great job with the um, the open source and now with Coop Con and cloud, Native Con, the open hybrid cloud and now cross cloud, multi cloud, whatever you wanna call it, it's happening. So I gotta ask you with respect to kubernetes because you know, we were all having beers and open stack that time we write, cooper is going to be hot, I think how many years ago that was, um I think you are kind of hanging around with me and robert and others. Um, Kubernetes was just an idea it was developing. Now it's obviously mainstream. The question that I get a lot now is how do I manage and deploy kubernetes in an open hybrid cloud to take advantage of the current state of the art, Open software and commercial opportunities and be positioned to take advantage of multi cloud. In other words, they want the future of multi cloud, but they've got to address the open hybrid cloud. So how do I do that? What's your what's your advice? >>You know, honestly, uh reflecting on the success of kubernetes, I I have a you know, maybe a controversial answer to your question. >>I think >>Kubernetes will be remembered for its control plane and its ability to manage infrastructure and applications in a general way, and not for the fact that it's a container orchestrator In 10 years, we'll probably look at kubernetes and say it's true superpower is the fact that it revolutionized how we manage infrastructure and applications using this declarative approach, using this control plane approach uh to management. And the fact that it's managing the fact that it started out with just containers is well, we'll probably be a historical thing. Uh so so so in some ways, you know, to kind of to kind of go back to your question, I'd say yes. I think kubernetes is reached mainstream in the in the container space, but we now have two uncontained, arise it and use it for management, managing infrastructure everywhere in a multi cloud and a you know, in a hybrid environment as well. >>Well, I mean that's a great point. First, I don't think that's radical. I'm on the record years ago saying that I saw it as the TCP I P moment for cloud where you have interoperability and what you're getting and I think that's so interesting right now and I think everyone is kind of, it's the hidden secrets kind of like the land grab, everyone's trying to go for us. Customers just want a provision and manage cloud infrastructure and program it with applications. I mean just think about that general basic concept. Right? I want to provision, I don't want to have to have meetings, no waterfall know that. I want to be agile. Yeah, I want operation, I want security, I want all that big 10. That's kind of where the puck is going >>very much. Self, self service is a really critical part and the part that um is part of the kubernetes uh kind of design is you developers just want a database or they wanna cash to run their application alongside their application. They don't really need to understand all the security details and networking and be pcs and everything else. And so if you give them an A. P. I just like kubernetes does that tells them. Okay, look, if you want a pot or if you want a database or if you want to cash, here's the A. P. I use, use whatever framework you want, use any language you want. And then we've got all the guardrails built in behind the A. P. I line, just, you know, through getups or not deploy this thing, provision it and then the control plane takes care of the rest. That's the, that's the path we're on as an industry, >>whatever you wanna call it, getups, cross cloud, it's unlimited cloud resource at scale. That's what customers want to do. The markets evolving superfast tons of opportunity for entrepreneurs, tons of evidence for enterprises who are themselves innovating. Again, another big theme here. I'll give you the final word around this user generated open source paradigm, what they've always been involvement now, more than ever, you start to see that, I don't know, maybe second generation, maybe third generation end user inside companies contributing to projects and driving this. This is an interesting dynamic. No one's really reporting this, your thoughts on this end user driven projects. >>We're seeing, we're seeing a lot of end users get involved in projects like cross plane. I mean, it's amazing. It's like companies that are, you know, directionally, they're all, you know, when they're modernizing, they're all heading down about that's open source or even towards cloud native projects. Right. And so it's what we see is they typically get involved initially by just asking questions and, you know, reporting issues and asking for features. And then within within a few months you see actual like meaningful contributions come in two projects. Right. And so I mean there's nothing speaks uh, nothing, nothing says their work. You know, they're committed more than just submitting a pull request where they've spent hours weeks making changes to a project. Right. And and that's happening across the entire, you know, ecosystem around cloud Native. It's, it's what makes it so powerful, >>awesome. But some great to have this conversation. Great insights. Thanks for sharing the update on cross plane and your vision around this, you know, provisioning new infrastructure, having this control, universal control plan. I think this is where everyone is talking about having that value and the scale sets up automation. You know, it just brings everything to the next, next gen, next level of capability. So I appreciate taking the time. Thanks for coming in. >>Thanks john Yeah, good. Good to be back on the, on the cube. >>Great to see you. Okay. This is the Cube coverage of coop con 21 virtual cloud native Khanum jaan for your host with the cube. Thanks for watching. Mhm.

>>from around the globe. >>It's the cube with coverage of Kublai khan and cloud Native >>Con, Europe 2021 Virtual >>brought to you by >>red hat, cloud >>Native Computing foundation >>and ecosystem partners. >>Welcome back to the cubes coverage of coupon 21 cloud native con 21 part of the C N C s annual event this year. It's Virtual. Again, I'm john Kerry host of the cube and we have two great guests from the C N C. F. Cheryl Hung VP of ecosystems and Katie Manji who's the ecosystem advocate for C N C F. Thanks for coming on. Great to see you. I wish we were in person soon, maybe in the fall. Cheryl Katie, thanks for coming on. >>Um, definitely hoping to be back in person again soon, but john great to see you and great to be back on the >>cube. You know, I have to say one of the things that really surprised me is the resilience of the community around what's been happening with the virtual in the covid. Actually, a lot of people have been, um, you know, disrupted by this, but you know, the consensus is that developers have used to been working remotely and virtually in a home and so not too much disruption, but a hell of a lot of productivity. You're seeing a lot more cloud native, um, projects, you're seeing a lot more mainstreaming and the enterprise, you're starting to see cloud growth, just a really kind of nice growth. And we've been saying for years, rising tide floats, all boats, Cheryl, but this year you're starting to see real mainstream adoption with cloud native and this has really been part of the work of the community you guys have done. So what's your take on this? Because we're going to be coming out of this Covid pretty soon. There's a post covid light at the end of the tunnel. What's your view? >>Yeah, definitely, fingers crossed on that. I mean, I would love Katie to give her view on this. In fact, because she came from Conde Nast and American Express, both huge companies that were adopting have adopted cloud Native successfully. And then in the middle of the pandemic, in the middle of Covid, she joined CN CF. So Katie really has a view from the trenches and Katie would love to hear your thoughts. >>Yeah, absolutely. Uh, definitely cloud native adoption when it comes to the tooling has been more permanent in the enterprises. And that has been confirmed of my role at American Express. That is the role I moved from towards C N C F. But the more surprising thing is that we see big companies, we see banks and financial organization that are looking to adopt open source. But more importantly, they're looking for ways to either contribute or actually to direct it more into these areas. So from that perspective, I've been pretty much at the nucleus of enterprise of the adoption of cloud Native is definitely moving, it's slow paced, but it's definitely forward moving as well. Um and now I think while I'm in the role with C N C F as an ecosystem advocate and leading the end user community, there has been definitely uh the community is growing um always intrigued to find out more about the cloud Native usage is one of the things that I find quite intriguing is the fact that not one cloud native usage, like usage of covering just one platform, which is going to be called, the face is going to be the same. So it's always intriguing to find new use cases, find those extremist cases as well, that it really pushes the community forward. >>I want to do is unpack. The end user aspect of this has been a hallmark of the CNC F for years, always been a staple of the organization. But this year, more than ever it's been, seems to be prominent as people are integrating in what about the growth? I mean from last year this year and the use and user ecosystem, how have you guys seen the growth? Is there any highlights because have any stats and or observations around how the ecosystem is growing around the end user piece? >>Sure, absolutely. I mean, I can talk directly about C N C F and the C N C F. End user community, much like everything else, you know, covid kind of slowed things down, so we're kind of not entirely surprised by that, But we're still going over 2020 and in fact just in the last few months have brought in some really, really big names like Peloton, Airbnb, Citibank, um, just some incredible organizations who are, who have really adopted card native, who have seen the success and the benefits of it. And now we're looking to give back to the community, as Katie said, get involved with open source and be more than just a passive consumer of the technologies, but actually become leaders in their own right, >>Katie talk about the dynamic of developers that end user organizations. I mean, you have been there, you're now you've been on both sides of the table if you will not to the sides of the table, it's more like a round table if you will, but community driven. But traditional, uh, end user organizations, not the early adopters, not the hyper scale is, but the ones now are really embedding hybrid, um, are changing how I t to how modern applications being built. That's a big theme in these mainstream organizations. What's the dynamic going on? What's your view? >>I think for any organization, the kind of the core, what moves the organization towards cloud Native is um pretty much being ahead of your competitors. And now we have this mass of different organization of the cloud native and that's why we see more kind of ice towards this area. So um definitely in this perspective when it comes to the technology aspect, companies are looking to deploy complex application in an easier manner, especially when it comes to pushing them to production system securely faster. Um and continuously as well. They're looking to have this competitive edge when it comes to how can they quickly respond to customer feedback? And as well they're looking for this um hybrid element that has been, has been talked about. Again, we're talking about enterprise is not just about public cloud, it's about how can we run the application security and getting both an element of data centers or private cloud as well. And now we see a lot of projects which are balancing around that age but more importantly there is adoption and where there's adoption, there is a feedback loop and that's how which represents the organic growth. >>That's awesome. Cheryl like you to define what you mean when you say end user driven open source, what does that mean? >>Mm This is a really interesting dynamic that I've seen over the last couple of years. So what we see is that more and more of the open source project, our end users who who are solving their own problems and creating their own projects and donating these back to the community. An early example of this was Envoy and lift and Yeager from Uber but Spotify also recently donated backstage, which is a developer portal which has really taken off. We've also got examples from Intuit Donating Argo. Um I'm sure there are some others that I've just forgotten. But the really interesting thing I see about this is that class classically right. Maybe a few years ago, if you were an end user organization, you get involved through a vendor, you'd go to a red hat or something and say, hey, you fix this on my behalf because you know that's what I'm paying you to do. Whereas what I see now is and user saying we want to keep this expertise in house and we want to be owners of our own kind of direction and our own fate when it comes to these open source projects. And that's been a big driver for this trend of open source and user driven, open source. >>It's really the open model is just such a great thing. And I think one of the interesting thing is that fits in with a lot of people who want to work from mission driven companies, but here there's actually a business benefit as you pointed out as in terms of the dynamic of bringing stuff to the community. This is interesting. I'm sure that the ability to do more collaboration, um, either hiring or contributing kind of increases when you have this end user dynamic because that's a pretty big decision to donate and bring something into the open source. What's the playbook though? If I'm sitting in an end user organization like american express Katie or a big company, say, hey, you know, we really developed this really killer use cases niche to us, but we want to bring it to the community. What do they do? Is there like a, like a manager? Do they knock on someone's door? Zara repo is, I mean, how does someone, I mean, how does an end user get this done? >>Mm. Um, I think one of the best resources out there is called the to do group, which is a organization underneath the Linux foundation. So it's kind of a sister group to C N C F, which is about open source program offices. And how do you formalize such an open source program? Because it's pretty easy to say, oh well just put something on get hub. But that's not the end of the story, right? Um, if you want to actually build a community, if you want other people to contribute, then you do actually have to do more than just drop it and get up and walk away. So I would say that if you are an end user company and you have created something which scratches your own itch and you think other people could benefit from it then definitely come. And like you could email me, you could email Chris and chick who is the ceo of C N C F and just get in touch and sort of ask around about what are the things that you could do in terms of what you have to think about the licensing, How do you develop a community governance program, um, trademark issues, all of these things. >>It's interesting how open source is growing so much now, chris has got so much action going on. New verticals are opening up, you know, so, so much action Cheryl you had posted on the internet predictions for cloud native, which I found interesting because there's so much action going on, you have to break things out into pillars, tech devops and ecosystem, each one kind of with a slew event of key trends. So take us through the mindset, why break it out like that? You got tech devops and ecosystem tradition that was all kind of bundled in one. Why? Why the pillars? And is it because there's so much action, what's, what's the basis behind the prediction? >>Um so originally this was just a giant list of things I had seen from talking to people and reading around and seeing what people are talking about on social media. Um And when, once I invested at these 10, I thought about what, what does this actually mean for the people who are going to look at this list and what should they care about? So I see tech trends as things related to tools, frameworks. Um, perhaps architects I see develops as people who are more as a combination of process, things that a combination of process and people and culture best practices and then ecosystem was kind of anything else broader than that. Things that happened across organizations. So you can definitely go to my twitter, you can go to at boy Chevelle, O I C H E R Y L and take a look at this and This is my list of 10. I would love to hear from you whether you agree with it, whether you think there are other things that I've missed or what would your >>table. I love. I love the top. Well, first of all I think this is very relevant. The one that I would ask you on is more rust and cloud native. That's the number one item. Um, I think cross cloud is definitely totally happening, I think people are really starting to think about that and so I'd love to get your comments on that. But I think the thing that jumped out at me was the devops piece because this is a trend that I've been seeing a lot more certainly even in academic institutions, for folks in school, right? Um going to college for computer science and engineering. This idea of, sorry, large scale, cloud is not so much an IT practice, it's much more of a cloud native mindset. So I think this idea of of ops so much more about scale. I use SRE only because I can't think of a better word around it and certainly the edge pieces with kubernetes, I think this is the, I think the biggest story to me that's where all the action seems to be when I talk to people around what they're working on in terms of training new people on boarding and what not Katie, you're shaking your head, you're like Yeah, what's your thoughts? Yeah, >>I have definitely been uh through all of these stages from having a team where the develops, I think it's more of a culture of like a pattern to adopt within an organization more than anything. So I've been pre develops within develops and actually during the evolution of it where we actually added an s every team as well. Um I think having these cultural changes with an organization, they are necessary, especially they want to iterate iterate quicker and actually deliver value to the customers with minimal agency because what it actually does there is the collaboration between teams which were initially segregated. And that's why I think there is a paradigm nowadays which is called deficit ops, which actually moves security more to its left. This has been very popular, especially in the, in the latest a couple of months. Lots of talks around it and even there is like a security co located event of Yukon just going to focus on that mainly. Um, but as well within the Devil's area, um, one of the models that has been quite permanent has been get ups as well, which pretty much uses the power of gIT repositories to describe the state of the applications, how it actually should be within the production system and within the cloud native ecosystem. There are two main tools that pretty much leave this area and there's going to be Argo City which has been donated by, into it, which is our end user And we have flux as well, which has been donated by we've works and both of these projects currently are within the incubation stage, which pretty much by default um showcases there is a lot of adoption from the organizations um more than 100 of for for some of them. So there is a wider adoption um, and everything I would like to mention is the get ups working group which has emerged I think between que con europe and north America last year and that again is more to define a manifest of how exactly get expert and should be adopted within organizations. So there is a lot of, I would say initiatives and this is further out they confirmed with the tooling that we have within the ecosystem. >>That's really awesome insight. I want to just, if you don't mind follow up on that, why is getups so important right now, Is it because the emphasis of security is that the emphasis of more scale, Is it just because it's pretty much kid was okay just because storing it over there, Is it because there's so much more inspections are going on around it? I mean code reviews have been going on for a long time. What's what's the big deal? Why is it so hot right now? In your opinion? >>I think there is definitely a couple of aspects that are quite important. You mentioned security, that's definitely one of them with the get ups battery. And there is a pool model rather than a push model. So you have the actual tool, for example, our great city of flux watching for repository and if any changes are identified is going to pull those changes automatically. So the first thing that we actually can see from this model is that we always will have a delta between what's within our depositors and the production system. Usually if you have a pool model, you can pull it uh can push the changes towards death staging environment but not always the production because you have the change window sometimes with the get ups model, you'll always be aware of what's the Dell. Can you have quite a nice way to visualize that especially for your city, which has the UI as well as well with the get ups pattern, there is less necessity to share the credentials with the actual pipeline tool. All of because Argo flux there are natively build around communities, all the secrets are going to be residing within the cluster. There is no need to share any extra credentials or an extra permissions with external tools as well. There are scale, there is again with kids who have historical data points which allows us to easily revert um to stable points of the applications in the past. So multiple, multiple benefits I would say, but definitely secured. I think it's one of the main one and it has been talked about quite a lot as well. >>A lot of these end user stories revolve around these dynamics and the ones you guys are promoting and from your members as well as in the community at large is I hate to use the word day two operations, but that really is the issue like okay, we're up and running. I want more automation. This is again tops kind of vibe here where it's like okay we gotta go troubleshoot all this, but it should be working as more stuff comes in. This becomes more and more the dynamic is that is that because of just more edges, more things, more devices, what's what's the what's the push behind all these stories around this automation and day to operation things? What do you guys think? >>I think, I think the expectations are getting higher and higher to be honest, a few years ago it was enough to use containers and start using the barest minimum, you know, to orchestrate those containers. But now what we see is that, you know, it's easy to choose the technology, it's easy to install it and even configure it. But as you said, john those data operations are really, really hard. For example, one of the ones that we've seen up and coming and we care about from CNCF is kubernetes on the edge. And we see this as enabling telco use cases and 5G and IOT and really, really broad, difficult use cases that just a few years ago would have been nice on impossible, Katie, your zone, Katie Katie, you also talk about edge. Right? >>Absolutely. I think I I really like to watch some of the talks that keep going, especially given by the big organizations that have to manage thousands or tens of thousands, hundreds of thousands of customers. And they have to deliver a cluster to these to these teams. Now, from their point of view, they pretty much have to manage clusters at scale. There is definitely the edge out there and they really kind of pushing the technology towards how can we get closer to the physical devices within the customers? Kind of uh, let's say bubble or area in surface. So age has been definitely something which has been moving a lot when it comes to the cloud native ecosystem. We've had a lot of projects moving to towards the incubation stage, carefree as has been there, um, for for a while and again, has a lot of adoption is known for its stability. But another thing that I would like to mention is that now currently we have a lot of projects that are age focus but within some box, so there is again, a lot of potential if there's gonna be a higher demand for this, I would expect this tools move from sandbox to incubation and even graduation. So that's definitely something which, uh, it's moving and there is dynamism around it. >>Well, Cheryl kid, you guys are awesome, love the work you're doing. I gotta ask the final question since you brought it up about the expectations. Cheryl, if you guys could both end the segment with the comment around expectations as the industry and companies and developers and participants continue to grow. What, what's changed with C N C F koo Kahne cloud, native khan as the expectation has been growing and the stakes are higher too, frankly, I mean you've got security, you mentioned these things edge get up, so you start to see the maturation of this ecosystem, what's new and what's expected of you guys, What do you see and how are you guys organizing? >>I think we can definitely say the ecosystem has matured a lot compared to a few years ago. Same with CNTF, same with Cuba con, I think the very first cubic on I went to was Berlin, which was about 1800 people. Um, the kind of mind boggling to see how much, how much it's grown since then. I mean one of the things that we try and do is to expand the number of people who can reach the community. So for example, we launched kubernetes community days and we launched, that means community organized events in africa, for example, for people who couldn't come to large events in north America or europe, um we also launching things to help students. I actually love talking to students because quite often now you talk to them and they say, oh, I've never run software in anything other than a container. You're like, yeah, well this was a new thing, this is brand new a few years ago and now you can be 18 and have never tried anything else. So it's pretty amazing. But yeah, there's definitely, there's always space to go to the community. >>Yeah, once you go cloud native, it's like, you know, like you've never load Lennox on them server before. I mean, what, what's going on? Get your thoughts as expectations go higher And certainly there's more in migration, not only for young folks because they're jumping into this was that engineering meets computer science is now cross discipline. You're seeing scale, you mentioned scaling up those are huge factors, you've got younger, you got cross training, you got cybersecurity and you've got Fin tech ops that's chris is working on so much is happening. What, what, what you guys keep up with your, how you gonna raise the ball? >>Absolutely. I think there's definitely technology moving forward, but I think nowadays there is a more need for actual end user stories while at the beginning of cube cons there is a lot of focus on the technical aspects. How can you fix this particular problem of deploying between two clusters are deploying at scale. There is like a lot of technical aspects nowadays they're looking for the stories because as I mentioned before, not one platform is gonna be the same when it comes to cloud native and I think there's still, the community is still trying to look for some patterns or some standards and we actually can see like especially when it comes to the open standards, we can see this moving within um the observe abilities like that application delivery will have for example cross plane and Que Bella we have open metrics and open tracing as well, which focuses on observe ability and all of the interfaces that we had around um, Cuban directory service men and so forth. All of these pretty much try to bring a benchmark, making it easier to integrate these special use cases um when it comes to actual extreme technology kind of solutions that you need to provide and um, I was mentioning the end user stories that are there more in demand nowadays mainly because these are very, very necessary from the community like for example the six or the project maintainers, they require feedback to actually move forward. And as part of that, I would like to mention that we've recently soft launched the injuries lounge, which really focuses on this particular aspect of end user stories. We try to pretty much question our end users and really understand what really moved them to adopt, coordinative, what keeps them on this path and what like future challenges they would like to um to tackle or are they facing the moment I would like to solve in the future. So we're trying to create the speed back home between the inducers and the projects out there. So I think this is something which needs to be a bit more closely together these two spheres, which currently are segregated, but we're trying to just solve that. >>Also you guys do great work, great job. Cheryl wrap us up real, take a minute to put a plug in for the C. N. C. F. In the ecosystem. What's the fashion this year? What's hot? What's the trend? What are you guys doing? Share some quick update on what's going on the ecosystem from your perspective? >>Yeah, I mean the ecosystem, even though I just said that we're maturing, you know, the growth has not stopped now, what we're seeing is these as Casey was saying, you know, more specific use cases, even bigger, even more demanding environments, even more kind of crazy use cases. I mean I love the story from the U. S. Department of Defense about putting kubernetes on their fighter jets and putting ston fighter jets, you know, it's just absurd to think about it, but I would say definitely come and be part of the community, share your stories, share what you know, help other people um if you are end user of these technologies then go to see NCF dot io slash and user and just come and be part of our community, you know, meet your peers and hear what everybody else is doing >>well. Having kubernetes and stu on jets, that's the Air Force, I would call that technical edge Katie to you know, bring, bring back the edge carol kitty, thank you so much for sharing the inside ecosystem is robust. Rising tide is floating all the boats as we always say here in the cube, it's been great to watch and continue to watch the rise. I think it's just the beginning, we're starting to see post pandemic visibility cloud native, more standards, more visibility into the economics and value and great to see the ecosystem rising up with the end users as well. So congratulations and thanks for coming up. >>Thank you so much, john it's a pleasure, appreciate >>it. Thank you for having us, john >>Great to have you on. I'm john for with the cube here for Coop Con Cloud, Native Con 21 virtual soon we'll be back in real life. Thanks for watching. Mhm.

>>Hi, everyone. Welcome to ASML day. My name is Yasmin Joffey. I'm the director of systems engineering for ASML at HPE. Today. We're here and joined by my colleague, Don wake, who is a technical marketing engineer who will talk to us about the date and the life of an it administrator through the lens of ASML container platform. We'll be answering your questions real time. So if you have any questions, please feel free to put your questions in the chat, and we should have some time at the end for some live Q and a. Don wants to go ahead and kick us off. >>All right. Thanks a lot, Yasir. Yeah, my name is Don wake. I'm the tech marketing guy and welcome to asthma all day, day in the life of an it admin and happy St. Patrick's day. At the same time, I hope you're wearing green virtual pinch. If you're not wearing green, don't have to look that up if you don't know what I'm scouting. So we're just going to go through some quick things. Talk about discussion of modern business. It needs to kind of set the stage and go right into a demo. Um, so what is the need here that we're trying to fulfill with, uh, ASML container platform? It's, it's all rooted in analytics. Um, modern businesses are driven by data. Um, they are also application centric and the separation of applications and data has never been more important or, or the relationship between the two applications are very data hungry. >>These days, they consume data in all new ways. The applications themselves are, are virtualized, containerized, and distributed everywhere, and optimizing every decision and every application is, is become a huge problem to tackle for every enterprise. Um, so we look at, um, for example, data science, um, as one big use case here, um, and it's, it's really a team sport and I'm today wearing the hat of perhaps, you know, operations team, maybe software engineer, guy working on, you know, continuous integration, continuous development integration with source control, and I'm supporting these data scientists, data analysts. And I also have some resource control. I can decide whether or not the data science team gets a, a particular cluster of compute and storage so that they can do their work. So this is the solution that I've been given as an it admin, and that is the ASML container platform. >>And just walking through this real quick, at the top, I'm trying to, as wherever possible, not get involved in these guys' lives. So the data engineers, scientists, app developers, dev ops guys, they all have particular needs and they can access their resources and spin up clusters, or just do work with the Jupiter notebook or run spark or Kafka or any of the, you know, popular analytics platforms by just getting in points that we can provide to them web URLs and their self service. But in the backend, I can then as the it guy makes sure the Kubernetes clusters are up and running, I can assign particular access to particular roles. I can make sure the data's well protected and I can connect them. I can import clusters from public clouds. I can, uh, you know, put my like clusters on premise if I want to. >>And I can do all this through this centralized control plane. So today I'm just going to show you I'm supporting some data scientists. So one of our very own guys is actually doing a demo right now as well, called the a day in the life of the data scientist. And he's on the opposite side, not caring about all the stuff I'm doing in the backend and he's training models and registering the models and working with data, uh, inside his, you know, Jupiter notebook, running inferences, running postman scripts. And so I'm in the background here, making sure that he's got access to his cluster storage protected, make sure it's, um, you know, his training models are up, he's got service endpoints, connecting him to, um, you know, his source control and making sure he's got access to all that stuff. So he's got like a taxi ride prediction model that he's working on and he has a Jupiter notebook and models. So why don't we, um, get hands on and I'll just jump right over it. >>It was no container platform. So this is a web UI. So this is the interface into the container platform. Our centralized control plane, I'm using my active directory credentials to log in here. >>And >>When I log in, I've also been assigned a particular role, uh, with regard to how much of the resources I can access. Now, in my case, I'm a site admin you can see right up here in the upper right hand, I'm a site admin and I have access to lots and lots of resources. And the one I'm going to be focusing on today is a Kubernetes cluster. Um, so I have a cluster I can go in here and let's say, um, we have a new data scientists come on board one. I can give him his own resources so he can do whatever he wants, use some GPU's and not affect other clusters. Um, so we have all these other clusters already created here. You can see here that, um, this is a very busy, um, you know, production system. They've got some dev clusters over here. >>I see here, we have a production cluster. So he needs to produce something for data scientists to use. It has to be well protected and, and not be treated like a development resource. So under his production cluster, I decided to create a new Kubernetes cluster. And literally I just push a button, create Kubernetes cluster once I've done that. And I'll just show you some of the screens and this is a live environment. So this is, I could actually do it all my hosts are used up right now, but I wouldn't be able to go in here and give it a name, just select, um, some hosts to use as the primary master controller and some workers answer a few more questions. And then once that's done, I have now created a special, a whole nother Kubernetes cluster, um, that I could also create tenants from. >>So tenants are really Kubernetes. Uh namespaces so in addition to taking hosts and Kubernetes clusters, I can also go to that, uh, to existing clusters and now carve out a namespace from that. So I look at some of the clusters that were already created and, um, let's see, we've got, um, we've got this year is an example of a tenant that I could have created from that production cluster. And to do that here in the namespace, I just hit create and similar to how you create a cluster. You can now carve down from a given cluster and we'll say the production cluster and give it a name and a description. I can even tell it, I want this specific one to be an AI ML project, um, which really is our ML ops license. So at the end of the day, I can say, okay, I'm going to create an ML ops tenant from that cluster that I created. >>And so I've already created it here for this demo. And I'm going to just go into that Kubernetes namespace now that we also call it tenant. I mean, it's like, multitenancy the name essentially means we're carving out resources so that somebody can be isolated from another environment. First thing I typically do. Um, and at this point I could also give access to this tenant and only this tenant to my data scientist. So the first thing I typically do is I go in here and you can actually assign users right here. So right now it's just me. But if I want it to, for example, give this, um, to Terry, I could go in here and find another user and assign him from this lead, from this list, as long as he's got the proper credentials here. So you can see here, all these other users have active directory credentials, and they, uh, when we created the cluster itself, we also made sure it integrated with our active directory, so that only authorized users can get in there. >>Let's say the first thing I want to do is make sure when I do Jupiter notebook work, or when Terry does, I'm going to connect him up straight up to the get hub repository. So he gives me a link to get hub and says, Hey man, this is all of my cluster work that I've been doing. I've got my source control there. My scripts, my Python notebooks, my Jupiter notebooks. So when I create that, I simply give him, you know, he gives me his, I create a configuration. I say, okay, here's a, here's a get repo. Here's the link to it. I can use a token, here's his username. And I can now put in that token. So this is actually a private repo and using a token, you know, standard get interface. And then the cool thing after that, you can go in here and actually copy the authorization secret. >>And this gets into the Kubernetes world. Um, you know, if you want to make sure you have secure integration with things like your source control or perhaps your active directory, that's all maintained in secrets. So you can take that secret. And when I then create his notebook, I can put that secret right in here in this, uh, launch Yammel. And I say, Hey, connect this Jupiter notebook up with this secret so he can log in. And when I've launched this Jupiter notebook cluster, this is actually now, uh, within my, my, uh, Kubernetes tenant. It is now really a pod. And if I want to, I can go right into a terminal for that, uh, Kubernetes tenant and say, coop CTL, these are standard, you know, CNCF certified Kubernetes get pods. And when I do this, it'll tell me all of the active pods and within those positive containers that I'm running. >>So I'm running quite a few pods and containers here in this, uh, artificial intelligence machine learning, um, tenant. So that's kind of cool. Also, if I wanted to, I could go straight and I can download the config for Kubernetes, uh, control. Uh well, and then I can do something like this, where on my own system where I'm more comfortable, perhaps coop CTL get pods. So this is running on my laptop and I just had to do a coop CTL refresh and give the IP address and authorization, um, information in order to connect from my laptop to that end point. So from a CIC D perspective from, you know, an it admin guides, he usually wants to use tools right on his, uh, desktop. So here am I back in my web browser, I'm also here on the dashboard of this, uh, Kubernetes, um, tenant, and I can see how it's doing. >>It looks like it's kind of busy here. I can focus specifically on a pod if I want to. I happen to know this pod is my Jupiter notebook pod. So aren't, I show how, you know, I could enable my data scientists by just giving him the, uh, URL or what we call a notebook service end points or notebook end point. And just by clicking on this URL or copying it, copying, you know, it's a link, uh, and then emailing it to them and say, okay, here's your, uh, you know, here's your duper notebook. And I say, Hey, just log in with your credentials. I've already logged in. Um, and so then he's got his Jupiter notebook here and you can see that he's connected to his GitHub repo directly. He's got all of the files that he needs to run his data science project and within here, and this is really in the data science realm, data scientists realm. >>He can see that he can have access to centralized storage and he can copy the files from his GitHub repo to that centralized storage. And, you know, these, these commands, um, are kind of cool. They're a little Jupiter magic commands, and we've got some of our own that showed that attachment to the cluster. Um, but you can see here if you run these commands, they're actually looking at the shared project repository managed by the container platform. So, you know, just to show you that again, I'll go back to the container platform. And in fact, the data scientist, uh, could do the same thing. Attitude put a notebook back to platform. So here's this project repository. So this is other big point. So now putting on my storage admin hat, you know, I've got this shared, um, storage, um, volume that is managed for me by the ESMO data fabric. >>Um, in, in here, you can see that the data scientist, um, from his get repo is able to through Jupiter notebook directly, uh, copy his code. He was able to run as Jupiter notebook and create this XG boost, uh, model. So this file can then be registered in this AIML tenant. So he can go in here and register his model. So this is, you know, this is really where the data scientist guy can self-service kick off his notebooks, even get a deployment end point so that he can then inference his cluster. So here again, another URL that you could then take this and put it into like a postman rest URL and get answers. Um, but let's say he wants to, um, he's been doing all this work and I want to make sure that his, uh, data's protected, uh, how about creating a mirror. >>So if I want to create a mirror of that data, now I go back to this other, uh, and this is the, the, uh, data fabric embedded in a very special cluster called the Picasso cluster. And it's a version of the ASML data fabric that allows you to launch what was formerly called Matt bar as a Kubernetes cluster. And when you create this special cluster, every other cluster that you create is automatically, uh, gets things like that. Tenant storage. I showed you to create a shared workspace, and it's automatically managed by this, uh, data fabric. Uh, and you're even given an end point to go into the data fabric and then use all of the awesome features of ASML data fabric. So here I can just log in here. And now I'm at the, uh, data fabric, web UI to do some data protection and mirroring. >>So >>Let's go over here. Let's say I want to, uh, create a mirror of that tenant. So I forgot to note what the name of my tenant was. I'm going to go back to my tenant, the name of the volume that I'm playing with here. So in my AIML tenant, I'm going to go to my source, control my project repository that I want to protect. And I see that the ESMO data fabric has created 10 and 30 as a volume. So I'll go back to my, um, data fabric here, and I'm going to look for 10 and 30. And if I want to, I can go into tenant 30, >>Okay. >>Down here, I can look at the usage. I can look at all of the, you know, I've used very little of the, uh, allocated storage that I want, but let's, uh, you know what, let's go ahead and create a volume to mirror that one. So very simple web UI that has said create volume. I go in here and I say, I want to do a, a tenant 30 mirror. And I say, mirror the mirror volume. Um, I want to use my Picasso cluster. I want to use tenant 30. So now that's actually looking up in the data fabric, um, database there's 10 and 30 K. So it knows exactly which one I want to use. I can go in here and I can say, you know, ext HCP, tenant, 30 mirror, you know, I can give it whatever name I want and this path here. >>And that's a whole nother, uh, demo is this could be in Tokyo. This could be mirrored to all kinds of places all over the world, because this is truly a global name, split namespace, which is a huge differentiator for us in this case, I'm creating a local mirror and that can go down here and, um, I can add, uh, audit and encryptions. I can do, um, access control. I can, you know, change permissions, you know, so full service, um, interactivity here. And of course this is using the web UI, but there's also rest API interfaces as well. So that is pretty much the, the brunt of what I wanted to show you in the demo. Um, so we got hands on and I'm just going to throw this up real quick and then come back to Yasser. See if he's got any questions he has received from anybody watching, if you have any new questions. >>Yeah. We've got a few questions. Um, we can, uh, just take some time to go, hopefully answer a few. Um, so it, it does look like you can integrate or incorporate your existing get hub, uh, to be able to, um, extract, uh, shared code or repositories. Correct? >>Yeah. So we have that built in and can either be, um, get hub or bit bucket it's, you know, pretty standard interface. So just like you can go into any given, get hub and do a clone of a, of a repo, pull it into your local environment. We integrated that directly into the gooey so that you can, uh, say to your, um, AIML tenant, uh, to your Jupiter notebook. You know, here's, here's my GitHub repo. When you open up my notebook, just connect me straight up. So it saves you some, some steps there because Jupiter notebook is designed to be integrated with get hub. So we have get hub integrated in as well or bit bucket. Right. >>Um, another question around the file system, um, has the map, our file system that was carried over, been modified in any way to run on top of Kubernetes. >>So yeah, I would say that the map, our file system data fabric, what I showed here is the Kubernetes version of it. So it gives you a lot of the same features, but if you need, um, perhaps run it on bare metal, maybe you have performance, um, concerns, um, you know, you can, uh, you can also deploy it as a separate bare metal instance of data fabric, but this is just one way that you can, uh, use it integrated directly into Kubernetes depends really the needs of, of the, uh, the user and that a fabric has a lot of different capabilities, but this is, um, it has a lot of the core file system capabilities where you can do snapshots and mirrors, and it it's of course, striped across multiple, um, multiple disks and nodes. And, uh, you know, Matt BARR data fabric has been around for years. It's, uh, and it's designed for integration with these, uh, analytic type workloads. >>Great. Um, you showed us how you can manage, um, Kubernetes clusters through the ASML container platform you buy. Um, but the question is, can you, uh, control who accesses, which tenant, I guess, namespace that you created, um, and also can you restrict or, uh, inject resource limitations for each individual namespace through the UI? >>Oh yeah. So that's, that's a great question. Yes. To both of those. So, um, as a site admin, I had lots of authority to create clusters, to go into any cluster I wanted, but typically for like the data scientist example I used, I would give him, I would create a user for him. And there's a couple of ways you can create users. Um, and it's all role-based access control. So I could create a local user and have container platform authenticate him, or I can say integrate directly with, uh, active directory or LDAP, and then even including which groups he has access to. And then in the user interface for the site admin, I could say he gets access to this tenant and only this tenant. Um, another thing you asked about is his limitations. So when you create the tenant to prevent that noisy neighbor problem, you can, um, go in and create quotas. >>So I didn't show the process of actually creating a Quentin, a tenant, but integral to that, um, flow is okay, I've defined which cluster I want to use. I defined how much memory I want to use. So there's a quota right there. You could say, Hey, how many CPU's am I taking from this pool? And that's one of the cool things about the platform is that it abstracts all that away. You don't have to really know exactly which host, um, you know, you can create the cluster and select specific hosts, but once you've created the cluster, it's not just a big pool of resources. So you can say Bob, over here, um, he's only going to get 50 of the a hundred CPU's available and he's only going to get X amount of gigabytes of memory. And he's only going to get this much storage that he can consume. So you can then safely hand off something and know they're not going to take all the resources, especially the GPU's where those will be expensive. And you want to make sure that one person doesn't hog all the resources. And so that absolutely quotas are built in there. >>Fantastic. Well, we, I think we are out of time. Um, we have, uh, a list of other questions that we will absolutely reach out and, um, get all your questions answered, uh, for those of you who ask questions in the chat. Um, Don, thank you very much. Thanks everyone else for joining Don, will this recording be made available for those who couldn't make it today? >>I believe so. Honestly, I'm not sure what the process is, but, um, yeah, it's being recorded so they must've done that for a reason. >>Fantastic. Well, Don, thank you very much for your time and thank everyone else for joining. Thank you.