(upbeat music) >> Welcome everyone to theCUBE's presentation of the AWS Startup Showcase AI Machine Learning Top Startups Building Generative AI on AWS. This is season 3, episode 1 of the ongoing series covering the exciting startup from the AWS ecosystem to talk about AI and machine learning. I'm your host, John Furrier. I'm joined by two great guests here, Adam Wenchel, who's the CEO of Arthur, and Chief Scientist of Arthur, John Dickerson. Talk about how they help people build better LLM AI systems to get them into the market faster. Gentlemen, thank you for coming on. >> Yeah, thanks for having us, John. >> Well, I got to say I got to temper my enthusiasm because the last few months explosion of interest in LLMs with ChatGPT, has opened the eyes to everybody around the reality of that this is going next gen, this is it, this is the moment, this is the the point we're going to look back and say, this is the time where AI really hit the scene for real applications. So, a lot of Large Language Models, also known as LLMs, foundational models, and generative AI is all booming. This is where all the alpha developers are going. This is where everyone's focusing their business model transformations on. This is where developers are seeing action. So it's all happening, the wave is here. So I got to ask you guys, what are you guys seeing right now? You're in the middle of it, it's hitting you guys right on. You're in the front end of this massive wave. >> Yeah, John, I don't think you have to temper your enthusiasm at all. I mean, what we're seeing every single day is, everything from existing enterprise customers coming in with new ways that they're rethinking, like business things that they've been doing for many years that they can now do an entirely different way, as well as all manner of new companies popping up, applying LLMs to everything from generating code and SQL statements to generating health transcripts and just legal briefs. Everything you can imagine. And when you actually sit down and look at these systems and the demos we get of them, the hype is definitely justified. It's pretty amazing what they're going to do. And even just internally, we built, about a month ago in January, we built an Arthur chatbot so customers could ask questions, technical questions from our, rather than read our product documentation, they could just ask this LLM a particular question and get an answer. And at the time it was like state of the art, but then just last week we decided to rebuild it because the tooling has changed so much that we, last week, we've completely rebuilt it. It's now way better, built on an entirely different stack. And the tooling has undergone a full generation worth of change in six weeks, which is crazy. So it just tells you how much energy is going into this and how fast it's evolving right now. >> John, weigh in as a chief scientist. I mean, you must be blown away. Talk about kid in the candy store. I mean, you must be looking like this saying, I mean, she must be super busy to begin with, but the change, the acceleration, can you scope the kind of change you're seeing and be specific around the areas you're seeing movement and highly accelerated change? >> Yeah, definitely. And it is very, very exciting actually, thinking back to when ChatGPT was announced, that was a night our company was throwing an event at NeurIPS, which is maybe the biggest machine learning conference out there. And the hype when that happened was palatable and it was just shocking to see how well that performed. And then obviously over the last few months since then, as LLMs have continued to enter the market, we've seen use cases for them, like Adam mentioned all over the place. And so, some things I'm excited about in this space are the use of LLMs and more generally, foundation models to redesign traditional operations, research style problems, logistics problems, like auctions, decisioning problems. So moving beyond the already amazing news cases, like creating marketing content into more core integration and a lot of the bread and butter companies and tasks that drive the American ecosystem. And I think we're just starting to see some of that. And in the next 12 months, I think we're going to see a lot more. If I had to make other predictions, I think we're going to continue seeing a lot of work being done on managing like inference time costs via shrinking models or distillation. And I don't know how to make this prediction, but at some point we're going to be seeing lots of these very large scale models operating on the edge as well. So the time scales are extremely compressed, like Adam mentioned, 12 months from now, hard to say. >> We were talking on theCUBE prior to this session here. We had theCUBE conversation here and then the Wall Street Journal just picked up on the same theme, which is the printing press moment created the enlightenment stage of the history. Here we're in the whole nother automating intellect efficiency, doing heavy lifting, the creative class coming back, a whole nother level of reality around the corner that's being hyped up. The question is, is this justified? Is there really a breakthrough here or is this just another result of continued progress with AI? Can you guys weigh in, because there's two schools of thought. There's the, "Oh my God, we're entering a new enlightenment tech phase, of the equivalent of the printing press in all areas. Then there's, Ah, it's just AI (indistinct) inch by inch. What's your guys' opinion? >> Yeah, I think on the one hand when you're down in the weeds of building AI systems all day, every day, like we are, it's easy to look at this as an incremental progress. Like we have customers who've been building on foundation models since we started the company four years ago, particular in computer vision for classification tasks, starting with pre-trained models, things like that. So that part of it doesn't feel real new, but what does feel new is just when you apply these things to language with all the breakthroughs and computational efficiency, algorithmic improvements, things like that, when you actually sit down and interact with ChatGPT or one of the other systems that's out there that's building on top of LLMs, it really is breathtaking, like, the level of understanding that they have and how quickly you can accelerate your development efforts and get an actual working system in place that solves a really important real world problem and makes people way faster, way more efficient. So I do think there's definitely something there. It's more than just incremental improvement. This feels like a real trajectory inflection point for the adoption of AI. >> John, what's your take on this? As people come into the field, I'm seeing a lot of people move from, hey, I've been coding in Python, I've been doing some development, I've been a software engineer, I'm a computer science student. I'm coding in C++ old school, OG systems person. Where do they come in? Where's the focus, where's the action? Where are the breakthroughs? Where are people jumping in and rolling up their sleeves and getting dirty with this stuff? >> Yeah, all over the place. And it's funny you mentioned students in a different life. I wore a university professor hat and so I'm very, very familiar with the teaching aspects of this. And I will say toward Adam's point, this really is a leap forward in that techniques like in a co-pilot for example, everybody's using them right now and they really do accelerate the way that we develop. When I think about the areas where people are really, really focusing right now, tooling is certainly one of them. Like you and I were chatting about LangChain right before this interview started, two or three people can sit down and create an amazing set of pipes that connect different aspects of the LLM ecosystem. Two, I would say is in engineering. So like distributed training might be one, or just understanding better ways to even be able to train large models, understanding better ways to then distill them or run them. So like this heavy interaction now between engineering and what I might call traditional machine learning from 10 years ago where you had to know a lot of math, you had to know calculus very well, things like that. Now you also need to be, again, a very strong engineer, which is exciting. >> I interviewed Swami when he talked about the news. He's ahead of Amazon's machine learning and AI when they announced Hugging Face announcement. And I reminded him how Amazon was easy to get into if you were developing a startup back in 2007,8, and that the language models had that similar problem. It's step up a lot of content and a lot of expense to get provisioned up, now it's easy. So this is the next wave of innovation. So how do you guys see that from where we are right now? Are we at that point where it's that moment where it's that cloud-like experience for LLMs and large language models? >> Yeah, go ahead John. >> I think the answer is yes. We see a number of large companies that are training these and serving these, some of which are being co-interviewed in this episode. I think we're at that. Like, you can hit one of these with a simple, single line of Python, hitting an API, you can boot this up in seconds if you want. It's easy. >> Got it. >> So I (audio cuts out). >> Well let's take a step back and talk about the company. You guys being featured here on the Showcase. Arthur, what drove you to start the company? How'd this all come together? What's the origination story? Obviously you got a big customers, how'd get started? What are you guys doing? How do you make money? Give a quick overview. >> Yeah, I think John and I come at it from slightly different angles, but for myself, I have been a part of a number of technology companies. I joined Capital One, they acquired my last company and shortly after I joined, they asked me to start their AI team. And so even though I've been doing AI for a long time, I started my career back in DARPA. It was the first time I was really working at scale in AI at an organization where there were hundreds of millions of dollars in revenue at stake with the operation of these models and that they were impacting millions of people's financial livelihoods. And so it just got me hyper-focused on these issues around making sure that your AI worked well and it worked well for your company and it worked well for the people who were being affected by it. At the time when I was doing this 2016, 2017, 2018, there just wasn't any tooling out there to support this production management model monitoring life phase of the life cycle. And so we basically left to start the company that I wanted. And John has a his own story. I'll let let you share that one, John. >> Go ahead John, you're up. >> Yeah, so I'm coming at this from a different world. So I'm on leave now from a tenured role in academia where I was leading a large lab focusing on the intersection of machine learning and economics. And so questions like fairness or the response to the dynamism on the underlying environment have been around for quite a long time in that space. And so I've been thinking very deeply about some of those more like R and D style questions as well as having deployed some automation code across a couple of different industries, some in online advertising, some in the healthcare space and so on, where concerns of, again, fairness come to bear. And so Adam and I connected to understand the space of what that might look like in the 2018 20 19 realm from a quantitative and from a human-centered point of view. And so booted things up from there. >> Yeah, bring that applied engineering R and D into the Capital One, DNA that he had at scale. I could see that fit. I got to ask you now, next step, as you guys move out and think about LLMs and the recent AI news around the generative models and the foundational models like ChatGPT, how should we be looking at that news and everyone watching might be thinking the same thing. I know at the board level companies like, we should refactor our business, this is the future. It's that kind of moment, and the tech team's like, okay, boss, how do we do this again? Or are they prepared? How should we be thinking? How should people watching be thinking about LLMs? >> Yeah, I think they really are transformative. And so, I mean, we're seeing companies all over the place. Everything from large tech companies to a lot of our large enterprise customers are launching significant projects at core parts of their business. And so, yeah, I would be surprised, if you're serious about becoming an AI native company, which most leading companies are, then this is a trend that you need to be taking seriously. And we're seeing the adoption rate. It's funny, I would say the AI adoption in the broader business world really started, let's call it four or five years ago, and it was a relatively slow adoption rate, but I think all that kind of investment in and scaling the maturity curve has paid off because the rate at which people are adopting and deploying systems based on this is tremendous. I mean, this has all just happened in the few months and we're already seeing people get systems into production. So, now there's a lot of things you have to guarantee in order to put these in production in a way that basically is added into your business and doesn't cause more headaches than it solves. And so that's where we help customers is where how do you put these out there in a way that they're going to represent your company well, they're going to perform well, they're going to do their job and do it properly. >> So in the use case, as a customer, as I think about this, there's workflows. They might have had an ML AI ops team that's around IT. Their inference engines are out there. They probably don't have a visibility on say how much it costs, they're kicking the tires. When you look at the deployment, there's a cost piece, there's a workflow piece, there's fairness you mentioned John, what should be, I should be thinking about if I'm going to be deploying stuff into production, I got to think about those things. What's your opinion? >> Yeah, I'm happy to dive in on that one. So monitoring in general is extremely important once you have one of these LLMs in production, and there have been some changes versus traditional monitoring that we can dive deeper into that LLMs are really accelerated. But a lot of that bread and butter style of things you should be looking out for remain just as important as they are for what you might call traditional machine learning models. So the underlying environment of data streams, the way users interact with these models, these are all changing over time. And so any performance metrics that you care about, traditional ones like an accuracy, if you can define that for an LLM, ones around, for example, fairness or bias. If that is a concern for your particular use case and so on. Those need to be tracked. Now there are some interesting changes that LLMs are bringing along as well. So most ML models in production that we see are relatively static in the sense that they're not getting flipped in more than maybe once a day or once a week or they're just set once and then not changed ever again. With LLMs, there's this ongoing value alignment or collection of preferences from users that is often constantly updating the model. And so that opens up all sorts of vectors for, I won't say attack, but for problems to arise in production. Like users might learn to use your system in a different way and thus change the way those preferences are getting collected and thus change your system in ways that you never intended. So maybe that went through governance already internally at the company and now it's totally, totally changed and it's through no fault of your own, but you need to be watching over that for sure. >> Talk about the reinforced learnings from human feedback. How's that factoring in to the LLMs? Is that part of it? Should people be thinking about that? Is that a component that's important? >> It certainly is, yeah. So this is one of the big tweaks that happened with InstructGPT, which is the basis model behind ChatGPT and has since gone on to be used all over the place. So value alignment I think is through RLHF like you mentioned is a very interesting space to get into and it's one that you need to watch over. Like, you're asking humans for feedback over outputs from a model and then you're updating the model with respect to that human feedback. And now you've thrown humans into the loop here in a way that is just going to complicate things. And it certainly helps in many ways. You can ask humans to, let's say that you're deploying an internal chat bot at an enterprise, you could ask humans to align that LLM behind the chatbot to, say company values. And so you're listening feedback about these company values and that's going to scoot that chatbot that you're running internally more toward the kind of language that you'd like to use internally on like a Slack channel or something like that. Watching over that model I think in that specific case, that's a compliance and HR issue as well. So while it is part of the greater LLM stack, you can also view that as an independent bit to watch over. >> Got it, and these are important factors. When people see the Bing news, they freak out how it's doing great. Then it goes off the rails, it goes big, fails big. (laughing) So these models people see that, is that human interaction or is that feedback, is that not accepting it or how do people understand how to take that input in and how to build the right apps around LLMs? This is a tough question. >> Yeah, for sure. So some of the examples that you'll see online where these chatbots go off the rails are obviously humans trying to break the system, but some of them clearly aren't. And that's because these are large statistical models and we don't know what's going to pop out of them all the time. And even if you're doing as much in-house testing at the big companies like the Go-HERE's and the OpenAI's of the world, to try to prevent things like toxicity or racism or other sorts of bad content that might lead to bad pr, you're never going to catch all of these possible holes in the model itself. And so, again, it's very, very important to keep watching over that while it's in production. >> On the business model side, how are you guys doing? What's the approach? How do you guys engage with customers? Take a minute to explain the customer engagement. What do they need? What do you need? How's that work? >> Yeah, I can talk a little bit about that. So it's really easy to get started. It's literally a matter of like just handing out an API key and people can get started. And so we also offer alternative, we also offer versions that can be installed on-prem for models that, we find a lot of our customers have models that deal with very sensitive data. So you can run it in your cloud account or use our cloud version. And so yeah, it's pretty easy to get started with this stuff. We find people start using it a lot of times during the validation phase 'cause that way they can start baselining performance models, they can do champion challenger, they can really kind of baseline the performance of, maybe they're considering different foundation models. And so it's a really helpful tool for understanding differences in the way these models perform. And then from there they can just flow that into their production inferencing, so that as these systems are out there, you have really kind of real time monitoring for anomalies and for all sorts of weird behaviors as well as that continuous feedback loop that helps you make make your product get better and observability and you can run all sorts of aggregated reports to really understand what's going on with these models when they're out there deciding. I should also add that we just today have another way to adopt Arthur and that is we are in the AWS marketplace, and so we are available there just to make it that much easier to use your cloud credits, skip the procurement process, and get up and running really quickly. >> And that's great 'cause Amazon's got SageMaker, which handles a lot of privacy stuff, all kinds of cool things, or you can get down and dirty. So I got to ask on the next one, production is a big deal, getting stuff into production. What have you guys learned that you could share to folks watching? Is there a cost issue? I got to monitor, obviously you brought that up, we talked about the even reinforcement issues, all these things are happening. What is the big learnings that you could share for people that are going to put these into production to watch out for, to plan for, or be prepared for, hope for the best plan for the worst? What's your advice? >> I can give a couple opinions there and I'm sure Adam has. Well, yeah, the big one from my side is, again, I had mentioned this earlier, it's just the input data streams because humans are also exploring how they can use these systems to begin with. It's really, really hard to predict the type of inputs you're going to be seeing in production. Especially, we always talk about chatbots, but then any generative text tasks like this, let's say you're taking in news articles and summarizing them or something like that, it's very hard to get a good sampling even of the set of news articles in such a way that you can really predict what's going to pop out of that model. So to me, it's, adversarial maybe isn't the word that I would use, but it's an unnatural shifting input distribution of like prompts that you might see for these models. That's certainly one. And then the second one that I would talk about is, it can be hard to understand the costs, the inference time costs behind these LLMs. So the pricing on these is always changing as the models change size, it might go up, it might go down based on model size, based on energy cost and so on, but your pricing per token or per a thousand tokens and that I think can be difficult for some clients to wrap their head around. Again, you don't know how these systems are going to be used after all so it can be tough. And so again that's another metric that really should be tracked. >> Yeah, and there's a lot of trade off choices in there with like, how many tokens do you want at each step and in the sequence and based on, you have (indistinct) and you reject these tokens and so based on how your system's operating, that can make the cost highly variable. And that's if you're using like an API version that you're paying per token. A lot of people also choose to run these internally and as John mentioned, the inference time on these is significantly higher than a traditional classifi, even NLP classification model or tabular data model, like orders of magnitude higher. And so you really need to understand how that, as you're constantly iterating on these models and putting out new versions and new features in these models, how that's affecting the overall scale of that inference cost because you can use a lot of computing power very quickly with these profits. >> Yeah, scale, performance, price all come together. I got to ask while we're here on the secret sauce of the company, if you had to describe to people out there watching, what's the secret sauce of the company? What's the key to your success? >> Yeah, so John leads our research team and they've had a number of really cool, I think AI as much as it's been hyped for a while, it's still commercial AI at least is really in its infancy. And so the way we're able to pioneer new ways to think about performance for computer vision NLP LLMs is probably the thing that I'm proudest about. John and his team publish papers all the time at Navs and other places. But I think it's really being able to define what performance means for basically any kind of model type and give people really powerful tools to understand that on an ongoing basis. >> John, secret sauce, how would you describe it? You got all the action happening all around you. >> Yeah, well I going to appreciate Adam talking me up like that. No, I. (all laughing) >> Furrier: Robs to you. >> I would also say a couple of other things here. So we have a very strong engineering team and so I think some early hires there really set the standard at a very high bar that we've maintained as we've grown. And I think that's really paid dividends as scalabilities become even more of a challenge in these spaces, right? And so that's not just scalability when it comes to LLMs, that's scalability when it comes to millions of inferences per day, that kind of thing as well in traditional ML models. And I think that's compared to potential competitors, that's really... Well, it's made us able to just operate more efficiently and pass that along to the client. >> Yeah, and I think the infancy comment is really important because it's the beginning. You really is a long journey ahead. A lot of change coming, like I said, it's a huge wave. So I'm sure you guys got a lot of plannings at the foundation even for your own company, so I appreciate the candid response there. Final question for you guys is, what should the top things be for a company in 2023? If I'm going to set the agenda and I'm a customer moving forward, putting the pedal to the metal, so to speak, what are the top things I should be prioritizing or I need to do to be successful with AI in 2023? >> Yeah, I think, so number one, as we talked about, we've been talking about this entire episode, the things are changing so quickly and the opportunities for business transformation and really disrupting different applications, different use cases, is almost, I don't think we've even fully comprehended how big it is. And so really digging in to your business and understanding where I can apply these new sets of foundation models is, that's a top priority. The interesting thing is I think there's another force at play, which is the macroeconomic conditions and a lot of places are, they're having to work harder to justify budgets. So in the past, couple years ago maybe, they had a blank check to spend on AI and AI development at a lot of large enterprises that was limited primarily by the amount of talent they could scoop up. Nowadays these expenditures are getting scrutinized more. And so one of the things that we really help our customers with is like really calculating the ROI on these things. And so if you have models out there performing and you have a new version that you can put out that lifts the performance by 3%, how many tens of millions of dollars does that mean in business benefit? Or if I want to go to get approval from the CFO to spend a few million dollars on this new project, how can I bake in from the beginning the tools to really show the ROI along the way? Because I think in these systems when done well for a software project, the ROI can be like pretty spectacular. Like we see over a hundred percent ROI in the first year on some of these projects. And so, I think in 2023, you just need to be able to show what you're getting for that spend. >> It's a needle moving moment. You see it all the time with some of these aha moments or like, whoa, blown away. John, I want to get your thoughts on this because one of the things that comes up a lot for companies that I talked to, that are on my second wave, I would say coming in, maybe not, maybe the front wave of adopters is talent and team building. You mentioned some of the hires you got were game changing for you guys and set the bar high. As you move the needle, new developers going to need to come in. What's your advice given that you've been a professor, you've seen students, I know a lot of computer science people want to shift, they might not be yet skilled in AI, but they're proficient in programming, is that's going to be another opportunity with open source when things are happening. How do you talk to that next level of talent that wants to come in to this market to supplement teams and be on teams, lead teams? Any advice you have for people who want to build their teams and people who are out there and want to be a coder in AI? >> Yeah, I've advice, and this actually works for what it would take to be a successful AI company in 2023 as well, which is, just don't be afraid to iterate really quickly with these tools. The space is still being explored on what they can be used for. A lot of the tasks that they're used for now right? like creating marketing content using a machine learning is not a new thing to do. It just works really well now. And so I'm excited to see what the next year brings in terms of folks from outside of core computer science who are, other engineers or physicists or chemists or whatever who are learning how to use these increasingly easy to use tools to leverage LLMs for tasks that I think none of us have really thought about before. So that's really, really exciting. And so toward that I would say iterate quickly. Build things on your own, build demos, show them the friends, host them online and you'll learn along the way and you'll have somebody to show for it. And also you'll help us explore that space. >> Guys, congratulations with Arthur. Great company, great picks and shovels opportunities out there for everybody. Iterate fast, get in quickly and don't be afraid to iterate. Great advice and thank you for coming on and being part of the AWS showcase, thanks. >> Yeah, thanks for having us on John. Always a pleasure. >> Yeah, great stuff. Adam Wenchel, John Dickerson with Arthur. Thanks for coming on theCUBE. I'm John Furrier, your host. Generative AI and AWS. Keep it right there for more action with theCUBE. Thanks for watching. (upbeat music)

(soft music) >> Hello, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase. AI and Machine Learning: Top Startups Building Foundational Model Infrastructure. This is season 3, episode 1 of the ongoing series covering the exciting stuff from the AWS ecosystem, talking about machine learning and AI. I'm your host, John Furrier and today we are excited to be joined by Luis Ceze who's the CEO of OctoML and Anna Connolly, VP of customer success and experience OctoML. Great to have you on again, Luis. Anna, thanks for coming on. Appreciate it. >> Thank you, John. It's great to be here. >> Thanks for having us. >> I love the company. We had a CUBE conversation about this. You guys are really addressing how to run foundational models faster for less. And this is like the key theme. But before we get into it, this is a hot trend, but let's explain what you guys do. Can you set the narrative of what the company's about, why it was founded, what's your North Star and your mission? >> Yeah, so John, our mission is to make AI sustainable and accessible for everyone. And what we offer customers is, you know, a way of taking their models into production in the most efficient way possible by automating the process of getting a model and optimizing it for a variety of hardware and making cost-effective. So better, faster, cheaper model deployment. >> You know, the big trend here is AI. Everyone's seeing the ChatGPT, kind of the shot heard around the world. The BingAI and this fiasco and the ongoing experimentation. People are into it, and I think the business impact is clear. I haven't seen this in all of my career in the technology industry of this kind of inflection point. And every senior leader I talk to is rethinking about how to rebuild their business with AI because now the large language models have come in, these foundational models are here, they can see value in their data. This is a 10 year journey in the big data world. Now it's impacting that, and everyone's rebuilding their company around this idea of being AI first 'cause they see ways to eliminate things and make things more efficient. And so now they telling 'em to go do it. And they're like, what do we do? So what do you guys think? Can you explain what is this wave of AI and why is it happening, why now, and what should people pay attention to? What does it mean to them? >> Yeah, I mean, it's pretty clear by now that AI can do amazing things that captures people's imaginations. And also now can show things that are really impactful in businesses, right? So what people have the opportunity to do today is to either train their own model that adds value to their business or find open models out there that can do very valuable things to them. So the next step really is how do you take that model and put it into production in a cost-effective way so that the business can actually get value out of it, right? >> Anna, what's your take? Because customers are there, you're there to make 'em successful, you got the new secret weapon for their business. >> Yeah, I think we just see a lot of companies struggle to get from a trained model into a model that is deployed in a cost-effective way that actually makes sense for the application they're building. I think that's a huge challenge we see today, kind of across the board across all of our customers. >> Well, I see this, everyone asking the same question. I have data, I want to get value out of it. I got to get these big models, I got to train it. What's it going to cost? So I think there's a reality of, okay, I got to do it. Then no one has any visibility on what it costs. When they get into it, this is going to break the bank. So I have to ask you guys, the cost of training these models is on everyone's mind. OctoML, your company's focus on the cost side of it as well as the efficiency side of running these models in production. Why are the production costs such a concern and where specifically are people looking at it and why did it get here? >> Yeah, so training costs get a lot of attention because normally a large number, but we shouldn't forget that it's a large, typically one time upfront cost that customers pay. But, you know, when the model is put into production, the cost grows directly with model usage and you actually want your model to be used because it's adding value, right? So, you know, the question that a customer faces is, you know, they have a model, they have a trained model and now what? So how much would it cost to run in production, right? And now without the big wave in generative AI, which rightfully is getting a lot of attention because of the amazing things that it can do. It's important for us to keep in mind that generative AI models like ChatGPT are huge, expensive energy hogs. They cost a lot to run, right? And given that model usage growth directly, model cost grows directly with usage, what you want to do is make sure that once you put a model into production, you have the best cost structure possible so that you're not surprised when it's gets popular, right? So let me give you an example. So if you have a model that costs, say 1 to $2 million to train, but then it costs about one to two cents per session to use it, right? So if you have a million active users, even if they use just once a day, it's 10 to $20,000 a day to operate that model in production. And that very, very quickly, you know, get beyond what you paid to train it. >> Anna, these aren't small numbers, and it's cost to train and cost to operate, it kind of reminds me of when the cloud came around and the data center versus cloud options. Like, wait a minute, one, it costs a ton of cash to deploy, and then running it. This is kind of a similar dynamic. What are you seeing? >> Yeah, absolutely. I think we are going to see increasingly the cost and production outpacing the costs and training by a lot. I mean, people talk about training costs now because that's what they're confronting now because people are so focused on getting models performant enough to even use in an application. And now that we have them and they're that capable, we're really going to start to see production costs go up a lot. >> Yeah, Luis, if you don't mind, I know this might be a little bit of a tangent, but, you know, training's super important. I get that. That's what people are doing now, but then there's the deployment side of production. Where do people get caught up and miss the boat or misconfigure? What's the gotcha? Where's the trip wire or so to speak? Where do people mess up on the cost side? What do they do? Is it they don't think about it, they tie it to proprietary hardware? What's the issue? >> Yeah, several things, right? So without getting really technical, which, you know, I might get into, you know, you have to understand relationship between performance, you know, both in terms of latency and throughput and cost, right? So reducing latency is important because you improve responsiveness of the model. But it's really important to keep in mind that it often leads diminishing returns. Below a certain latency, making it faster won't make a measurable difference in experience, but it's going to cost a lot more. So understanding that is important. Now, if you care more about throughputs, which is the time it takes for you to, you know, units per period of time, you care about time to solution, we should think about this throughput per dollar. And understand what you want is the highest throughput per dollar, which may come at the cost of higher latency, which you're not going to care about, right? So, and the reality here, John, is that, you know, humans and especially folks in this space want to have the latest and greatest hardware. And often they commit a lot of money to get access to them and have to commit upfront before they understand the needs that their models have, right? So common mistake here, one is not spending time to understand what you really need, and then two, over-committing and using more hardware than you actually need. And not giving yourself enough freedom to get your workload to move around to the more cost-effective choice, right? So this is just a metaphoric choice. And then another thing that's important here too is making a model run faster on the hardware directly translates to lower cost, right? So, but it takes a lot of engineers, you need to think of ways of producing very efficient versions of your model for the target hardware that you're going to use. >> Anna, what's the customer angle here? Because price performance has been around for a long time, people get that, but now latency and throughput, that's key because we're starting to see this in apps. I mean, there's an end user piece. I even seeing it on the infrastructure side where they're taking a heavy lifting away from operational costs. So you got, you know, application specific to the user and/or top of the stack, and then you got actually being used in operations where they want both. >> Yeah, absolutely. Maybe I can illustrate this with a quick story with the customer that we had recently been working with. So this customer is planning to run kind of a transformer based model for tech generation at super high scale on Nvidia T4 GPU, so kind of a commodity GPU. And the scale was so high that they would've been paying hundreds of thousands of dollars in cloud costs per year just to serve this model alone. You know, one of many models in their application stack. So we worked with this team to optimize our model and then benchmark across several possible targets. So that matching the hardware that Luis was just talking about, including the newer kind of Nvidia A10 GPUs. And what they found during this process was pretty interesting. First, the team was able to shave a quarter of their spend just by using better optimization techniques on the T4, the older hardware. But actually moving to a newer GPU would allow them to serve this model in a sub two milliseconds latency, so super fast, which was able to unlock an entirely new kind of user experience. So they were able to kind of change the value they're delivering in their application just because they were able to move to this new hardware easily. So they ultimately decided to plan their deployment on the more expensive A10 because of this, but because of the hardware specific optimizations that we helped them with, they managed to even, you know, bring costs down from what they had originally planned. And so if you extend this kind of example to everything that's happening with generative AI, I think the story we just talked about was super relevant, but the scale can be even higher, you know, it can be tenfold that. We were recently conducting kind of this internal study using GPT-J as a proxy to illustrate the experience of just a company trying to use one of these large language models with an example scenario of creating a chatbot to help job seekers prepare for interviews. So if you imagine kind of a conservative usage scenario where the model generates just 3000 words per user per day, which is, you know, pretty conservative for how people are interacting with these models. It costs 5 cents a session and if you're a company and your app goes viral, so from, you know, beginning of the year there's nobody, at the end of the year there's a million daily active active users in that year alone, going from zero to a million. You'll be spending about $6 million a year, which is pretty unmanageable. That's crazy, right? >> Yeah. >> For a company or a product that's just launching. So I think, you know, for us we see the real way to make these kind of advancements accessible and sustainable, as we said is to bring down cost to serve using these techniques. >> That's a great story and I think that illustrates this idea that deployment cost can vary from situation to situation, from model to model and that the efficiency is so strong with this new wave, it eliminates heavy lifting, creates more efficiency, automates intellect. I mean, this is the trend, this is radical, this is going to increase. So the cost could go from nominal to millions, literally, potentially. So, this is what customers are doing. Yeah, that's a great story. What makes sense on a financial, is there a cost of ownership? Is there a pattern for best practice for training? What do you guys advise cuz this is a lot of time and money involved in all potential, you know, good scenarios of upside. But you can get over your skis as they say, and be successful and be out of business if you don't manage it. I mean, that's what people are talking about, right? >> Yeah, absolutely. I think, you know, we see kind of three main vectors to reduce cost. I think one is make your deployment process easier overall, so that your engineering effort to even get your app running goes down. Two, would be get more from the compute you're already paying for, you're already paying, you know, for your instances in the cloud, but can you do more with that? And then three would be shop around for lower cost hardware to match your use case. So on the first one, I think making the deployment easier overall, there's a lot of manual work that goes into benchmarking, optimizing and packaging models for deployment. And because the performance of machine learning models can be really hardware dependent, you have to go through this process for each target you want to consider running your model on. And this is hard, you know, we see that every day. But for teams who want to incorporate some of these large language models into their applications, it might be desirable because licensing a model from a large vendor like OpenAI can leave you, you know, over provision, kind of paying for capabilities you don't need in your application or can lock you into them and you lose flexibility. So we have a customer whose team actually prepares models for deployment in a SaaS application that many of us use every day. And they told us recently that without kind of an automated benchmarking and experimentation platform, they were spending several days each to benchmark a single model on a single hardware type. So this is really, you know, manually intensive and then getting more from the compute you're already paying for. We do see customers who leave money on the table by running models that haven't been optimized specifically for the hardware target they're using, like Luis was mentioning. And for some teams they just don't have the time to go through an optimization process and for others they might lack kind of specialized expertise and this is something we can bring. And then on shopping around for different hardware types, we really see a huge variation in model performance across hardware, not just CPU vs. GPU, which is, you know, what people normally think of. But across CPU vendors themselves, high memory instances and across cloud providers even. So the best strategy here is for teams to really be able to, we say, look before you leap by running real world benchmarking and not just simulations or predictions to find the best software, hardware combination for their workload. >> Yeah. You guys sound like you have a very impressive customer base deploying large language models. Where would you categorize your current customer base? And as you look out, as you guys are growing, you have new customers coming in, take me through the progression. Take me through the profile of some of your customers you have now, size, are they hyperscalers, are they big app folks, are they kicking the tires? And then as people are out there scratching heads, I got to get in this game, what's their psychology like? Are they coming in with specific problems or do they have specific orientation point of view about what they want to do? Can you share some data around what you're seeing? >> Yeah, I think, you know, we have customers that kind of range across the spectrum of sophistication from teams that basically don't have MLOps expertise in their company at all. And so they're really looking for us to kind of give a full service, how should I do everything from, you know, optimization, find the hardware, prepare for deployment. And then we have teams that, you know, maybe already have their serving and hosting infrastructure up and ready and they already have models in production and they're really just looking to, you know, take the extra juice out of the hardware and just do really specific on that optimization piece. I think one place where we're doing a lot more work now is kind of in the developer tooling, you know, model selection space. And that's kind of an area that we're creating more tools for, particularly within the PyTorch ecosystem to bring kind of this power earlier in the development cycle so that as people are grabbing a model off the shelf, they can, you know, see how it might perform and use that to inform their development process. >> Luis, what's the big, I like this idea of picking the models because isn't that like going to the market and picking the best model for your data? It's like, you know, it's like, isn't there a certain approaches? What's your view on this? 'Cause this is where everyone, I think it's going to be a land rush for this and I want to get your thoughts. >> For sure, yeah. So, you know, I guess I'll start with saying the one main takeaway that we got from the GPT-J study is that, you know, having a different understanding of what your model's compute and memory requirements are, very quickly, early on helps with the much smarter AI model deployments, right? So, and in fact, you know, Anna just touched on this, but I want to, you know, make sure that it's clear that OctoML is putting that power into user's hands right now. So in partnership with AWS, we are launching this new PyTorch native profiler that allows you with a single, you know, one line, you know, code decorator allows you to see how your code runs on a variety of different hardware after accelerations. So it gives you very clear, you know, data on how you should think about your model deployments. And this ties back to choices of models. So like, if you have a set of choices that are equally good of models in terms of functionality and you want to understand after acceleration how are you going to deploy, how much they're going to cost or what are the options using a automated process of making a decision is really, really useful. And in fact, so I think these events can get early access to this by signing up for the Octopods, you know, this is exclusive group for insiders here, so you can go to OctoML.ai/pods to sign up. >> So that Octopod, is that a program? What is that, is that access to code? Is that a beta, what is that? Explain, take a minute and explain Octopod. >> I think the Octopod would be a group of people who is interested in experiencing this functionality. So it is the friends and users of OctoML that would be the Octopod. And then yes, after you sign up, we would provide you essentially the tool in code form for you to try out in your own. I mean, part of the benefit of this is that it happens in your own local environment and you're in control of everything kind of within the workflow that developers are already using to create and begin putting these models into their applications. So it would all be within your control. >> Got it. I think the big question I have for you is when do you, when does that one of your customers know they need to call you? What's their environment look like? What are they struggling with? What are the conversations they might be having on their side of the fence? If anyone's watching this, they're like, "Hey, you know what, I've got my team, we have a lot of data. Do we have our own language model or do I use someone else's?" There's a lot of this, I will say discovery going on around what to do, what path to take, what does that customer look like, if someone's listening, when do they know to call you guys, OctoML? >> Well, I mean the most obvious one is that you have a significant spend on AI/ML, come and talk to us, you know, putting AIML into production. So that's the clear one. In fact, just this morning I was talking to someone who is in life sciences space and is having, you know, 15 to $20 million a year cloud related to AI/ML deployment is a clear, it's a pretty clear match right there, right? So that's on the cost side. But I also want to emphasize something that Anna said earlier that, you know, the hardware and software complexity involved in putting model into production is really high. So we've been able to abstract that away, offering a clean automation flow enables one, to experiment early on, you know, how models would run and get them to production. And then two, once they are into production, gives you an automated flow to continuously updating your model and taking advantage of all this acceleration and ability to run the model on the right hardware. So anyways, let's say one then is cost, you know, you have significant cost and then two, you have an automation needs. And Anna please compliment that. >> Yeah, Anna you can please- >> Yeah, I think that's exactly right. Maybe the other time is when you are expecting a big scale up in serving your application, right? You're launching a new feature, you expect to get a lot of usage or, and you want to kind of anticipate maybe your CTO, your CIO, whoever pays your cloud bills is going to come after you, right? And so they want to know, you know, what's the return on putting this model essentially into my application stack? Am I going to, is the usage going to match what I'm paying for it? And then you can understand that. >> So you guys have a lot of the early adopters, they got big data teams, they're pushed in the production, they want to get a little QA, test the waters, understand, use your technology to figure it out. Is there any cases where people have gone into production, they have to pull it out? It's like the old lemon laws with your car, you buy a car and oh my god, it's not the way I wanted it. I mean, I can imagine the early people through the wall, so to speak, in the wave here are going to be bloody in the sense that they've gone in and tried stuff and get stuck with huge bills. Are you seeing that? Are people pulling stuff out of production and redeploying? Or I can imagine that if I had a bad deployment, I'd want to refactor that or actually replatform that. Do you see that too? >> Definitely after a sticker shock, yes, your customers will come and make sure that, you know, the sticker shock won't happen again. >> Yeah. >> But then there's another more thorough aspect here that I think we likely touched on, be worth elaborating a bit more is just how are you going to scale in a way that's feasible depending on the allocation that you get, right? So as we mentioned several times here, you know, model deployment is so hardware dependent and so complex that you tend to get a model for a hardware choice and then you want to scale that specific type of instance. But what if, when you want to scale because suddenly luckily got popular and, you know, you want to scale it up and then you don't have that instance anymore. So how do you live with whatever you have at that moment is something that we see customers needing as well. You know, so in fact, ideally what we want is customers to not think about what kind of specific instances they want. What they want is to know what their models need. Say, they know the SLA and then find a set of hybrid targets and instances that hit the SLA whenever they're also scaling, they're going to scale with more freedom, right? Instead of having to wait for AWS to give them more specific allocation for a specific instance. What if you could live with other types of hardware and scale up in a more free way, right? So that's another thing that we see customers, you know, like they need more freedom to be able to scale with whatever is available. >> Anna, you touched on this with the business model impact to that 6 million cost, if that goes out of control, there's a business model aspect and there's a technical operation aspect to the cost side too. You want to be mindful of riding the wave in a good way, but not getting over your skis. So that brings up the point around, you know, confidence, right? And teamwork. Because if you're in production, there's probably a team behind it. Talk about the team aspect of your customers. I mean, they're dedicated, they go put stuff into production, they're developers, there're data. What's in it for them? Are they getting better, are they in the beach, you know, reading the book. Are they, you know, are there easy street for them? What's the customer benefit to the teams? >> Yeah, absolutely. With just a few clicks of a button, you're in production, right? That's the dream. So yeah, I mean I think that, you know, we illustrated it before a little bit. I think the automated kind of benchmarking and optimization process, like when you think about the effort it takes to get that data by hand, which is what people are doing today, they just don't do it. So they're making decisions without the best information because it's, you know, there just isn't the bandwidth to get the information that they need to make the best decision and then know exactly how to deploy it. So I think it's actually bringing kind of a new insight and capability to these teams that they didn't have before. And then maybe another aspect on the team side is that it's making the hand-off of the models from the data science teams to the model deployment teams more seamless. So we have, you know, we have seen in the past that this kind of transition point is the place where there are a lot of hiccups, right? The data science team will give a model to the production team and it'll be too slow for the application or it'll be too expensive to run and it has to go back and be changed and kind of this loop. And so, you know, with the PyTorch profiler that Luis was talking about, and then also, you know, the other ways we do optimization that kind of prevents that hand-off problem from happening. >> Luis and Anna, you guys have a great company. Final couple minutes left. Talk about the company, the people there, what's the culture like, you know, if Intel has Moore's law, which is, you know, doubling the performance in few years, what's the culture like there? Is it, you know, more throughput, better pricing? Explain what's going on with the company and put a plug in. Luis, we'll start with you. >> Yeah, absolutely. I'm extremely proud of the team that we built here. You know, we have a people first culture, you know, very, very collaborative and folks, we all have a shared mission here of making AI more accessible and sustainable. We have a very diverse team in terms of backgrounds and life stories, you know, to do what we do here, we need a team that has expertise in software engineering, in machine learning, in computer architecture. Even though we don't build chips, we need to understand how they work, right? So, and then, you know, the fact that we have this, this very really, really varied set of backgrounds makes the environment, you know, it's say very exciting to learn more about, you know, assistance end-to-end. But also makes it for a very interesting, you know, work environment, right? So people have different backgrounds, different stories. Some of them went to grad school, others, you know, were in intelligence agencies and now are working here, you know. So we have a really interesting set of people and, you know, life is too short not to work with interesting humans. You know, that's something that I like to think about, you know. >> I'm sure your off-site meetings are a lot of fun, people talking about computer architectures, silicon advances, the next GPU, the big data models coming in. Anna, what's your take? What's the culture like? What's the company vibe and what are you guys looking to do? What's the customer success pattern? What's up? >> Yeah, absolutely. I mean, I, you know, second all of the great things that Luis just said about the team. I think one that I, an additional one that I'd really like to underscore is kind of this customer obsession, to use a term you all know well. And focus on the end users and really making the experiences that we're bringing to our user who are developers really, you know, useful and valuable for them. And so I think, you know, all of these tools that we're trying to put in the hands of users, the industry and the market is changing so rapidly that our products across the board, you know, all of the companies that, you know, are part of the showcase today, we're all evolving them so quickly and we can only do that kind of really hand in glove with our users. So that would be another thing I'd emphasize. >> I think the change dynamic, the power dynamics of this industry is just the beginning. I'm very bullish that this is going to be probably one of the biggest inflection points in history of the computer industry because of all the dynamics of the confluence of all the forces, which you mentioned some of them, I mean PC, you know, interoperability within internetworking and you got, you know, the web and then mobile. Now we have this, I mean, I wouldn't even put social media even in the close to this. Like, this is like, changes user experience, changes infrastructure. There's going to be massive accelerations in performance on the hardware side from AWS's of the world and cloud and you got the edge and more data. This is really what big data was going to look like. This is the beginning. Final question, what do you guys see going forward in the future? >> Well, it's undeniable that machine learning and AI models are becoming an integral part of an interesting application today, right? So, and the clear trends here are, you know, more and more competitional needs for these models because they're only getting more and more powerful. And then two, you know, seeing the complexity of the infrastructure where they run, you know, just considering the cloud, there's like a wide variety of choices there, right? So being able to live with that and making the most out of it in a way that does not require, you know, an impossible to find team is something that's pretty clear. So the need for automation, abstracting with the complexity is definitely here. And we are seeing this, you know, trends are that you also see models starting to move to the edge as well. So it's clear that we're seeing, we are going to live in a world where there's no large models living in the cloud. And then, you know, edge models that talk to these models in the cloud to form, you know, an end-to-end truly intelligent application. >> Anna? >> Yeah, I think, you know, our, Luis said it at the beginning. Our vision is to make AI sustainable and accessible. And I think as this technology just expands in every company and every team, that's going to happen kind of on its own. And we're here to help support that. And I think you can't do that without tools like those like OctoML. >> I think it's going to be an error of massive invention, creativity, a lot of the format heavy lifting is going to allow the talented people to automate their intellect. I mean, this is really kind of what we see going on. And Luis, thank you so much. Anna, thanks for coming on this segment. Thanks for coming on theCUBE and being part of the AWS Startup Showcase. I'm John Furrier, your host. Thanks for watching. (upbeat music)

(upbeat music) >> Hello everyone. Welcome to theCube's presentation of the "AWS Startup Showcase." The topic this episode is AI and machine learning, top startups building foundational model infrastructure. This is season three, episode one of the ongoing series covering exciting startups from the AWS ecosystem. And this time we're talking about AI and machine learning. I'm your host, John Furrier. I'm excited I'm joined today by Robert Nishihara, who's the co-founder and CEO of a hot startup called Anyscale. He's here to talk about Ray, the open source project, Anyscale's infrastructure for foundation as well. Robert, thank you for joining us today. >> Yeah, thanks so much as well. >> I've been following your company since the founding pre pandemic and you guys really had a great vision scaled up and in a perfect position for this big wave that we all see with ChatGPT and OpenAI that's gone mainstream. Finally, AI has broken out through the ropes and now gone mainstream, so I think you guys are really well positioned. I'm looking forward to to talking with you today. But before we get into it, introduce the core mission for Anyscale. Why do you guys exist? What is the North Star for Anyscale? >> Yeah, like you mentioned, there's a tremendous amount of excitement about AI right now. You know, I think a lot of us believe that AI can transform just every different industry. So one of the things that was clear to us when we started this company was that the amount of compute needed to do AI was just exploding. Like to actually succeed with AI, companies like OpenAI or Google or you know, these companies getting a lot of value from AI, were not just running these machine learning models on their laptops or on a single machine. They were scaling these applications across hundreds or thousands or more machines and GPUs and other resources in the Cloud. And so to actually succeed with AI, and this has been one of the biggest trends in computing, maybe the biggest trend in computing in, you know, in recent history, the amount of compute has been exploding. And so to actually succeed with that AI, to actually build these scalable applications and scale the AI applications, there's a tremendous software engineering lift to build the infrastructure to actually run these scalable applications. And that's very hard to do. So one of the reasons many AI projects and initiatives fail is that, or don't make it to production, is the need for this scale, the infrastructure lift, to actually make it happen. So our goal here with Anyscale and Ray, is to make that easy, is to make scalable computing easy. So that as a developer or as a business, if you want to do AI, if you want to get value out of AI, all you need to know is how to program on your laptop. Like, all you need to know is how to program in Python. And if you can do that, then you're good to go. Then you can do what companies like OpenAI or Google do and get value out of machine learning. >> That programming example of how easy it is with Python reminds me of the early days of Cloud, when infrastructure as code was talked about was, it was just code the infrastructure programmable. That's super important. That's what AI people wanted, first program AI. That's the new trend. And I want to understand, if you don't mind explaining, the relationship that Anyscale has to these foundational models and particular the large language models, also called LLMs, was seen with like OpenAI and ChatGPT. Before you get into the relationship that you have with them, can you explain why the hype around foundational models? Why are people going crazy over foundational models? What is it and why is it so important? >> Yeah, so foundational models and foundation models are incredibly important because they enable businesses and developers to get value out of machine learning, to use machine learning off the shelf with these large models that have been trained on tons of data and that are useful out of the box. And then, of course, you know, as a business or as a developer, you can take those foundational models and repurpose them or fine tune them or adapt them to your specific use case and what you want to achieve. But it's much easier to do that than to train them from scratch. And I think there are three, for people to actually use foundation models, there are three main types of workloads or problems that need to be solved. One is training these foundation models in the first place, like actually creating them. The second is fine tuning them and adapting them to your use case. And the third is serving them and actually deploying them. Okay, so Ray and Anyscale are used for all of these three different workloads. Companies like OpenAI or Cohere that train large language models. Or open source versions like GPTJ are done on top of Ray. There are many startups and other businesses that fine tune, that, you know, don't want to train the large underlying foundation models, but that do want to fine tune them, do want to adapt them to their purposes, and build products around them and serve them, those are also using Ray and Anyscale for that fine tuning and that serving. And so the reason that Ray and Anyscale are important here is that, you know, building and using foundation models requires a huge scale. It requires a lot of data. It requires a lot of compute, GPUs, TPUs, other resources. And to actually take advantage of that and actually build these scalable applications, there's a lot of infrastructure that needs to happen under the hood. And so you can either use Ray and Anyscale to take care of that and manage the infrastructure and solve those infrastructure problems. Or you can build the infrastructure and manage the infrastructure yourself, which you can do, but it's going to slow your team down. It's going to, you know, many of the businesses we work with simply don't want to be in the business of managing infrastructure and building infrastructure. They want to focus on product development and move faster. >> I know you got a keynote presentation we're going to go to in a second, but I think you hit on something I think is the real tipping point, doing it yourself, hard to do. These are things where opportunities are and the Cloud did that with data centers. Turned a data center and made it an API. The heavy lifting went away and went to the Cloud so people could be more creative and build their product. In this case, build their creativity. Is that kind of what's the big deal? Is that kind of a big deal happening that you guys are taking the learnings and making that available so people don't have to do that? >> That's exactly right. So today, if you want to succeed with AI, if you want to use AI in your business, infrastructure work is on the critical path for doing that. To do AI, you have to build infrastructure. You have to figure out how to scale your applications. That's going to change. We're going to get to the point, and you know, with Ray and Anyscale, we're going to remove the infrastructure from the critical path so that as a developer or as a business, all you need to focus on is your application logic, what you want the the program to do, what you want your application to do, how you want the AI to actually interface with the rest of your product. Now the way that will happen is that Ray and Anyscale will still, the infrastructure work will still happen. It'll just be under the hood and taken care of by Ray in Anyscale. And so I think something like this is really necessary for AI to reach its potential, for AI to have the impact and the reach that we think it will, you have to make it easier to do. >> And just for clarification to point out, if you don't mind explaining the relationship of Ray and Anyscale real quick just before we get into the presentation. >> So Ray is an open source project. We created it. We were at Berkeley doing machine learning. We started Ray so that, in order to provide an easy, a simple open source tool for building and running scalable applications. And Anyscale is the managed version of Ray, basically we will run Ray for you in the Cloud, provide a lot of tools around the developer experience and managing the infrastructure and providing more performance and superior infrastructure. >> Awesome. I know you got a presentation on Ray and Anyscale and you guys are positioning as the infrastructure for foundational models. So I'll let you take it away and then when you're done presenting, we'll come back, I'll probably grill you with a few questions and then we'll close it out so take it away. >> Robert: Sounds great. So I'll say a little bit about how companies are using Ray and Anyscale for foundation models. The first thing I want to mention is just why we're doing this in the first place. And the underlying observation, the underlying trend here, and this is a plot from OpenAI, is that the amount of compute needed to do machine learning has been exploding. It's been growing at something like 35 times every 18 months. This is absolutely enormous. And other people have written papers measuring this trend and you get different numbers. But the point is, no matter how you slice and dice it, it' a astronomical rate. Now if you compare that to something we're all familiar with, like Moore's Law, which says that, you know, the processor performance doubles every roughly 18 months, you can see that there's just a tremendous gap between the needs, the compute needs of machine learning applications, and what you can do with a single chip, right. So even if Moore's Law were continuing strong and you know, doing what it used to be doing, even if that were the case, there would still be a tremendous gap between what you can do with the chip and what you need in order to do machine learning. And so given this graph, what we've seen, and what has been clear to us since we started this company, is that doing AI requires scaling. There's no way around it. It's not a nice to have, it's really a requirement. And so that led us to start Ray, which is the open source project that we started to make it easy to build these scalable Python applications and scalable machine learning applications. And since we started the project, it's been adopted by a tremendous number of companies. Companies like OpenAI, which use Ray to train their large models like ChatGPT, companies like Uber, which run all of their deep learning and classical machine learning on top of Ray, companies like Shopify or Spotify or Instacart or Lyft or Netflix, ByteDance, which use Ray for their machine learning infrastructure. Companies like Ant Group, which makes Alipay, you know, they use Ray across the board for fraud detection, for online learning, for detecting money laundering, you know, for graph processing, stream processing. Companies like Amazon, you know, run Ray at a tremendous scale and just petabytes of data every single day. And so the project has seen just enormous adoption since, over the past few years. And one of the most exciting use cases is really providing the infrastructure for building training, fine tuning, and serving foundation models. So I'll say a little bit about, you know, here are some examples of companies using Ray for foundation models. Cohere trains large language models. OpenAI also trains large language models. You can think about the workloads required there are things like supervised pre-training, also reinforcement learning from human feedback. So this is not only the regular supervised learning, but actually more complex reinforcement learning workloads that take human input about what response to a particular question, you know is better than a certain other response. And incorporating that into the learning. There's open source versions as well, like GPTJ also built on top of Ray as well as projects like Alpa coming out of UC Berkeley. So these are some of the examples of exciting projects in organizations, training and creating these large language models and serving them using Ray. Okay, so what actually is Ray? Well, there are two layers to Ray. At the lowest level, there's the core Ray system. This is essentially low level primitives for building scalable Python applications. Things like taking a Python function or a Python class and executing them in the cluster setting. So Ray core is extremely flexible and you can build arbitrary scalable applications on top of Ray. So on top of Ray, on top of the core system, what really gives Ray a lot of its power is this ecosystem of scalable libraries. So on top of the core system you have libraries, scalable libraries for ingesting and pre-processing data, for training your models, for fine tuning those models, for hyper parameter tuning, for doing batch processing and batch inference, for doing model serving and deployment, right. And a lot of the Ray users, the reason they like Ray is that they want to run multiple workloads. They want to train and serve their models, right. They want to load their data and feed that into training. And Ray provides common infrastructure for all of these different workloads. So this is a little overview of what Ray, the different components of Ray. So why do people choose to go with Ray? I think there are three main reasons. The first is the unified nature. The fact that it is common infrastructure for scaling arbitrary workloads, from data ingest to pre-processing to training to inference and serving, right. This also includes the fact that it's future proof. AI is incredibly fast moving. And so many people, many companies that have built their own machine learning infrastructure and standardized on particular workflows for doing machine learning have found that their workflows are too rigid to enable new capabilities. If they want to do reinforcement learning, if they want to use graph neural networks, they don't have a way of doing that with their standard tooling. And so Ray, being future proof and being flexible and general gives them that ability. Another reason people choose Ray in Anyscale is the scalability. This is really our bread and butter. This is the reason, the whole point of Ray, you know, making it easy to go from your laptop to running on thousands of GPUs, making it easy to scale your development workloads and run them in production, making it easy to scale, you know, training to scale data ingest, pre-processing and so on. So scalability and performance, you know, are critical for doing machine learning and that is something that Ray provides out of the box. And lastly, Ray is an open ecosystem. You can run it anywhere. You can run it on any Cloud provider. Google, you know, Google Cloud, AWS, Asure. You can run it on your Kubernetes cluster. You can run it on your laptop. It's extremely portable. And not only that, it's framework agnostic. You can use Ray to scale arbitrary Python workloads. You can use it to scale and it integrates with libraries like TensorFlow or PyTorch or JAX or XG Boost or Hugging Face or PyTorch Lightning, right, or Scikit-learn or just your own arbitrary Python code. It's open source. And in addition to integrating with the rest of the machine learning ecosystem and these machine learning frameworks, you can use Ray along with all of the other tooling in the machine learning ecosystem. That's things like weights and biases or ML flow, right. Or you know, different data platforms like Databricks, you know, Delta Lake or Snowflake or tools for model monitoring for feature stores, all of these integrate with Ray. And that's, you know, Ray provides that kind of flexibility so that you can integrate it into the rest of your workflow. And then Anyscale is the scalable compute platform that's built on top, you know, that provides Ray. So Anyscale is a managed Ray service that runs in the Cloud. And what Anyscale does is it offers the best way to run Ray. And if you think about what you get with Anyscale, there are fundamentally two things. One is about moving faster, accelerating the time to market. And you get that by having the managed service so that as a developer you don't have to worry about managing infrastructure, you don't have to worry about configuring infrastructure. You also, it provides, you know, optimized developer workflows. Things like easily moving from development to production, things like having the observability tooling, the debug ability to actually easily diagnose what's going wrong in a distributed application. So things like the dashboards and the other other kinds of tooling for collaboration, for monitoring and so on. And then on top of that, so that's the first bucket, developer productivity, moving faster, faster experimentation and iteration. The second reason that people choose Anyscale is superior infrastructure. So this is things like, you know, cost deficiency, being able to easily take advantage of spot instances, being able to get higher GPU utilization, things like faster cluster startup times and auto scaling. Things like just overall better performance and faster scheduling. And so these are the kinds of things that Anyscale provides on top of Ray. It's the managed infrastructure. It's fast, it's like the developer productivity and velocity as well as performance. So this is what I wanted to share about Ray in Anyscale. >> John: Awesome. >> Provide that context. But John, I'm curious what you think. >> I love it. I love the, so first of all, it's a platform because that's the platform architecture right there. So just to clarify, this is an Anyscale platform, not- >> That's right. >> Tools. So you got tools in the platform. Okay, that's key. Love that managed service. Just curious, you mentioned Python multiple times, is that because of PyTorch and TensorFlow or Python's the most friendly with machine learning or it's because it's very common amongst all developers? >> That's a great question. Python is the language that people are using to do machine learning. So it's the natural starting point. Now, of course, Ray is actually designed in a language agnostic way and there are companies out there that use Ray to build scalable Java applications. But for the most part right now we're focused on Python and being the best way to build these scalable Python and machine learning applications. But, of course, down the road there always is that potential. >> So if you're slinging Python code out there and you're watching that, you're watching this video, get on Anyscale bus quickly. Also, I just, while you were giving the presentation, I couldn't help, since you mentioned OpenAI, which by the way, congratulations 'cause they've had great scale, I've noticed in their rapid growth 'cause they were the fastest company to the number of users than anyone in the history of the computer industry, so major successor, OpenAI and ChatGPT, huge fan. I'm not a skeptic at all. I think it's just the beginning, so congratulations. But I actually typed into ChatGPT, what are the top three benefits of Anyscale and came up with scalability, flexibility, and ease of use. Obviously, scalability is what you guys are called. >> That's pretty good. >> So that's what they came up with. So they nailed it. Did you have an inside prompt training, buy it there? Only kidding. (Robert laughs) >> Yeah, we hard coded that one. >> But that's the kind of thing that came up really, really quickly if I asked it to write a sales document, it probably will, but this is the future interface. This is why people are getting excited about the foundational models and the large language models because it's allowing the interface with the user, the consumer, to be more human, more natural. And this is clearly will be in every application in the future. >> Absolutely. This is how people are going to interface with software, how they're going to interface with products in the future. It's not just something, you know, not just a chat bot that you talk to. This is going to be how you get things done, right. How you use your web browser or how you use, you know, how you use Photoshop or how you use other products. Like you're not going to spend hours learning all the APIs and how to use them. You're going to talk to it and tell it what you want it to do. And of course, you know, if it doesn't understand it, it's going to ask clarifying questions. You're going to have a conversation and then it'll figure it out. >> This is going to be one of those things, we're going to look back at this time Robert and saying, "Yeah, from that company, that was the beginning of that wave." And just like AWS and Cloud Computing, the folks who got in early really were in position when say the pandemic came. So getting in early is a good thing and that's what everyone's talking about is getting in early and playing around, maybe replatforming or even picking one or few apps to refactor with some staff and managed services. So people are definitely jumping in. So I have to ask you the ROI cost question. You mentioned some of those, Moore's Law versus what's going on in the industry. When you look at that kind of scale, the first thing that jumps out at people is, "Okay, I love it. Let's go play around." But what's it going to cost me? Am I going to be tied to certain GPUs? What's the landscape look like from an operational standpoint, from the customer? Are they locked in and the benefit was flexibility, are you flexible to handle any Cloud? What is the customers, what are they looking at? Basically, that's my question. What's the customer looking at? >> Cost is super important here and many of the companies, I mean, companies are spending a huge amount on their Cloud computing, on AWS, and on doing AI, right. And I think a lot of the advantage of Anyscale, what we can provide here is not only better performance, but cost efficiency. Because if we can run something faster and more efficiently, it can also use less resources and you can lower your Cloud spending, right. We've seen companies go from, you know, 20% GPU utilization with their current setup and the current tools they're using to running on Anyscale and getting more like 95, you know, 100% GPU utilization. That's something like a five x improvement right there. So depending on the kind of application you're running, you know, it's a significant cost savings. We've seen companies that have, you know, processing petabytes of data every single day with Ray going from, you know, getting order of magnitude cost savings by switching from what they were previously doing to running their application on Ray. And when you have applications that are spending, you know, potentially $100 million a year and getting a 10 X cost savings is just absolutely enormous. So these are some of the kinds of- >> Data infrastructure is super important. Again, if the customer, if you're a prospect to this and thinking about going in here, just like the Cloud, you got infrastructure, you got the platform, you got SaaS, same kind of thing's going to go on in AI. So I want to get into that, you know, ROI discussion and some of the impact with your customers that are leveraging the platform. But first I hear you got a demo. >> Robert: Yeah, so let me show you, let me give you a quick run through here. So what I have open here is the Anyscale UI. I've started a little Anyscale Workspace. So Workspaces are the Anyscale concept for interactive developments, right. So here, imagine I'm just, you want to have a familiar experience like you're developing on your laptop. And here I have a terminal. It's not on my laptop. It's actually in the cloud running on Anyscale. And I'm just going to kick this off. This is going to train a large language model, so OPT. And it's doing this on 32 GPUs. We've got a cluster here with a bunch of CPU cores, bunch of memory. And as that's running, and by the way, if I wanted to run this on instead of 32 GPUs, 64, 128, this is just a one line change when I launch the Workspace. And what I can do is I can pull up VS code, right. Remember this is the interactive development experience. I can look at the actual code. Here it's using Ray train to train the torch model. We've got the training loop and we're saying that each worker gets access to one GPU and four CPU cores. And, of course, as I make the model larger, this is using deep speed, as I make the model larger, I could increase the number of GPUs that each worker gets access to, right. And how that is distributed across the cluster. And if I wanted to run on CPUs instead of GPUs or a different, you know, accelerator type, again, this is just a one line change. And here we're using Ray train to train the models, just taking my vanilla PyTorch model using Hugging Face and then scaling that across a bunch of GPUs. And, of course, if I want to look at the dashboard, I can go to the Ray dashboard. There are a bunch of different visualizations I can look at. I can look at the GPU utilization. I can look at, you know, the CPU utilization here where I think we're currently loading the model and running that actual application to start the training. And some of the things that are really convenient here about Anyscale, both I can get that interactive development experience with VS code. You know, I can look at the dashboards. I can monitor what's going on. It feels, I have a terminal, it feels like my laptop, but it's actually running on a large cluster. And I can, with however many GPUs or other resources that I want. And so it's really trying to combine the best of having the familiar experience of programming on your laptop, but with the benefits, you know, being able to take advantage of all the resources in the Cloud to scale. And it's like when, you know, you're talking about cost efficiency. One of the biggest reasons that people waste money, one of the silly reasons for wasting money is just forgetting to turn off your GPUs. And what you can do here is, of course, things will auto terminate if they're idle. But imagine you go to sleep, I have this big cluster. You can turn it off, shut off the cluster, come back tomorrow, restart the Workspace, and you know, your big cluster is back up and all of your code changes are still there. All of your local file edits. It's like you just closed your laptop and came back and opened it up again. And so this is the kind of experience we want to provide for our users. So that's what I wanted to share with you. >> Well, I think that whole, couple of things, lines of code change, single line of code change, that's game changing. And then the cost thing, I mean human error is a big deal. People pass out at their computer. They've been coding all night or they just forget about it. I mean, and then it's just like leaving the lights on or your water running in your house. It's just, at the scale that it is, the numbers will add up. That's a huge deal. So I think, you know, compute back in the old days, there's no compute. Okay, it's just compute sitting there idle. But you know, data cranking the models is doing, that's a big point. >> Another thing I want to add there about cost efficiency is that we make it really easy to use, if you're running on Anyscale, to use spot instances and these preemptable instances that can just be significantly cheaper than the on-demand instances. And so when we see our customers go from what they're doing before to using Anyscale and they go from not using these spot instances 'cause they don't have the infrastructure around it, the fault tolerance to handle the preemption and things like that, to being able to just check a box and use spot instances and save a bunch of money. >> You know, this was my whole, my feature article at Reinvent last year when I met with Adam Selipsky, this next gen Cloud is here. I mean, it's not auto scale, it's infrastructure scale. It's agility. It's flexibility. I think this is where the world needs to go. Almost what DevOps did for Cloud and what you were showing me that demo had this whole SRE vibe. And remember Google had site reliability engines to manage all those servers. This is kind of like an SRE vibe for data at scale. I mean, a similar kind of order of magnitude. I mean, I might be a little bit off base there, but how would you explain it? >> It's a nice analogy. I mean, what we are trying to do here is get to the point where developers don't think about infrastructure. Where developers only think about their application logic. And where businesses can do AI, can succeed with AI, and build these scalable applications, but they don't have to build, you know, an infrastructure team. They don't have to develop that expertise. They don't have to invest years in building their internal machine learning infrastructure. They can just focus on the Python code, on their application logic, and run the stuff out of the box. >> Awesome. Well, I appreciate the time. Before we wrap up here, give a plug for the company. I know you got a couple websites. Again, go, Ray's got its own website. You got Anyscale. You got an event coming up. Give a plug for the company looking to hire. Put a plug in for the company. >> Yeah, absolutely. Thank you. So first of all, you know, we think AI is really going to transform every industry and the opportunity is there, right. We can be the infrastructure that enables all of that to happen, that makes it easy for companies to succeed with AI, and get value out of AI. Now we have, if you're interested in learning more about Ray, Ray has been emerging as the standard way to build scalable applications. Our adoption has been exploding. I mentioned companies like OpenAI using Ray to train their models. But really across the board companies like Netflix and Cruise and Instacart and Lyft and Uber, you know, just among tech companies. It's across every industry. You know, gaming companies, agriculture, you know, farming, robotics, drug discovery, you know, FinTech, we see it across the board. And all of these companies can get value out of AI, can really use AI to improve their businesses. So if you're interested in learning more about Ray and Anyscale, we have our Ray Summit coming up in September. This is going to highlight a lot of the most impressive use cases and stories across the industry. And if your business, if you want to use LLMs, you want to train these LLMs, these large language models, you want to fine tune them with your data, you want to deploy them, serve them, and build applications and products around them, give us a call, talk to us. You know, we can really take the infrastructure piece, you know, off the critical path and make that easy for you. So that's what I would say. And, you know, like you mentioned, we're hiring across the board, you know, engineering, product, go-to-market, and it's an exciting time. >> Robert Nishihara, co-founder and CEO of Anyscale, congratulations on a great company you've built and continuing to iterate on and you got growth ahead of you, you got a tailwind. I mean, the AI wave is here. I think OpenAI and ChatGPT, a customer of yours, have really opened up the mainstream visibility into this new generation of applications, user interface, roll of data, large scale, how to make that programmable so we're going to need that infrastructure. So thanks for coming on this season three, episode one of the ongoing series of the hot startups. In this case, this episode is the top startups building foundational model infrastructure for AI and ML. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (bright upbeat music plays) >> Welcome back to Barcelona, everybody. You're watching theCUBE's coverage of MWC '23, my name is Dave Vellante. Just left a meeting with the CEO of Cisco, Chuck Robbins, to meet with Jeetu Patel, who's our Executive Vice President and General Manager of security and collaboration at Cisco. Good to see you. >> You never leave a meeting with Chuck Robbins to meet with Jeetu Patel. >> Well, I did. >> That's a bad idea. >> Walked right out. I said, hey, I got an interview to do, right? So, and I'm excited about this. Thanks so much for coming on. >> Thank you for having me. It's a pleasure. >> So, I mean you run such an important part of the business. I mean, obviously the collaboration business but also security. So many changes going on in the security market. Maybe we could start there. I mean, there hasn't been a ton of security talk here Jeetu, because I think it's almost assumed. It was 45 minutes into the keynote yesterday before anybody even mentioned security. >> Huh. >> Right? And so, but it's the most important topic in the enterprise IT world. And obviously is important here. So why is it you think that it's not the first topic that people mention. >> You know, it's a complicated subject area and it's intimidating. And actually that's one of the things that the industry screwed up on. Where we need to simplify security so it actually gets to be relatable for every person on the planet. But, if you think about what's happening in security, it's not just important for business it's critical infrastructure that if you had a breach, you know lives are cost now. Because hospitals could go down, your water supply could go down, your electricity could go down. And so it's one of these things that we have to take pretty seriously. And, it's 51% of all breaches happen because of negligence, not because of malicious intent. >> It's that low. Interesting. I always- >> Someone else told me the same thing, that they though it'd be higher, yeah. >> I always say bad user behavior is going to trump good security every time. >> Every single time. >> You can't beat it. But, you know, it's funny- >> Jeetu: Every single time. >> Back, the earlier part of last decade, you could see that security was becoming a board level issue. It became, it was on the agenda every quarter. And, I remember doing some research at the time, and I asked, I was interviewing Robert Gates, former Defense Secretary, and I asked him, yeah, but we're getting attacked but don't we have the best offense? Can't we have the best technology? He said, yeah but we have so much critical infrastructure the risks to United States are higher. So we have to be careful about how we use security as an offensive weapon, you know? And now you're seeing the future of war involves security and what's going on in Ukraine. It's a whole different ballgame. >> It is, and the scales always tip towards the adversary, not towards the defender, because you have to be right every single time. They have to be right once. >> Yeah. And, to the other point, about bad user behavior. It's going now beyond the board level, to it's everybody's responsibility. >> That's right. >> And everybody's sort of aware of it, everybody's been hacked. And, that's where it being such a complicated topic is problematic. >> It is, and it's actually, what got us this far will not get us to where we need to get to if we don't simplify security radically. You know? The experience has to be almost invisible. And what used to be the case was sophistication had to get to a certain level, for efficacy to go up. But now, that sophistication has turned to complexity. And there's an inverse relationship between complexity and efficacy. So the simpler you make security, the more effective it gets. And so I'll give you an example. We have this great kind of innovation we've done around passwordless, right? Everyone hates passwords. You shouldn't have passwords in 2023. But, when you get to passwordless security, not only do you reduce a whole lot of friction for the user, you actually make the system safer. And that's what you need to do, is you have to make it simpler while making it more effective. And, I think that's what the future is going to hold. >> Yeah, and CISOs tell me that they're, you know zero trust before the pandemic was like, yeah, yeah zero trust. And now it's like a mandate. >> Yeah. >> Every CISO you talk to says, yes we're implementing a zero trust architecture. And a big part of that is that, if they can confirm zero trust, they can get to market a lot faster with revenue generating or critical projects. And many projects as we know are being pushed back, >> Yeah. >> you know? 'Cause of the macro. But, projects that drive revenue and value they want to accelerate, and a zero trust confirmation allows people to rubber stamp it and go faster. >> And the whole concept of zero trust is least privileged access, right? But what we want to make sure that we get to is continuous assessment of least privileged access, not just a one time at login. >> Dave: 'Cause things change so frequently. >> So, for example, if you happen to be someone that's logged into the system and now you start doing some anomalous behavior that doesn't sound like Dave, we want to be able to intercept, not just do it at the time that you're authenticating Dave to come in. >> So you guys got a good business. I mentioned the macro before. >> Yeah. >> The big theme is consolidating redundant vendors. So a company with a portfolio like Cisco's obviously has an advantage there. You know, you guys had great earnings. Palo Alto is another company that can consolidate. Tom Gillis, great pickup. Guy's amazing, you know? >> Love Tom. >> Great respect. Just had a little webinar session with him, where he was geeking out with the analyst and so- >> Yeah, yeah. >> Learned a lot there. Now you guys have some news, at the event event with Mercedes? >> We do. >> Take us through that, and I want to get your take on hybrid work and what's happening there. But what's going on with Mercedes? >> Yeah so look, it all actually stems from the hybrid work story, which is the future is going to be hybrid, people are going to work in mixed mode. Sometimes you'll be in the office, sometimes at home, sometimes somewhere in the middle. One of the places that people are working more and more from is their cars. And connected cars are getting to be a reality. And in fact, cars sometimes become an extension of your home office. And many a times I have found myself in a parking lot, because I didn't have enough time to get home and I was in a parking lot taking a conference call. And so we've made that section easier, because we have now partnered with Mercedes. And they aren't the first partner, but they're a very important partner where we are going to have Webex available, through the connected car, natively in Mercedes. >> Ah, okay. So I could take a call, I can do it all the time. I find good service, pull over, got to take the meeting. >> Yeah. >> I don't want to be driving. I got to concentrate. >> That's right. >> You know, or sometimes, I'll have the picture on and it's not good. >> That's right. >> Okay, so it'll be through the console, and all through the internet? >> It'll be through the console. And many people ask me like, how's safety going to work over that? Because you don't want to do video calls while you're driving. Exactly right. So when you're driving, the video automatically turns off. And you'll have audio going on, just like a conference call. But the moment you stop and put it in park, you can have video turned on. >> Now, of course the whole hybrid work trend, we, seems like a long time ago but it doesn't, you know? And it's really changed the security dynamic as well, didn't it? >> It has, it has. >> I mean, immediately you had to go protect new endpoints. And those changes, I felt at the time, were permanent. And I think it's still the case, but there's an equilibrium now happening. People as they come back to the office, you see a number of companies are mandating back to work. Maybe the central offices, or the headquarters, were underfunded. So what's going on out there in terms of that balance? >> Well firstly, there's no unanimous consensus on the way that the future is going to be, except that it's going to be hybrid. And the reason I say that is some companies mandate two days a week, some companies mandate five days a week, some companies don't mandate at all. Some companies are completely remote. But whatever way you go, you want to make sure that regardless of where you're working from, people can have an inclusive experience. You know? And, when they have that experience, you want to be able to work from a managed device or an unmanaged device, from a corporate network or from a Starbucks, from on the road or stationary. And whenever you do any of those things, we want to make sure that security is always handled, and you don't have to worry about that. And so the way that we say it is the company that created the VPN, which is Cisco, is the one that's going to kill it. Because what we'll do is we'll make it simple enough so that you don't, you as a user, never have to worry about what connection you're going to use to dial in to what app. You will have one, seamless way to dial into any application, public application, private application, or directly to the internet. >> Yeah, I got a love, hate with my VPN. I mean, it's protecting me, but it's in the way a lot. >> It's going to be simple as ever. >> Do you have kids? >> I do, I have a 12 year old daughter. >> Okay, so not quite high school age yet. She will be shortly. >> No, but she's already, I'm not looking forward to high school days, because she has a very, very strong sense of debate and she wins 90% of the arguments. >> So when my kids were that age, I've got four kids, but the local high school banned Wikipedia, they can't use Wikipedia for research. Many colleges, I presume high schools as well, they're banning Chat GPT, can't use it. Now at the same time, I saw recently on Medium a Wharton school professor said he's mandating Chat GPT to teach his students how to prompt in progressively more sophisticated prompts, because the future is interacting with machines. You know, they say in five years we're all going to be interacting in some way, shape, or form with AI. Maybe we already are. What's the intersection between AI and security? >> So a couple very, very consequential things. So firstly on Chat GPT, the next generation skill is going to be to learn how to go out and have the right questions to ask, which is the prompt revolution that we see going on right now. But if you think about what's happening in security, and there's a few areas which are, firstly 3,500 hundred vendors in this space. On average, most companies have 50 to 70 vendors in security. Not a single vendor owns more than 10% of the market. You take out a couple vendors, no one owns more than 5%. Highly fractured market. That's a problem. Because it's untenable for companies to go out and manage 70 policy engines. And going out and making sure that there's no contention. So as you move forward, one of the things that Chat GPT will be really good for is it's fundamentally going to change user experiences, for how software gets built. Because rather than it being point and click, it's going to be I'm going to provide an instruction and it's going to tell me what to do in natural language. Imagine Dave, when you joined a company if someone said, hey give Dave all the permissions that he needs as a direct report to Chuck. And instantly you would get all of the permissions. And it would actually show up in a screen that says, do you approve? And if you hit approve, you're done. The interfaces of the future will get more natural language kind of dominated. The other area that you'll see is the sophistication of attacks and the surface area of attacks is increasing quite exponentially. And we no longer can handle this with human scale. You have to handle it in machine scale. So detecting breaches, making sure that you can effectively and quickly respond in real time to the breaches, and remediate those breaches, is all going to happen through AI and machine learning. >> So, I agree. I mean, just like Amazon turned the data center into an API, I think we're now going to be interfacing with technology through human language. >> That's right. >> I mean I think it's a really interesting point you're making. Now, from a security standpoint as well, I mean, the state of the art today in my email is be careful, this person's outside your organization. I'm like, yeah I know. So it's a good warning sign, but it's really not automated in any way. So two part question. One is, can AI help? You know, with the phishing, obviously it can, but the bad guys have AI too. >> Yeah. >> And they're probably going to be smarter than I am about using it. >> Yeah, and by the way, Talos is our kind of threat detection and response >> Yes. >> kind of engine. And, they had a great kind of piece that came out recently where they talked about this, where Chat GPT, there is going to be more sophistication of the folks that are the bad actors, the adversaries in using Chat GPT to have more sophisticated phishing attacks. But today it's not something that is fundamentally something that we can't handle just yet. But you still need to do the basic hygiene. That's more important. Over time, what you will see is attacks will get more bespoke. And in order, they'll get more sophisticated. And, you will need to have better mechanisms to know that this was actually not a human being writing that to you, but it was actually a machine pretending to be a human being writing something to you. And that you'll have to be more clever about it. >> Oh interesting. >> And so, you will see attacks get more bespoke and we'll have to get smarter and smarter about it. >> The other thing I wanted to ask you before we close is you're right on. I mean you take the top security vendors and they got a single digit market share. And it's like it's untenable for organizations, just far too many tools. We have a partner at ETR, they do quarterly survey research and one of the things they do is survey emerging technology companies. And when we look at in the security sector just the number of emerging technology companies that are focused on cybersecurity is as many as there are out there already. And so, there's got to be consolidation. Maybe that's through M & A. I mean, what do you think happens? Are company's going to go out of business? There's going to be a lot of M & A? You've seen a lot of companies go private. You know, the big PE companies are sucking up all these security companies and may be ready to spit 'em out and go back public. How do you see the landscape? You guys are obviously an inquisitive company. What are your thoughts on that? >> I think there will be a little bit of everything. But the biggest change that you'll see is a shift that's going to happen with an integrated platform, rather than point solution vendors. So what's going to happen is the market's going to consolidate towards very few, less than a half a dozen, integrated platforms. We believe Cisco is going to be one. Microsoft will be one. There'll be others over there. But these, this platform will essentially be able to provide a unified kind of policy engine across a multitude of different services to protect multiple different entities within the organization. And, what we found is that platform will also be something that'll provide, through APIs, the ability for third parties to be able to get their technology incorporated in, and their telemetry ingested. So we certainly intend to do that. We don't believe, we are not arrogant enough to think that every single new innovation will be built by us. When there's someone else who has built that, we want to make sure that we can ingest that telemetry as well, because the real enemy is not the competitor. The real enemy is the adversary. And we all have to get together, so that we can keep humanity safe. >> Do you think there's been enough collaboration in the industry? I mean- >> Jeetu: Not nearly enough. >> We've seen companies, security companies try to monetize private data before, instead of maybe sharing it with competitors. And so I think the industry can do better there. >> Well I think the industry can do better. And we have this concept called the security poverty line. And the security poverty line is the companies that fall below the security poverty line don't have either the influence or the resources or the know how to keep themselves safe. And when they go unsafe, everyone else that communicates with them also gets that exposure. So it is in our collective interest for all of us to make sure that we come together. And, even if Palo Alto might be a competitor of ours, we want to make sure that we invite them to say, let's make sure that we can actually exchange telemetry between our companies. And we'll continue to do that with as many companies that are out there, because actually that's better for the market, that's better for the world. >> The enemy of the enemy is my friend, kind of thing. >> That's right. >> Now, as it relates to, because you're right. I mean I, I see companies coming up, oh, we do IOT security. I'm like, okay, but what about cloud security? Do you that too? Oh no, that's somebody else. But, so that's another stove pipe. >> That's a huge, huge advantage of coming with someone like Cisco. Because we actually have the entire spectrum, and the broadest portfolio in the industry of anyone else. From the user, to the device, to the network, to the applications, we provide the entire end-to-end story for security, which then has the least amount of cracks that you can actually go out and penetrate through. The biggest challenges that happen in security is you've got way too many policy engines with way too much contention between the policies from these different systems. And eventually there's a collision course. Whereas with us, you've actually got a broad portfolio that operates as one platform. >> We were talking about the cloud guys earlier. You mentioned Microsoft. They're obviously a big competitor in the security space. >> Jeetu: But also a great partner. >> So that's right. To my opinion, the cloud has been awesome as a first line of defense if you will. But the shared responsibility model it's different for each cloud, right? So, do you feel that those guys are working together or will work together to actually improve? 'Cause I don't see that yet. >> Yeah so if you think about, this is where we feel like we have a structural advantage in this, because what does a company like Cisco become in the future? I think as the world goes multicloud and hybrid cloud, what'll end up happening is there needs to be a way, today all the CSPs provide everything from storage to computer network, to security, in their own stack. If we can abstract networking and security above them, so that we can acquire and steer any and all traffic with our service providers and steer it to any of those CSPs, and make sure that the security policy transcends those clouds, you would actually be able to have the public cloud economics without the public cloud lock-in. >> That's what we call super cloud Jeetu. It's securing the super cloud. >> Yeah. >> Hey, thanks so much for coming to theCUBE. >> Thank you for having me. >> Really appreciate you coming on our editorial program. >> Such a pleasure. >> All right, great to see you again. >> Cheers. >> All right, keep it right there. Dave Vellante with David Nicholson and Lisa Martin. We'll be back, right after this short break from MWC '23 live, in the Fira, in Barcelona. (bright music resumes) (music fades out)

(upbeat music) >> Welcome back everyone to Supercloud 2, live here in Palo Alto, our studio, where we're doing a live stage performance and virtually syndicating out around the world. I'm John Furrier with Dave Vellante, my co-host with the The Cube here. We've got Kit Colbert, the CTO of VM. We're doing a keynote on Cloud Chaos, the evolution of SuperCloud Architecture Kit. Great to see you, thanks for coming on. >> Yeah, thanks for having me back. It's great to be here for Supercloud 2. >> And so we're going to dig into it. We're going to do a Q&A. We're going to let you present. You got some slides. I really want to get this out there, it's really compelling story. Do the presentation and then we'll come back and discuss. Take it away. >> Yeah, well thank you. So, we had a great time at the original Supercloud event, since then, been talking to a lot of customers, and started to better formulate some of the thinking that we talked about last time So, let's jump into it. Just a few quick slides to sort of set the tone here. So, if we go to the the next slide, what that shows is the journey that we see customers on today, going from what we call Cloud First into this phase that many customers are stuck in, called Cloud Chaos, and where they want to get to, and this is the term customers actually use, we didn't make this up, we heard it from customers. This notion of Cloud Smart, right? How do they use cloud more effectively, more intelligently? Now, if you walk through this journey, customers start with Cloud First. They usually select a single cloud that they're going to standardize on, and when they do that, they have to build out a whole bunch of functionality around that cloud. Things you can see there on the screen, disaster recovery, security, how do they monitor it or govern it? Like, these are things that are non-negotiable, you've got to figure it out, and typically what they do is, they leverage solutions that are specific for that cloud, and that's fine when you have just one cloud. But if we build out here, what we see is that most customers are using more than just one, they're actually using multiple, not necessarily 10 or however many on the screen, but this is just as an example. And so what happens is, they have to essentially duplicate or replicate that stack they've built for each different cloud, and they do so in a kind of a siloed manner. This results in the Cloud Chaos term that that we talked about before. And this is where most businesses out there are, they're using two, maybe three public clouds. They've got some stuff on-prem and they've also got some stuff out at the edge. This is apps, data, et cetera. So, this is the situation, this is sort of that Cloud Chaos. So, the question is, how do we move from this phase to Cloud Smart? And this is where the architecture comes in. This is why architecture, I think, is so important. It's really about moving away from these single cloud services that just solve a problem for one cloud, to something we call a Cross-Cloud service. Something that can support a set of functionality across all clouds, and that means not just public clouds, but also private clouds, edge, et cetera, and when you evolve that across the board, what you get is this sort of Supercloud. This notion that we're talking about here, where you combine these cross-cloud services in many different categories. You can see some examples there on the screen. This is not meant to be a complete set of things, but just examples of what can be done. So, this is sort of the transition and transformation that we're talking about here, and I think the architecture piece comes in both for the individual cloud services as well as that Supercloud concept of how all those services come together. >> Great presentation., thanks for sharing. If you could pop back to that slide, on the Cloud Chaos one. I just want to get your thoughts on something there. This is like the layout of the stack. So, this slide here that I'm showing on the screen, that you presented, okay, take us through that complexity. This is the one where I wanted though, that looks like a spaghetti code mix. >> Yes. >> So, do you turn this into a Supercloud stack, right? Is that? >> well, I think it's, it's an evolving state that like, let's take one of these examples, like security. So, instead of implementing security individually in different ways, using different technologies, different tooling for each cloud, what you would do is say, "Hey, I want a single security solution that works across all clouds", right? A concrete example of this would be secure software supply chain. This is probably one of the top ones that I hear when I talk to customers. How do I know that the software I'm building is truly what I expect it to be, and not something that some hacker has gotten into, and polluted with malicious code? And what they do is that, typically today, their teams have gone off and created individual secure software supply chain solutions for each cloud. So, now they could say, "Hey, I can take a single implementation and just have different endpoints." It could go to Google, or AWS, or on-prem, or wherever have you, right? So, that's the sort of architectural evolution that we're talking about. >> You know, one of the things we hear, Dave, you've been on theCUBE all the time, and we, when we talk privately with customers who are asking us like, what's, what's going on? They have the same complaint, "I don't want to build a team, a dev team, for that stack." So, if you go back to that slide again, you'll see that, that illustrates the tech stack for the clouds and the clouds at the bottom. So, the number one complaint we hear, and I want to get your reaction to that, "I don't want to have a team to have to work on that. So, I'm going to pick one and then have a hedge secondary one, as a backup." Here, that's one, that's four, five, eight, ten, ten environments. >> Yeah, I got a lot. >> That's going to be the reality, so, what's the technical answer to that? >> Yeah, well first of all, let me just say, this picture is again not totally representative of reality oftentimes, because while that picture shows a solution for every cloud, oftentimes that's not the case. Oftentimes it's a line of business going off, starting to use a new cloud. They might solve one or two things, but usually not security, usually not some of these other things, right? So, I think from a technical standpoint, where you want to get to is, yes, that sort of common service, with a common operational team behind it, that is trained on that, that can work across clouds. And that's really I think the important evolution here, is that you don't need to replicate these operational teams, one for each cloud. You can actually have them more focused across all those clouds. >> Yeah, in fact, we were commenting on the opening today. Dave and I were talking about the benefits of the cloud. It's heterogeneous, which is a good thing, but it's complex. There's skill gaps and skill required, but at the end of the day, self-service of the cloud, and the elastic nature of it makes it the benefit. So, if you try to create too many common services, you lose the value of the cloud. So, what's the trade off, in your mind right now as customers start to look at okay, identity, maybe I'll have one single sign on, that's an obvious one. Other ones? What are the areas people are looking at from a combination, common set of services? Where do they start? What's the choices? What are some of the trade offs? 'Cause you can't do it everything. >> No, it's a great question. So, that's actually a really good point and as I answer your question, before I answer your question, the important point about that, as you saw here, you know, across cloud services or these set of Cross-Cloud services, the things that comprise the Supercloud, at least in my view, the point is not necessarily to completely abstract the underlying cloud. The point is to give a business optionality and choice, in terms of what it wants to abstract, and I think that gets to your question, is how much do you actually want to abstract from the underlying cloud? Now, what I find, is that typically speaking, cloud choice is driven at least from a developer or app team perspective, by the best of breed services. What higher level application type services do you need? A database or AI, you know, ML systems, for your application, and that's going to drive your choice of the cloud. So oftentimes, businesses I talk to, want to allow those services to shine through, but for other things that are not necessarily highly differentiated and yet are absolutely critical to creating a successful application, those are things that you want to standardize. Again, like things like security, the supply chain piece, cost management, like these things you need to, and you know, things like cogs become really, really important when you start operating at scale. So, those are the things in it that I see people wanting to focus on. >> So, there's a majority model. >> Yes. >> All right, and we heard of earlier from Walmart, who's fairly, you know, advanced, but at the same time their supercloud is pretty immature. So, what are you seeing in terms of supercloud momentum, crosscloud momentum? What's the starting point for customers? >> Yeah, so it's interesting, right, on that that three-tiered journey that I talked about, this Cloud Smart notion is, that is adoption of what you might call a supercloud or architecture, and most folks aren't there yet. Even the really advanced ones, even the really large ones, and I think it's because of the fact that, we as an industry are still figuring this out. We as an industry did not realize this sort of Cloud Chaos state could happen, right? We didn't, I think most folks thought they could standardize on one cloud and that'd be it, but as time has shown, that's simply not the case. As much as one might try to do that, that's not where you end up. So, I think there's two, there's two things here. Number one, for folks that are early in to the cloud, and are in this Cloud Chaos phase, we see the path out through standardization of these cross-cloud services through adoption of this sort of supercloud architecture, but the other thing I think is particularly exciting, 'cause I talked to a number of of businesses who are not yet in the Cloud Chaos phase. They're earlier on in the cloud journey, and I think the opportunity there is that they don't have to go through Cloud Chaos. They can actually skip that whole phase if they adopt this supercloud architecture from the beginning, and I think being thoughtful around that is really the key here. >> It's interesting, 'cause we're going to hear from Ionis Pharmaceuticals later, and they, yes there are multiple clouds, but the multiple clouds are largely separate, and so it's a business unit using that. So, they're not in Cloud Chaos, but they're not tapping the advantages that you could get for best of breed across those business units. So, to your point, they have an opportunity to actually build that architecture or take advantage of those cross-cloud services, prior to reaching cloud chaos. >> Well, I, actually, you know, I'd love to hear from them if, 'cause you say they're not in Cloud Chaos, but are they, I mean oftentimes I find that each BU, each line of business may feel like they're fine, in of themselves. >> Yes, exactly right, yes. >> But when you look at it from an overall company perspective, they're like, okay, things are pretty chaotic here. We don't have standardization, I don't, you know, like, again, security compliance, these things, especially in many regulated industries, become huge problems when you're trying to run applications across multiple clouds, but you don't have any of those company-wide standardizations. >> Well, this is a point. So, they have a big deal with AstraZeneca, who's got this huge ecosystem, they want to start sharing data across those ecosystem, and that's when they will, you know, that Cloud Chaos will, you know, come, come to fore, you would think. I want to get your take on something that Bob Muglia said earlier, which is, he kind of said, "Hey Dave, you guys got to tighten up your definition a little bit." So, he said a supercloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. So, you know, thank you, that was nice and simple. However others in the community, we're going to hear from Dr. Nelu Mihai later, says, no, no, wait a minute, it's got to be an architecture, not a platform. Where do you land on this architecture v. platform thing? >> I look at it as, I dunno if it's, you call it maturity or just kind of a time horizon thing, but for me when I hear the word platform, I typically think of a single vendor. A single vendor provides this platform. That's kind of the beauty of a platform, is that there is a simplicity usually consistency to it. >> They did the architecture. (laughing) >> Yeah, exactly but I mean, well, there's obviously architecture behind it, has to be, but you as a customer don't necessarily need to deal with that. Now, I think one of the opportunities with Supercloud is that it's not going to be, or there is no single vendor that can solve all these problems. It's got to be the industry coming together as a community, inter-operating, working together, and so, that's why, for me, I think about it as an architecture, that there's got to be these sort of, well-defined categories of functionality. There's got to be well-defined interfaces between those categories of functionality to enable modularity, to enable businesses to be able to pick and choose the right sorts of services, and then weave those together into an overall supercloud. >> Okay, so you're not pitching, necessarily the platform, you're saying, hey, we have an architecture that's open. I go back to something that Vittorio said on August 9th, with the first Supercloud, because as well, remember we talked about abstracting, but at the same time giving developers access to those primitives. So he said, and this, I think your answer sort of confirms this. "I want to have my cake eat it too and not gain weight." >> (laughing) Right. Well and I think that's where the platform aspect can eventually come, after we've gotten aligned architecture, you're going to start to naturally see some vendors step up to take on some of the remaining complexity there. So, I do see platforms eventually emerging here, but I think where we have to start as an industry is around aligning, okay, what does this definition mean? What does that architecture look like? How do we enable interoperability? And then we can take the next step. >> Because it depends too, 'cause I would say Snowflake has a platform, and they've just defined the architecture, but we're not talking about infrastructure here, obviously, we're talking about something else. >> Well, I think that the Snowflake talks about, what he talks about, security and data, you're going to start to see the early movement around areas that are very spanning oriented, and I think that's the beginning of the trend and I think there's going to be a lot more, I think on the infrastructure side. And to your point about the platform architecture, that's actually a really good thought exercise because it actually makes you think about what you're designing in the first place, and that's why I want to get your reaction. >> Quote from- >> Well I just have to interrupt since, later on, you're going to hear from near Nir Zuk of Palo Alto Network. He says architecture and security historically, they don't go hand in hand, 'cause it's a big mess. >> It depends if you're whacking the mole or you actually proactively building something. Well Kit, I want to get your reaction from a quote from someone in our community who said about Supercloud, you know, "The Supercloud's great, there are issues around computer science rigors, and customer requirements." So, there's some issues around the science itself as well as not just listen to the customer, 'cause if that's the case, we'd have a better database, a better Oracle, right, so, but there's other, this tech involved, new tech. We need an open architecture with universal data modeling interconnecting among them, connectivity is a part of security, and then, once we get through that gate, figuring out the technical, the data, and the customer requirements, they say "Supercloud should be a loosely coupled platform with open architecture, plug and play, specialized services, ready for optimization, automation that can stand the test of time." What's your reaction to that sentiment? You like it, is that, does that sound good? >> Yeah, no, broadly aligns with my thinking, I think, and what I see from talking with customers as well. I mean, I like the, again, the, you know, listening to customer needs, prioritizing those things, focusing on some of the connective tissue networking, and data and some of these aspects talking about the open architecture, the interoperability, those are all things I think are absolutely critical. And then, yeah, like I think at the end. >> On the computer science side, do you see some science and engineering things that need to be engineered differently? We heard databases are radically going to change and that are inadequate for the new architecture. What are some of the things like that, from a science standpoint? >> Yeah, yeah, yeah. Some of the more academic research type things. >> More tech, or more better tech or is it? >> Yeah, look, absolutely. I mean I think that there's a bunch around, certainly around the data piece, around, you know, there's issues of data gravity, data mobility. How do you want to do that in a way that's performant? There's definitely issues around security as well. Like how do you enable like trust in these environments, there's got to be some sort of hardware rooted trusts, and you know, a whole bunch of various types of aspects there. >> So, a lot of work still be done. >> Yes, I think so. And that's why I look at this as, this is not a one year thing, or you know, it's going to be multi-years, and I think again, it's about all of us in the industry working together to come to an aligned picture of what that looks like. >> So, as the world's moved from private cloud to public cloud and now Cross-cloud services, supercloud, metacloud, whatever you want to call it, how have you sort of changed the way engineering's organized, developers sort of approached the problem? Has it changed and how? >> Yeah, absolutely. So, you know, it's funny, we at VMware, going through the same challenges as our customers and you know, any business, right? We use multiple clouds, we got a big, of course, on-prem footprint. You know, what we're doing is similar to what I see in many other customers, which, you see the evolution of a platform team, and so the platform team is really in charge of trying to develop a lot of these underlying services to allow our lines of business, our product teams, to be able to move as quickly as possible, to focus on the building, while we help with a lot of the operational overheads, right? We maintain security, compliance, all these other things. We also deal with, yeah, just making the developer's life as simple as possible. So, they do need to know some stuff about, you know, each public cloud they're using, those public cloud services, but at the same, time we can abstract a lot of the details they don't need to be in. So, I think this sort of delineation or separation, I should say, between the underlying platform team and the product teams is a very, very common pattern. >> You know, I noticed the four layers you talked about were observability, infrastructure, security and developers, on that slide, the last slide you had at the top, that was kind of the abstraction key areas that you guys at VMware are working? >> Those were just some groupings that we've come up with, but we like to debate them. >> I noticed data's in every one of them. >> Yeah, yep, data is key. >> It's not like, so, back to the data questions that security is called out as a pillar. Observability is just kind of watching everything, but it's all pretty much data driven. Of the four layers that you see, I take that as areas that you can. >> Standardize. >> Consistently rely on to have standard services. >> Yes. >> Which one do you start with? What's the, is there order of operations? >> Well, that's, I mean. >> 'Cause I think infrastructure's number one, but you had observability, you need to know what's going on. >> Yeah, well it really, it's highly dependent. Again, it depends on the business that we talk to and what, I mean, it really goes back to, what are your business priorities, right? And we have some customers who may want to get out of a data center, they want to evacuate the data center, and so what they want is then, consistent infrastructure, so they can just move those applications up to the cloud. They don't want to have to refactor them and we'll do it later, but there's an immediate and sort of urgent problem that they have. Other customers I talk to, you know, security becomes top of mind, or maybe compliance, because they're in a regulated industry. So, those are the sort of services they want to prioritize. So, I would say there is no single right answer, no one size fits all. The point about this architecture is really around the optionality of it, as it allows you as a business to decide what's most important and where you want to prioritize. >> How about the deployment models kit? Do, does a customer have that flexibility from a deployment model standpoint or do I have to, you know, approach it a specific way? Can you address that? >> Yeah, I mean deployment models, you're talking about how they how they consume? >> So, for instance, yeah, running a control plane in the cloud. >> Got it, got it. >> And communicating elsewhere or having a single global instance or instantiating that instance, and? >> So, that's a good point actually, and you know, the white paper that we released back in August, around this sort of concept, the Cross-cloud service. This is some of the stuff we need to figure out as an industry. So, you know when we talk about a Cross-cloud service, we can mean actually any of the things you just talked about. It could be a single instance that runs, let's say in one public cloud, but it supports all of 'em. Or it could be one that's multi-instance and that runs in each of the clouds, and that customers can take dependencies on whichever one, depending on what their use cases are or the, even going further than that, there's a type of Cross-cloud service that could actually be instantiated even in an air gapped or offline environment, and we have many, many businesses, especially heavily regulated ones that have that requirement, so I think, you know. >> Global don't forget global, regions, locales. >> Yeah, there's all sorts of performance latency issues that can be concerned about. So, most services today are the former, there are single sort of instance or set of instances within a single cloud that support multiple clouds, but I think what we're doing and where we're going with, you know, things like what we see with Kubernetes and service meshes and all these things, will better enable folks to hit these different types of cross-cloud service architectures. So, today, you as a customer probably wouldn't have too much choice, but where we're going, you'll see a lot more choice in the future. >> If you had to summarize for folks watching the importance of Supercloud movement, multi-cloud, cross-cloud services, as an industry in flexible, 'cause I'm always riffing on the whole old school network protocol stacks that got disrupted by TCP/IP, that's a little bit dated, we got people on the chat that are like, you know, 20 years old that weren't even born then. So, but this is a, one of those inflection points that's once in a generation inflection point, I'm sure you agree. What scoped the order of magnitude of the change and the opportunity around the marketplace, the business models, the technology, and ultimately benefits the society. >> Yeah. Wow. Getting bigger. >> You have 10 seconds, go. >> I know. Yeah. (laughing) No, look, so I think it is what we're seeing is really the next phase of what you might call cloud, right? This notion of delivering services, the way they've been packaged together, traditionally by the hyperscalers is now being challenged. and what we're seeing is really opening that up to new levels of innovation, and I think that will be huge for businesses because it'll help meet them where they are. Instead of needing to contort the businesses to, you know, make it work with the technology, the technology will support the business and where it's going. Give people more optionality, more flexibility in order to get there, and I think in the end, for us as individuals, it will just make for better experiences, right? You can get better performance, better interactivity, given that devices are so much of what we do, and so much of what we interact with all the time. This sort of flexibility and optionality will fundamentally better for us as individuals in our experiences. >> And we're seeing that with ChatGPT, everyone's talking about, just early days. There'll be more and more of things like that, that are next gen, like obviously like, wow, that's a fall out of your chair moment. >> It'll be the next wave of innovation that's unleashed. >> All right, Kit Colbert, thanks for coming on and sharing and exploring the Supercloud architecture, Cloud Chaos, the Cloud Smart, there's a transition progression happening and it's happening fast. This is the supercloud wave. If you're not on this wave, you'll be driftwood. That's a Pat Gelsinger quote on theCUBE. This is theCUBE Be right back with more Supercloud coverage, here in Palo Alto after this break. (upbeat music) (upbeat music continues)

(lively music) >> Welcome back to our coverage of Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today, throughout the day, with Palo Alto on the ground in Seattle. And right now I'm here with Michael Foster with Red Hat. He's on the ground in Seattle. We're going to discuss the trends and containers and security and everything that's going on at the show in Seattle. Michael, good to see you, thanks for coming on. >> Good to see you, thanks for having me on. >> Lot of market momentum for Red Hat. The IBM earnings call the other day, announced OpenShift is a billion-dollar ARR. So it's quite a milestone, and it's not often, you know. It's hard enough to become a billion-dollar software company and then to have actually a billion-dollar product alongside. So congratulations on that. And let's start with the event. What's the buzz at the event? People talking about shift left, obviously supply chain security is a big topic. We've heard a little bit about or quite a bit about AI. What are you hearing on the ground? >> Yeah, so the last event I was at that I got to see you at was three months ago, with CubeCon and the talk was supply chain security. Nothing has really changed on that front, although I do think that the conversation, let's say with the tech companies versus what customers are actually looking at, is slightly different just based on the market. And, like you said, thank you for the shout-out to a billion-dollar OpenShift, and ACS is certainly excited to be part of that. We are seeing more of a consolidation, I think, especially in security. The money's still flowing into security, but people want to know what they're running. We've allowed, had some tremendous growth in the last couple years and now it's okay. Let's get a hold of the containers, the clusters that we're running, let's make sure everything's configured. They want to start implementing policies effectively and really get a feel for what's going on across all their workloads, especially with the bigger companies. I think bigger companies allow some flexibility in the security applications that they can deploy. They can have different groups that manage different ones, but in the mid to low market, you're seeing a lot of consolidation, a lot of companies that want basically one security tool to manage them all, so to speak. And I think that the features need to somewhat accommodate that. We talk supply chain, I think most people continue to care about network security, vulnerability management, shifting left and enabling developers. That's the general trend I see. Still really need to get some hands on demos and see some people that I haven't seen in a while. >> So a couple things on, 'cause, I mean, we talk about the macroeconomic climate all the time. We do a lot of survey data with our partners at ETR, and their recent data shows that in terms of cost savings, for those who are actually cutting their budgets, they're looking to consolidate redundant vendors. So, that's one form of consolidation. The other theme, of course, is there's so many tools out in the security market that consolidating tools is something that can help simplify, but then at the same time, you see opportunities open up, like IOT security. And so, you have companies that are starting up to just do that. So, there's like these countervailing trends. I often wonder, Michael, will this ever end? It's like the universe growing and tooling, what are your thoughts? >> I mean, I completely agree. It's hard to balance trying to grow the company in a time like this, at the same time while trying to secure it all, right? So you're seeing the consolidation but some of these applications and platforms need to make some promises to say, "Hey, we're going to move into this space." Right, so when you have like Red Hat who wants to come out with edge devices and help manage the IOT devices, well then, you have a security platform that can help you do that, that's built in. Then the messaging's easy. When you're trying to do that across different cloud providers and move into IOT, it becomes a little bit more challenging. And so I think that, and don't take my word for this, some of those IOT startups, you might see some purchasing in the next couple years in order to facilitate those cloud platforms to be able to expand into that area. To me it makes sense, but I don't want to hypothesize too much from the start. >> But I do, we just did our predictions post and as a security we put up the chart of candidates, and there's like dozens, and dozens, and dozens. Some that are very well funded, but I mean, you've seen some down, I mean, down rounds everywhere, but these many companies have raised over a billion dollars and it's like uh-oh, okay, so they're probably okay, maybe. But a lot of smaller firms, I mean there's just, there's too many tools in the marketplace, but it seems like there is misalignment there, you know, kind of a mismatch between, you know, what customers would like to have happen and what actually happens in the marketplace. And that just underscores, I think, the complexities in security. So I guess my question is, you know, how do you look at Cloud Native Security, and what's different from traditional security approaches? >> Okay, I mean, that's a great question, and it's something that we've been talking to customers for the last five years about. And, really, it's just a change in mindset. Containers are supposed to unleash developer speed, and if you don't have a security tool to help do that, then you're basically going to inhibit developers in some form or another. I think managing that, while also giving your security teams the ability to tell the message of we are being more secure. You know, we're limiting vulnerabilities in our cluster. We are seeing progress because containers, you know, have a shorter life cycle and there is security and speed. Having that conversation with the C-suites is a little different, especially when how they might be used to virtual machines and managing it through that. I mean, if it works, it works from a developer's standpoint. You're not taking advantage of those containers and the developer's speed, so that's the difference. Now doing that and then first challenge is making that pitch. The second challenge is making that pitch to then scale it, so you can get onboard your developers and get your containers up and running, but then as you bring in new groups, as you move over to Kubernetes or you get into more container workloads, how do you onboard your teams? How do you scale? And I tend to see a general trend of a big investment needed for about two years to make that container shift. And then the security tools come in and really blossom because once that core separation of responsibilities happens in the organization, then the security tools are able to accelerate the developer workflow and not inhibit it. >> You know, I'm glad you mentioned, you know, separation of responsibilities. We go to a lot of shows, as you know, with theCUBE, and many of them are cloud shows. And in the one hand, Cloud has, you know, obviously made the world, you know, more interesting and better in so many different ways and even security, but it's like new layers are forming. You got the cloud, you got the shared responsibility model, so the cloud is like the first line of defense. And then you got the CISO who is relying heavily on devs to, you know, the whole shift left thing. So we're asking developers to do a lot and then you're kind of behind them. I guess you have audit is like the last line of defense, but my question to you is how can software developers really ensure that cloud native tools that they're using are secure? What steps can they take to improve security and specifically what's Red Hat doing in that area? >> Yeah, well I think there's, I would actually move away from that being the developer responsibility. I think the job is the operators' and the security people. The tools to give them the ability to see. The vulnerabilities they're introducing. Let's say signing their images, actually verifying that the images that's thrown in the cloud, are the ones that they built, that can all be done and it can be done open source. So we have a DevSecOps validated pattern that Red Hat's pushed out, and it's all open source tools in the cloud native space. And you can sign your builds and verify them at runtime and make sure that you're doing that all for free as one option. But in general, I would say that the hope is that you give the developer the information to make responsible choices and that there's a dialogue between your security and operations and developer teams but security, we should not be pushing that on developer. And so I think with ACS and our tool, the goal is to get in and say, "Let's set some reasonable policies, have a conversation, let's get a security liaison." Let's say in the developer team so that we can make some changes over time. And the more we can automate that and the more we can build and have that conversation, the better that you'll, I don't say the more security clusters but I think that the more you're on your path of securing your environment. >> How much talk is there at the event about kind of recent high profile incidents? We heard, you know, Log4j, of course, was mentioned in the Keynote. Somebody, you know, I think yelled out from the audience, "We're still dealing with that." But when you think about these, you know, incidents when looking back, what lessons do you think we've learned from these events? >> Oh, I mean, I think that I would say, if you have an approach where you're managing your containers, managing the age and using containers to accelerate, so let's say no images that are older than 90 days, for example, you're going to avoid a lot of these issues. And so I think people that are still dealing with that aspect haven't set up the proper, let's say, disclosure between teams and update strategy and so on. So I don't want to, I think the Log4j, if it's still around, you know, something's missing there but in general you want to be able to respond quickly and to do that and need the tools and policies to be able to tell people how to fix that issue. I mean, the Log4j fix was seven days after, so your developers should have been well aware of that. Your security team should have been sending the messages out. And I remember even fielding all the calls, all the fires that we had to put out when that happened. But yeah. >> I thought Brian Behlendorf's, you know, talk this morning was interesting 'cause he was making an attempt to say, "Hey, here's some things that you might not be thinking about that are likely to occur." And I wonder if you could, you know, comment on them and give us your thoughts as to how the industry generally, maybe Red Hat specifically, are thinking about dealing with them. He mentioned ChatGPT or other GPT to automate Spear phishing. He said the identity problem is still not fixed. Then he talked about free riders sniffing repos essentially for known vulnerabilities that are slow to fix. He talked about regulations that might restrict shipping code. So these are things that, you know, essentially, we can, they're on the radar, but you know, we're kind of putting out, you know, yesterday's fire. What are your thoughts on those sort of potential issues that we're facing and how are you guys thinking about it? >> Yeah, that's a great question, and I think it's twofold. One, it's brought up in front of a lot of security leaders in the space for them to be aware of it because security, it's a constant battle, constant war that's being fought. ChatGPT lowers the barrier of entry for a lot of them, say, would-be hackers or people like that to understand systems and create, let's say, simple manifests to leverage Kubernetes or leverage a misconfiguration. So as the barrier drops, we as a security team in security, let's say group organization, need to be able to respond and have our own tools to be able to combat that, and we do. So a lot of it is just making sure that we shore up our barriers and that people are aware of these threats. The harder part I think is educating the public and that's why you tend to see maybe the supply chain trend be a little bit ahead of the implementation. I think they're still, for example, like S-bombs and signing an attestation. I think that's still, you know, a year, two years, away from becoming, let's say commonplace, especially in something like a production environment. Again, so, you know, stay bleeding edge, and then make sure that you're aware of these issues and we'll be constantly coming to these calls and filling you in on what we're doing and make sure that we're up to speed. >> Yeah, so I'm hearing from folks like yourself that the, you know, you think of the future of Cloud Native Security. We're going to see continued emphasis on, you know, better integration of security into the DevSecOps. You're pointing out it's really, you know, the ops piece, that runtime that we really need to shore up. You can't just put it on the shoulders of the devs. And, you know, using security focused tools and best practices. Of course you hear a lot about that and the continued drive toward automation. My question is, you know, automation, machine learning, how, where are we in that maturity cycle? How much of that is being adopted? Sometimes folks are, you know, they embrace automation but it brings, you know, unknown, unintended consequences. Are folks embracing that heavily? Are there risks associated around that, or are we kind of through that knothole in your view? >> Yeah, that's a great question. I would compare it to something like a smart home. You know, we sort of hit a wall. You can automate so much, but it has to actually be useful to your teams. So when we're going and deploying ACS and using a cloud service, like one, you know, you want something that's a service that you can easily set up. And then the other thing is you want to start in inform mode. So you can't just automate everything, even if you're doing runtime enforcement, you need to make sure that's very, very targeted to exactly what you want and then you have to be checking it because people start new workloads and people get onboarded every week or month. So it's finding that balance between policies where you can inform the developer and the operations teams and that they give them the information to act. And that worst case you can step in as a security team to stop it, you know, during the onboarding of our ACS cloud service. We have an early access program and I get on-calls, and it's not even security team, it's the operations team. It starts with the security product, you know, and sometimes it's just, "Hey, how do I, you know, set this policy so my developers will find this vulnerability like a Log4Shell and I just want to send 'em an email, right?" And these are, you know, they have the tools and they can do that. And so it's nice to see the operations take on some security. They can automate it because maybe you have a NetSec security team that doesn't know Kubernetes or containers as well. So that shared responsibility is really useful. And then just again, making that automation targeted, even though runtime enforcement is a constant thing that we talk about, the amount that we see it in the wild where people are properly setting up admission controllers and it's acting. It's, again, very targeted. Databases, cubits x, things that are basically we all know is a no-go in production. >> Thank you for that. My last question, I want to go to the, you know, the hardest part and 'cause you're talking to customers all the time and you guys are working on the hardest problems in the world. What is the hardest aspect of securing, I'm going to come back to the software supply chain, hardest aspect of securing the software supply chain from the perspective of a security pro, software engineer, developer, DevSecOps Pro, and then this part b of that is, is how are you attacking that specifically as Red Hat? >> Sure, so as a developer, it's managing vulnerabilities with updates. As an operations team, it's keeping all the cluster, because you have a bunch of different teams working in the same environment, let's say, from a security team. It's getting people to listen to you because there are a lot of things that need to be secured. And just communicating that and getting it actionable data to the people to make the decisions as hard from a C-suite. It's getting the buy-in because it's really hard to justify the dollars and cents of security when security is constantly having to have these conversations with developers. So for ACS, you know, we want to be able to give the developer those tools. We also want to build the dashboards and reporting so that people can see their vulnerabilities drop down over time. And also that they're able to respond to it quickly because really that's where the dollars and cents are made in the product. It's that a Log4Shell comes out. You get immediately notified when the feeds are updated and you have a policy in action that you can respond to it. So I can go to my CISOs and say, "Hey look, we're limiting vulnerabilities." And when this came out, the developers stopped it in production and we were able to update it with the next release. Right, like that's your bread and butter. That's the story that you want to tell. Again, it's a harder story to tell, but it's easy when you have the information to be able to justify the money that you're spending on your security tools. Hopefully that answered your question. >> It does. That was awesome. I mean, you got data, you got communication, you got the people, obviously there's skillsets, you have of course, tooling and technology is a big part of that. Michael, really appreciate you coming on the program, sharing what's happening on the ground in Seattle and can't wait to have you back. >> Yeah. Awesome. Thanks again for having me. >> Yeah, our pleasure. All right. Thanks for watching our coverage of the Cloud Native Security Con. I'm Dave Vellante. I'm in our Boston studio. We're connecting to Palo Alto. We're connecting on the ground in Seattle. Keep it right there for more coverage. Be right back. (lively music)

(upbeat music) >> Hey everyone and welcome to theCUBE's coverage day one of CloudNativeSecurityCon '23. Lisa Martin here with John Furrier and Dave Vellante. Dave and John, great to have you guys on the program. This is interesting. This is the first inaugural CloudNativeSecurityCon. Formally part of KubeCon, now a separate event here happening in Seattle over the next couple of days. John, I wanted to get your take on, your thoughts on this being a standalone event, the community, the impact. >> Well, this inaugural event, which is great, we love it, we want to cover all inaugural events because you never know, there might not be one next year. So we were here if it happens, we're here at creation. But I think this is a good move for the CNCF and the Linux Foundation as security becomes so important and there's so many issues to resolve that will influence many other things. Developers, machine learning, data as code, supply chain codes. So I think KubeCon, Kubernetes conference and CloudNativeCon, is all about cloud native developers. And it's a huge event and there's so much there. There's containers, there's microservices, all that infrastructure's code, the DevSecOps on that side, there's enough there and it's a huge ecosystem. Pulling it as a separate event is a first move for them. And I think there's a toe in the water kind of vibe here. Testing the waters a little bit on, does this have legs? How is it organized? Looks like they took their time, thought it out extremely well about how to craft it. And so I think this is the beginning of what will probably be a seminal event for the open source community. So let's listen to the clip from Priyanka Sharma who's a CUBE alumni and executive director of the CNCF. This is kind of a teaser- >> We will tackle issues of security together here and further on. We'll share our experiences, successes, perhaps more importantly, failures, and help with the collecting of understanding. We'll create solutions. That's right. The practitioners are leading the way. Having conversations that you need to have. That's all of you. This conference today and tomorrow is packed with 72 sessions for all levels of technologists to reflect the bottoms up, developer first nature of the conference. The co-chairs have selected these sessions and they are true blue practitioners. >> And that's a great clip right there. If you read between the lines, what she's saying there, let's unpack this. Solutions, we're going to fail, we're going to get better. Linux, the culture of iterating. But practitioners, the mention of practitioners, that was very key. Global community, 72 sessions, co-chairs, Liz Rice and experts that are crafting this program. It seems like very similar to what AWS has done with re:Invent as their core show. And then they have re:Inforce which is their cloud native security, Amazon security show. There's enough there, so to me, practitioners, that speaks to the urgency of cloud native security. So to me, I think this is the first move, and again, testing the water. I like the vibe. I think the practitioner angle is relevant. It's very nerdy, so I think this is going to have some legs. >> Yeah, the other key phrase Priyanka mentioned is bottoms up. And John, at our predictions breaking analysis, I asked you to make a prediction about events. And I think you've nailed it. You said, "Look, we're going to have many more events, but they're going to be smaller." Most large events are going to get smaller. AWS is obviously the exception, but a lot of events like this, 500, 700, 1,000 people, that is really targeted. So instead of you take a big giant event and there's events within the event, this is going to be really targeted, really intimate and focused. And that's exactly what this is. I think your prediction nailed it. >> Well, Dave, we'll call to see the event operating system really cohesive events connected together, decoupled, and I think the Linux Foundation does an amazing job of stringing these events together to have community as the focus. And I think the key to these events in the future is having, again, targeted content to distinct user groups in these communities so they can be highly cohesive because they got to be productive. And again, if you try to have a broad, big event, no one's happy. Everyone's underserved. So I think there's an industry concept and then there's pieces tied together. And I think this is going to be a very focused event, but I think it's going to grow very fast. >> 72 sessions, that's a lot of content for this small event that the practitioners are going to have a lot of opportunity to learn from. Do you guys, John, start with you and then Dave, do you think it's about time? You mentioned John, they're dipping their toe in the water. We'll see how this goes. Do you think it's about time that we have this dedicated focus out of this community on cloud native security? >> Well, I think it's definitely time, and I'll tell you there's many reasons why. On the front lines of business, there's a business model for security hackers and breaches. The economics are in favor of the hackers. That's a real reality from ransomware to any kind of breach attacks. There's corporate governance issues that's structural challenges for companies. These are real issues operationally for companies in the enterprise. And at the same time, on the tech stack side, it's been very slow movement, like glaciers in terms of security. Things like DNS, Linux kernel, there are a lot of things in the weeds in the details of the bowels of the tech world, protocol levels that just need to be refactored. And I think you're seeing a lot of that here. It was mentioned from Brian from the Linux Foundation, mentioned Dan Kaminsky who recently passed away who found that vulnerability in BIND which is a DNS construct. That was a critical linchpin. They got to fix these things and Liz Rice is talking about the Linux kernel with the extended Berkeley Packet Filtering thing. And so this is where they're going. This is stuff that needs to be paid attention to because if they don't do it, the train of automation and machine learning is going to run wild with all kinds of automation that the infrastructure just won't be set up for. So I think there's going to be root level changes, and I think ultimately a new security stack will probably be very driven by data will be emerging. So to me, I think this is definitely worth being targeted. And I think you're seeing Amazon doing the same thing. I think this is a playbook out of AWS's event focus and I think that's right. >> Dave, what are you thoughts? >> There was a lot of talk in, again, I go back to the progression here in the last decade about what's the right regime for security? Should the CISO report to the CIO or the board, et cetera, et cetera? We're way beyond that now. I think DevSecOps is being asked to do a lot, particularly DevOps. So we hear a lot about shift left, we're hearing about protecting the runtime and the ops getting much more involved and helping them do their jobs because the cloud itself has brought a lot to the table. It's like the first line of defense, but then you've really got a lot to worry about from a software defined perspective. And it's a complicated situation. Yes, there's less hardware, yes, we can rely on the cloud, but culturally you've got a lot more people that have to work together, have to share data. And you want to remove the blockers, to use an Amazon term. And the way you do that is you really, if we talked about it many times on theCUBE. Do over, you got to really rethink the way in which you approach security and it starts with culture and team. >> Well the thing, I would call it the five C's of security. Culture, you mentioned that's a good C. You got cloud, tons of issues involved in cloud. You've got access issues, identity. you've got clusters, you got Kubernetes clusters. And then you've got containers, the fourth C. And then finally is the code itself, supply chain. So all areas of cloud native, if you take out culture, it's cloud, cluster, container, and code all have levels of security risks and new things in there that need to be addressed. So there's plenty of work to get done for sure. And again, this is developer first, bottoms up, but that's where the change comes in, Dave, from a security standpoint, you always point this out. Bottoms up and then middle out for change. But absolutely, the imperative is today the business impact is real and it's urgent and you got to pedal as fast as you can here, so I think this is going to have legs. We'll see how it goes. >> Really curious to understand the cultural impact that we see being made at this event with the focus on it. John, you mentioned the four C's, five with culture. I often think that culture is probably the leading factor. Without that, without getting those teams aligned, is the rest of it set up to be as successful as possible? I think that's a question that's- >> Well to me, Dave asked Pat Gelsinger in 2014, can security be a do-over at VMWorld when he was the CEO of VMware? He said, "Yes, it has to be." And I think you're seeing that now. And Nick from the co-founder of Palo Alto Networks was quoted on theCUBE by saying, "Zero Trust is some structure to give to security, but cloud allows for the ability to do it over and get some scale going on security." So I think the best people are going to come together in this security world and they're going to work on this. So you're going to start to see more focus around these security events and initiatives. >> So I think that when you go to the, you mentioned re:Inforce a couple times. When you go to re:Inforce, there's a lot of great stuff that Amazon puts forth there. Very positive, it's not that negative. Oh, the world is falling, the sky is falling. And so I like that. However, you don't walk away with an understanding of how they're making the CISOs and the DevOps lives easier once they get beyond the cloud. Of course, it's not Amazon's responsibility. And that's where I think the CNCF really comes in and open source, that's where they pick up. Obviously the cloud's involved, but there's a real opportunity to simplify the lives of the DevSecOps teams and that's what's critical in terms of being able to solve, or at least keep up with this never ending problem. >> Yeah, there's a lot of issues involved. I took some notes here from some of the keynote you heard. Security and education, training and team structure. Detection, incidents that are happening, and how do you respond to that architecture. Identity, isolation, supply chain, and governance and compliance. These are all real things. This is not like hand-waving issues. They're mainstream and they're urgent. Literally the houses are on fire here with the enterprise, so this is going to be very, very important. >> Lisa: That's a great point. >> Some of the other things Priyanka mentioned, exposed edges and nodes. So just when you think we're starting to solve the problem, you got IOT, security's not a one and done task. We've been talking about culture. No person is an island. It's $188 billion business. Cloud native is growing at 27% a year, which just underscores the challenges, and bottom line, practitioners are leading the way. >> Last question for you guys. What are you hoping those practitioners get out of this event, this inaugural event, John? >> Well first of all, I think this inaugural event's going to be for them, but also we at theCUBE are going to be doing a lot more security events. RSA's coming up, we're going to be at re:Inforce, we're obviously going to be covering this event. We've got Black Hat, a variety of other events. We'll probably have our own security events really focused on some key areas. So I think the thing that people are going to walk away from this event is that paying attention to these security events are going to be more than just an industry thing. I think you're going to start to see group gatherings or groups convening virtually and physically around core issues. And I think you're going to start to see a community accelerate around cloud native and open source specifically to help teams get faster and better at what they do. So I think the big walkaway for the customers and the practitioners here is that there's a call to arms happening and this is, again, another signal that it's worth breaking out from the core event, but being tied to it, I think that's a good call and I think it's a well good architecture from a CNCF standpoint and a worthy effort, so I give it a thumbs up. We still don't know what it's going to look like. We'll see what day two looks like, but it seems to be experts, practitioners, deep tech, enabling technologies. These are things that tend to be good things to hear when you're at an event. I'll say the business imperative is obvious. >> The purpose of an event like this, and it aligns with theCUBE's mission, is to educate and inspire business technology pros to action. We do it in theCUBE with free content. Obviously this event is a for-pay event, but they are delivering some real value to the community that they can take back to their organizations to make change. And that's what it's all about. >> Yep, that is what it's all about. I'm looking forward to seeing over as the months unfold, the impact that this event has on the community and the impact the community has on this event going forward, and really the adoption of cloud native security. Guys, great to have you during this keynote analysis. Looking forward to hearing the conversations that we have on theCUBE today. Thanks so much for joining. And for my guests, for my co-hosts, John Furrier and Dave Vellante. I'm Lisa Martin. You're watching theCUBE's day one coverage of CloudNativeSecurityCon '23. Stick around, we got great content on theCUBE coming up. (upbeat music)

>>Hey everyone, welcome to this event, HPE Compute Security. I'm your host, Lisa Martin. Kevin Dee joins me next Senior director, future Surfer Architecture at hpe. Kevin, it's great to have you back on the program. >>Thanks, Lisa. I'm glad to be here. >>One of the topics that we're gonna unpack in this segment is, is all about cybersecurity. And if we think of how dramatically the landscape has changed in the last couple of years, I was looking at some numbers that H P V E had provided. Cybercrime will reach 10.5 trillion by 2025. It's a couple years away. The average total cost of a data breach is now over 4 million, 15% year over year crime growth predicted over the next five years. It's no longer if we get hit, it's when it's how often. What's the severity? Talk to me about the current situation with the cybersecurity landscape that you're seeing. >>Yeah, I mean the, the numbers you're talking about are just staggering and then that's exactly what we're seeing and that's exactly what we're hearing from our customers is just absolutely key. Customers have too much to lose. The, the dollar cost is just, like I said, staggering. And, and here at HP we know we have a huge part to play, but we also know that we need partnerships across the industry to solve these problems. So we have partnered with, with our, our various partners to deliver these Gen 11 products. Whether we're talking about partners like a M D or partners like our Nick vendors, storage card vendors. We know we can't solve the problem alone. And we know this, the issue is huge. And like you said, the numbers are staggering. So we're really, we're really partnering with, with all the right players to ensure we have a secure solution so we can stay ahead of the bad guys to try to limit the, the attacks on our customers. >>Right. Limit the damage. What are some of the things that you've seen particularly change in the last 18 months or so? Anything that you can share with us that's eye-opening, more eye-opening than some of the stats we already shared? >>Well, there, there's been a massive number of attacks just in the last 12 months, but I wouldn't really say it's so much changed because the amount of attacks has been increasing dramatically over the years for many, many, many years. It's just a very lucrative area for the bad guys, whether it's ransomware or stealing personal data, whatever it is, it's there. There's unfortunately a lot of money to be made into it, made from it, and a lot of money to be lost by the good guys, the good guys being our customers. So it's not so much that it's changed, it's just that it's even accelerating faster. So the real change is, it's accelerating even faster because it's becoming even more lucrative. So we have to stay ahead of these bad guys. One of the statistics of Microsoft operating environments, the number of tax in the last year, up 50% year over year, that's a huge acceleration and we've gotta stay ahead of that. We have to make sure our customers don't get impacted to the level that these, these staggering number of attacks are. The, the bad guys are out there. We've gotta protect, protect our customers from the bad guys. >>Absolutely. The acceleration that you talked about is, it's, it's kind of frightening. It's very eye-opening. We do know that security, you know, we've talked about it for so long as a, as a a C-suite priority, a board level priority. We know that as some of the data that HPE e also sent over organizations are risking are, are listing cyber risks as a top five concern in their organization. IT budgets spend is going up where security is concerned. And so security security's on everyone's mind. In fact, the cube did, I guess in the middle part of last, I did a series on this really focusing on cybersecurity as a board issue and they went into how companies are structuring security teams changing their assumptions about the right security model, offense versus defense. But security's gone beyond the board, it's top of mind and it's on, it's in an integral part of every conversation. So my question for you is, when you're talking to customers, what are some of the key challenges that they're saying, Kevin, these are some of the things the landscape is accelerating, we know it's a matter of time. What are some of those challenges and that they're key pain points that they're coming to you to help solve? >>Yeah, at the highest level it's simply that security is incredibly important to them. We talked about the numbers. There's so much money to be lost that what they come to us and say, is security's important for us? What can you do to protect us? What can you do to prevent us from being one of those statistics? So at a high level, that's kind of what we're seeing at a, with a little more detail. We know that there's customers doing digital transformations. We know that there's customers going hybrid cloud, they've got a lot of initiatives on their own. They've gotta spend a lot of time and a lot of bandwidth tackling things that are important to their business. They just don't have the bandwidth to worry about yet. Another thing which is security. So we are doing everything we can and partnering with everyone we can to help solve those problems for customers. >>Cuz we're hearing, hey, this is huge, this is too big of a risk. How do you protect us? And by the way, we only have limited bandwidth, so what can we do? What we can do is make them assured that that platform is secure, that we're, we are creating a foundation for a very secure platform and that we've worked with our partners to secure all the pieces. So yes, they still have to worry about security, but there's pieces that we've taken care of that they don't have to worry about and there's capabilities that we've provided that they can use and we've made that easy so they can build su secure solutions on top of it. >>What are some of the things when you're in customer conversations, Kevin, that you talk about with customers in terms of what makes HPE E'S approach to security really unique? >>Well, I think a big thing is security is part of our, our dna. It's part of everything we do. Whether we're designing our own asics for our bmc, the ilo ASIC ILO six used on Gen 11, or whether it's our firmware stack, the ILO firmware, our our system, UFI firmware, all those pieces in everything we do. We're thinking about security. When we're building products in our factory, we're thinking about security. When we're think designing our supply chain, we're thinking about security. When we make requirements on our suppliers, we're driving security to be a key part of those components. So security is in our D N a security's top of mind. Security is something we think about in everything we do. We have to think like the bad guys, what could the bad guy take advantage of? What could the bad guy exploit? So we try to think like them so that we can protect our customers. >>And so security is something that that really is pervasive across all of our development organizations, our supply chain organizations, our factories, and our partners. So that's what we think is unique about HPE is because security is so important and there's a whole lot of pieces of our reliance servers that we do ourselves that many others don't do themselves. And since we do it ourselves, we can make sure that security's in the design from the start, that those pieces work together in a secure manner. So we think that gives us a, an advantage from a security standpoint. >>Security is very much intention based at HPE e I was reading in some notes, and you just did a great job of talking about this, that fundamental security approach, security is fundamental to defend against threats that are increasingly complex through what you also call an uncompromising focus to state-of-the-art security and in in innovations built into your D N A. And then organizations can protect their infrastructure, their workloads, their data from the bad guys. Talk to us briefly in our final few minutes here, Kevin, about fundamental uncompromising protected the value in it for me as an HPE customer. >>Yeah, when we talk about fundamental, we're talking about the those fundamental technologies that are part of our platform. Things like we've integrated TPMS and sorted them down in our platforms. We now have platform certificates as a standard part of the platform. We have I dev id and probably most importantly, our platforms continue to support what we really believe was a groundbreaking technology, Silicon Root of trust and what that's able to do. We have millions of lines of firmware code in our platforms and with Silicon Root of trust, we can authenticate all of those lines of firmware. Whether we're talking about the the ILO six firmware, our U E I firmware, our C P L D in the system, there's other pieces of firmware. We authenticate all those to make sure that not a single line of code, not a single bit has been changed by a bad guy, even if the bad guy has physical access to the platform. >>So that silicon route of trust technology is making sure that when that system boots off and that hands off to the operating system and then eventually the customer's application stack that it's starting with a solid foundation, that it's starting with a system that hasn't been compromised. And then we build other things into that silicon root of trust, such as the ability to do the scans and the authentications at runtime, the ability to automatically recover if we detect something has been compromised, we can automatically update that compromised piece of firmware to a good piece before we've run it because we never want to run firmware that's been compromised. So that's all part of that Silicon Root of Trust solution and that's a fundamental piece of the platform. And then when we talk about uncompromising, what we're really talking about there is how we don't compromise security. >>And one of the ways we do that is through an extension of our Silicon Root of trust with a capability called S Spdm. And this is a technology that we saw the need for, we saw the need to authenticate our option cards and the firmware in those option cards. Silicon Root Prota, Silicon Root Trust protects against many attacks, but one piece it didn't do is verify the actual option card firmware and the option cards. So we knew to solve that problem we would have to partner with others in the industry, our nick vendors, our storage controller vendors, our G vendors. So we worked with industry standards bodies and those other partners to design a capability that allows us to authenticate all of those devices. And we worked with those vendors to get the support both in their side and in our platform side so that now Silicon Rivers and trust has been extended to where we protect and we trust those option cards as well. >>So that's when, when what we're talking about with Uncompromising and with with Protect, what we're talking about there is our capabilities around protecting against, for example, supply chain attacks. We have our, our trusted supply chain solution, which allows us to guarantee that our server, when it leaves our factory, what the server is, when it leaves our factory, will be what it is when it arrives at the customer. And if a bad guy does anything in that transition, the transit from our factory to the customer, they'll be able to detect that. So we enable certain capabilities by default capability called server configuration lock, which can ensure that nothing in the server exchange, whether it's firmware, hardware, configurations, swapping out processors, whatever it is, we'll detect if a bad guy did any of that and the customer will know it before they deploy the system. That gets enabled by default. >>We have an intrusion detection technology option when you use by the, the trusted supply chain that is included by default. That lets you know, did anybody open that system up, even if the system's not plugged in, did somebody take the hood off and potentially do something malicious to it? We also enable a capability called U EFI secure Boot, which can go authenticate some of the drivers that are located on the option card itself. Those kind of capabilities. Also ilo high security mode gets enabled by default. So all these things are enabled in the platform to ensure that if it's attacked going from our factory to the customer, it will be detected and the customer won't deploy a system that's been maliciously attacked. So that's got >>It, >>How we protect the customer through those capabilities. >>Outstanding. You mentioned partners, my last question for you, we've got about a minute left, Kevin is bring AMD into the conversation, where do they fit in this >>AMD's an absolutely crucial partner. No one company even HP can do it all themselves. There's a lot of partnerships, there's a lot of synergies working with amd. We've been working with AMD for almost 20 years since we delivered our first AM MD base ProLiant back in 2004 H HP ProLiant, DL 5 85. So we've been working with them a long time. We work with them years ahead of when a processor is announced, we benefit each other. We look at their designs and help them make their designs better. They let us know about their technology so we can take advantage of it in our designs. So they have a lot of security capabilities, like their memory encryption technologies, their a MD secure processor, their secure encrypted virtualization, which is an absolutely unique and breakthrough technology to protect virtual machines and hypervisor environments and protect them from malicious hypervisors. So they have some really great capabilities that they've built into their processor, and we also take advantage of the capabilities they have and ensure those are used in our solutions and in securing the platform. So a really such >>A great, great partnership. Great synergies there. Kevin, thank you so much for joining me on the program, talking about compute security, what HPE is doing to ensure that security is fundamental, that it is unpromised and that your customers are protected end to end. We appreciate your insights, we appreciate your time. >>Thank you very much, Lisa. >>We've just had a great conversation with Kevin Depu. Now I get to talk with David Chang, data center solutions marketing lead at a md. David, welcome to the program. >>Thank, thank you. And thank you for having me. >>So one of the hot topics of conversation that we can't avoid is security. Talk to me about some of the things that AMD is seeing from the customer's perspective, why security is so important for businesses across industries. >>Yeah, sure. Yeah. Security is, is top of mind for, for almost every, every customer I'm talking to right now. You know, there's several key market drivers and, and trends, you know, in, out there today that's really needing a better and innovative solution for, for security, right? So, you know, the high cost of data breaches, for example, will cost enterprises in downtime of, of the data center. And that time is time that you're not making money, right? And potentially even leading to your, to the loss of customer confidence in your, in your cust in your company's offerings. So there's real costs that you, you know, our customers are facing every day not being prepared and not having proper security measures set up in the data center. In fact, according to to one report, over 400 high-tech threats are being introduced every minute. So every day, numerous new threats are popping up and they're just, you know, the, you know, the bad guys are just getting more and more sophisticated. So you have to take, you know, measures today and you have to protect yourself, you know, end to end with solutions like what a AM MD and HPE has to offer. >>Yeah, you talked about some of the costs there. They're exorbitant. I've seen recent figures about the average, you know, cost of data breacher ransomware is, is close to, is over $4 million, the cost of, of brand reputation you brought up. That's a great point because nobody wants to be the next headline and security, I'm sure in your experiences. It's a board level conversation. It's, it's absolutely table stakes for every organization. Let's talk a little bit about some of the specific things now that A M D and HPE E are doing. I know that you have a really solid focus on building security features into the EPIC processors. Talk to me a little bit about that focus and some of the great things that you're doing there. >>Yeah, so, you know, we partner with H P E for a long time now. I think it's almost 20 years that we've been in business together. And, and you know, we, we help, you know, we, we work together design in security features even before the silicons even, you know, even born. So, you know, we have a great relationship with, with, with all our partners, including hpe and you know, HPE has, you know, an end really great end to end security story and AMD fits really well into that. You know, if you kind of think about how security all started, you know, in, in the data center, you, you've had strategies around encryption of the, you know, the data in, in flight, the network security, you know, you know, VPNs and, and, and security on the NS. And, and even on the, on the hard drives, you know, data that's at rest. >>You know, encryption has, you know, security has been sort of part of that strategy for a a long time and really for, you know, for ages, nobody really thought about the, the actual data in use, which is, you know, the, the information that's being passed from the C P U to the, the, the memory and, and even in virtualized environments to the, the, the virtual machines that, that everybody uses now. So, you know, for a long time nobody really thought about that app, you know, that third leg of, of encryption. And so a d comes in and says, Hey, you know, this is things that as, as the bad guys are getting more sophisticated, you, you have to start worrying about that, right? And, you know, for example, you know, you know, think, think people think about memory, you know, being sort of, you know, non-persistent and you know, when after, you know, after a certain time, the, the, you know, the, the data in the memory kind of goes away, right? >>But that's not true anymore because even in in memory data now, you know, there's a lot of memory modules that still can retain data up to 90 minutes even after p power loss. And with something as simple as compressed, compressed air or, or liquid nitrogen, you can actually freeze memory dams now long enough to extract the data from that memory module for up, you know, up, up to two or three hours, right? So lo more than enough time to read valuable data and, and, and even encryption keys off of that memory module. So our, our world's getting more complex and you know, more, the more data out there, the more insatiable need for compute and storage. You know, data management is becoming all, all the more important, you know, to keep all of that going and secure, you know, and, and creating security for those threats. It becomes more and more important. And, and again, especially in virtualized environments where, you know, like hyperconverged infrastructure or vir virtual desktop memories, it's really hard to keep up with all those different attacks, all those different attack surfaces. >>It sounds like what you were just talking about is what AMD has been able to do is identify yet another vulnerability Yes. Another attack surface in memory to be able to, to plug that hole for organizations that didn't, weren't able to do that before. >>Yeah. And, you know, and, and we kind of started out with that belief that security needed to be scalable and, and able to adapt to, to changing environments. So, you know, we, we came up with, you know, the, you know, the, the philosophy or the design philosophy that we're gonna continue to build on those security features generational generations and stay ahead of those evolving attacks. You know, great example is in, in the third gen, you know, epic C P U, that family that we had, we actually created this feature called S E V S N P, which stands for SECURENESS Paging. And it's really all around this, this new attack where, you know, your, the, the, you know, it's basically hypervisor based attacks where people are, you know, the bad actors are writing in to the memory and writing in basically bad data to corrupt the mem, you know, to corrupt the data in the memory. So s e V S and P is, was put in place to help, you know, secure that, you know, before that became a problem. And, you know, you heard in the news just recently that that becoming a more and more, more of a bigger issue. And the great news is that we had that feature built in, you know, before that became a big problem. >>And now you're on the fourth gen, those epic crosses talk of those epic processes. Talk to me a little bit about some of the innovations that are now in fourth gen. >>Yeah, so in fourth gen we actually added, you know, on top of that. So we've, we've got, you know, the sec the, the base of our, our, what we call infinity guard is, is all around the secure boot. The, you know, the, the, the, the secure root of trust that, you know, that we, we work with HPE on the, the strong memory encryption and the S E V, which is the secure encrypted virtualization. And so remember those s s and p, you know, incap capabilities that I talked about earlier. We've actually, in the fourth gen added two x the number of sev v s and P guests for even higher number of confidential VMs to support even more customers than before. Right? We've also added more guest protection from simultaneous multi threading or S M T side channel attacks. And, you know, while it's not officially part of Infinity Guard, we've actually added more APEC acceleration, which greatly benefits the security of those confidential VMs with the larger number of VCPUs, which basically means that you can build larger VMs and still be secured. And then lastly, we actually added even stronger a e s encryption. So we went from 128 bit to 256 bit, which is now military grade encryption on top of that. And, you know, and, and that's really, you know, the de facto crypto cryptography that is used for most of the applications for, you know, customers like the US federal government and, and all, you know, the, is really an essential element for memory security and the H B C applications. And I always say if it's good enough for the US government, it's good enough for you. >>Exactly. Well, it's got to be, talk a little bit about how AMD is doing this together with HPE a little bit about the partnership as we round out our conversation. >>Sure, absolutely. So security is only as strong as the layer below it, right? So, you know, that's why modern security must be built in rather than, than, you know, bolted on or, or, or, you know, added after the fact, right? So HPE and a MD actually developed this layered approach for protecting critical data together, right? Through our leadership and, and security features and innovations, we really deliver a set of hardware based features that, that help decrease potential attack surfaces. With, with that holistic approach that, you know, that safeguards the critical information across system, you know, the, the entire system lifecycle. And we provide the confidence of built-in silicon authentication on the world's most secure industry standard servers. And with a 360 degree approach that brings high availability to critical workloads while helping to defend, you know, against internal and external threats. So things like h hp, root of silicon root of trust with the trusted supply chain, which, you know, obviously AMD's part of that supply chain combined with AMD's Infinity guard technology really helps provide that end-to-end data protection in today's business. >>And that is so critical for businesses in every industry. As you mentioned, the attackers are getting more and more sophisticated, the vulnerabilities are increasing. The ability to have a pa, a partnership like H P E and a MD to deliver that end-to-end data protection is table stakes for businesses. David, thank you so much for joining me on the program, really walking us through what am MD is doing, the the fourth gen epic processors and how you're working together with HPE to really enable security to be successfully accomplished by businesses across industries. We appreciate your insights. >>Well, thank you again for having me, and we appreciate the partnership with hpe. >>Well, you wanna thank you for watching our special program HPE Compute Security. I do have a call to action for you. Go ahead and visit hpe com slash security slash compute. Thanks for watching.

(techno intro music) >> Hey everyone, good afternoon from sin city. This is Lisa Martin with Dave Vellante. We are in full swing of theCUBE's four days of coverage of AWS re:invent 2022. North of 50,000 people are here. We're nearing hundreds of thousands online. Dave, this has been, this is a great event. We've had great conversations. We're going to be having more conversations. One of the things we love talking about on theCUBE is AWS and its ecosystem of partners, and we are going to do just that right now. Brian Henderson joins us, Director of Marketing at Dell Technologies. Marc Trimuschat, Director of Worldwide Storage Specialists at AWS is also here. Guys, it's great to have you. >> Great to be here. >> Great to be here, yeah. Feeling the energy of the show. >> Isn't it great? >> Mark: I know, amazing. >> It's amazing. It started out high and it has not dropped since Monday night. Brian, talk a little bit about Dell, what you're doing with customers on their Cloud journeys. Every customer, every industry is on one at different points in their journey, but what's Dell helping out with there? >> What we're here to talk about is the progression that we've seen, right, Cloud has changed a lot over the years and Dell has really put out a strategy to help people with their Cloud journey, kind of wherever they are. So a lot of people have moved full shift. A lot of people see that as another location, and what we're showing at the booth is the idea of taking these enterprise capabilities that people know and trust from Dell, courting them to the Cloud. In some cases not courting, but just delivering that software in the Cloud, as well as taking some of the Kubernetes integrations, EKS Anywhere, bringing that on-prem. So we've got some storage, data protection, and our Kubernetes integration to talk about at the show. >> Awesome, Mark, talk about the role from Amazon's point of view that third party vendors like Dell Technologies plays in AWS's expanding vision of Cloud. >> Great, well, we're really excited to be partnering with Dell. What we see that historically is, you know, AWS is focused on builders, people, and really the developer community who are building those components themselves, putting together really resilient infrastructure and applications. What we're seeing today is a shift also to the type of customers that we're seeing, more traditional enterprise customers, who are demanding really performance, the scalability, also the resiliency of what they had on-premises, and they want that on the Cloud as well. So with Dell, and we've got some great solutions that we're partnering on, including Dell PowerFlex that provides that linear scalability and some of the high performance capabilities that customers are demanding. And also, another big trend that we're seeing is customers being affected by things like unfortunately malware events, right, and data protection. So Dell provides some great solutions in both those areas that allow enterprise customers to really experience that mission critical capability and resiliency that they have on-premises in the Cloud. >> You know, Brian, we've been at this a long time. >> Brian: Oh yeah, great to see you again. >> And I've been hearing my whole career that storage is going to get commoditized. And I guess if you're talking about spinning discs or flash drives, it's probably true, but as Mark was just saying if you want resilient storage and things that are recoverable, that don't go down all the time, they're not commodities. >> Brian: Yeah. >> It's real engineering. And you built the stack up, so talk about how that connection, what value you bring to the Cloud and your customers. >> Yeah, so what we see is people are always looking out for enterprise grade capabilities. So there's going to be a set of offerings, and AWS has a fantastic foundation for building on top of with the marketplace. So what we're able to do is really bring, in some cases, decades worth of investment in software engineering and put these advanced capabilities, whether it be PowerFlex with its linear scale. We'll have a file offering very soon. These products have been built from the ground up to do a very unique purpose. Giving that to people in the Cloud is just another location for us, AWS being the market leader. We're the market leader in storage. So us working together for the benefit of customers is really where it's at. >> Can you double click on that, Brian, what Dell and AWS? Give us all those juicy details. >> Sure, sure, sure, so what we've done right before this show is we put a product called PowerFlex, if you go back to 2018 scale IO, and you're taking this really linear scaling software defined architecture, and you're putting that in the Cloud. What that allows you to do is get that really advanced linear scale performance. You can even span clusters across AWS regions, as well as zones. So it's a really unique capability that allows us to be able to check in and do that. And in the data protection space, it's a whole separate category. We've been at this actually quite a while. We've got about 14 exo bytes of data that's already being protected on the AWS Cloud. So we've been at that for quite a while. And the two levels are really, do you want to back that up? Do you want to take a traditional back up application, maybe it's a lift and shift, and I want to back it up the way I used to, and you can do that in the Cloud now. Or we're seeing cyber resiliency come up a lot more, and we were just talking right before, it's a question of when, not if, and so we have to give our customers the option to not only detect that failure event early, but also to separate that copy with a logical air gap. >> The cyber resiliency is a topic we are talking more and more about. It's absolutely critical. We've seen the threat landscape change dramatically in the last couple of years. To your point, Brian, it's no longer, when we think of ransomware, it's no longer are we going to get hit? It's when, it's how often. What's the damage going to be? I think I saw a stat recently that there's one ransomware attack every 11 seconds. The average cost of reaches is in the millions, so what you're doing together on cyber resiliency for businesses in any industry is table stakes. >> Yeah, we just saw a survey that, it was done earlier this year survey, 66% unfortunately of corporations have experienced a malware attack. And that's an 80% increase from last year. >> Lisa: Wow. >> So again, I think that's an opportunity. It's a threat, but an opportunity, and so the partnership with Dell really helps bridge that and helps our customers, our mutual customers, recover from those incidents. >> A lot of people might say, this is interesting. A storage guy from Amazon, a storage guy from Dell, two leaders. And one might think, why didn't they just throw in a dash three, right, but you guys are both customer driven, customer obsessed. In the field, what are customers saying to you in terms of how they want you to work together? >> Well I think there's a place for everything. When you say throw in to S3, so S3 today, one of the big trends when you're looking here is just the amount of data, you know, we hear that rhetoric, you know, we've been in storage for many years, and the data has all increased up and to the right. But, you know, AWSI, S3 today, we have over 280 trillion objects in our, driving a hundred million transactions per second right now, so that's scale. So there's always a place for those really, we have hundreds of thousands of customers running their data links, so that's always going to be that really, you know, highly reliable, highly durable, high available solution for data links. But customers, there's a lot of different applications out there. So where customers are asking are those enterpise. So we have EBS, for example, which is our great, you know, scalable block search, elastic block store. We introduced some new volume types, like GP2, GP2, and IO2VX, which will have that performance. But there's still single availability zone. So what customers have done historically is they maybe the application layer, they put an application layer replication or resiliency across, but customers on-prem, they've relied on storage layers to do that work for them. So, with PowerFlex, that'll stand either using instant storage or EBS, building on that really strong foundation, but provide that additional layer to make it easy for customers to get that resiliency and that scalability that Brian talked about. >> Yep, yep. >> Anything you can add to that? >> Yeah, I mean to your question, how do we work together is really, it's all customer driven. So we see customers that are shifting workloads in the Cloud for the first time. And it might make sense to take an object, like PowerFlex or another storage technology, maybe you want to compress it a little bit before you send it to the Cloud. Maybe you don't want to lift and shift everything. So we have a team of people that works very closely with AWS to be able to determine how are you going to shift that workload out there? Does this make the right sense for you? So it's a very collaborative relationship. And it's all very customer driven because our customers are saying, I've got assets in the public Cloud, and I want them to be managed in a similar fashion to how I'm doing that on-prem. >> So customer obsession is clearly on both sides there. We know that. >> It's where it starts. >> Exactly, exactly. Going back to PowerFlex for a second, Brian, and I'd love to get an example of a joint customer that really is showing the value of what Dell and AWS are doing together. The question for you on PowerFlex, talk about the value that it offers to the public Cloud. And why should customers start there if they are early in this journey? >> All right, yeah, so the two angles are basically, are you coming from PowerFlex or you're coming from Cloud. If you're Cloud native, the advantage would be things like a really, really advanced block file system that has been built from the ground up to be software defined and pretty much Cloud native. What you're getting is that really linear scale up to about 1,000 nodes. You can span that across regions, across availability zones, so it's highly resilient. So if there's a node failure in one site, you're going to rebuild really fast, depending on the size of that cluster. So it's a very advanced architecture that's been built to run, you know, we didn't have to change a single line of code to run this product in the Cloud because it was Cloud native by default, so. >> Well that's the thing. We also see, and you've seen that with some of the other solutions, but customers really want that. Enterprise customers are, they want us to make sure those mission critical applications are working and stay up. So they also want to use the same environment. So we were talking before, we also see use cases where maybe they're using PowerFlex on-premises today and they want to be able to replicate that to PowerFlex that's in the Cloud. So we're seeing those, and the familiarity with that infrastructure really is that easy path, if you will, for those more conservative mission critical customers. >> We've learned a lot over the years from AWS's entry into the marketplace. Two recent teams working backwards. We talk about customer obsession. And also the Cloud experience. It brings me to APEX. >> Oh yeah. >> Dave: How does APEX fit in here? >> Yeah, so APEX is the categorization for all the things that we're doing around a modern Cloud experience for Dell customers. So we're taking them also on a journey, kind of as a service model. There's a do-it-yourself model. And anything that we do that touches Cloud is now being kind of put under that APEX moniker. So everything that we're doing around Project Alpine, enterprise software capabilities in the Cloud. Do you want someone else to manage it for you? Do you want it in a polo? That might be the right fit for you. It's all under that APEX umbrella and journey. So we're kind of still just getting started there, but we're seeing a lot of great traction. People want to pay as they go, you know, it's a very popular model that AWS has pretty much set the foundation for. So pay as you go, utility based pricing, this is all things our customers have been asking for. >> Yeah, so APEX, you basically set a baseline. You can dial it up, dial it down, very much pay by the drink. >> Absolutely. >> And, you know, like you said, it's early days. >> Brian: Yeah. >> But that's, again, AWS has influenced the business in a lot of different ways. >> Again, with the Dell, you know, the trust customers that Dell has built over the years and having those customers come in. We obviously are getting, again, it's an accelerated option for financial services to healthcare and all these customers that have relied on Dell for years, moving to the Cloud, having that trusted name and also that infrastructure that's similar and familiar to them. And then the resilience of the foundation that we have at AWS, I think it works really well together for those customers. >> I think it underscores to the majority of both AWS and in a lot of ways Dell, right. In the early days of Cloud, it was like uh oh, and now it's like oh, actually big market. Customers are demanding this. There's new value that we can create working together. Let's do it. >> Yeah, I mean, it didn't take us that long to get to it, but I'd say we had little fits and starts over the years, and now we've recognized like, this is where the future is. It's going to be Cloud, it's going to be on-prem, it's going to be Edge, it's going to be everything. It's going to be an and world. And so just doing the right thing for customers I think is exactly where we landed. It's a great partnership. >> Do you have a favorite customer story that you think really shines the light on the value of the Dell AWS partnership in terms of the business impact they're making? >> We have several large customers that I can't always like drop the names, but one of them is a very large video game production company. And we do a lot of work together where they're rendering maybe in house, they're sending to a shared location. They're copying data over to S3. They're able to let all their editors access that. They bring it back when it's compressed down a little bit and deliver that. We're also doing a lot of work with, I think I can say this, Amazon Thursday night football games. So what they've done there, it's a partner of ours working with AWS. All the details inside of that roaming truck that they drive around, there's a lot of Dell gear within there, and then everything connects back to AWS for that exact same kind of model. We need to get to the editors on a nightly basis. They're also streaming directly form that truck while they're enabling the editors to access a shared copy of it, so it's really powerful stuff. >> Thursday night prime is pretty cool. You know, some people are complaining cause I can't just switch channels during the commercials. It's like, first of all, you can. Second of all, the stats are unbelievable, right. You can just do your own replay when you want to. There's some cool innovations there. >> Oh yeah, absolutely. >> Very cool innovations. I've got one more question for each of you before we wrap. Marc, a question for you, we're making a fun Instagram reel. So think about a sizzle reel of if you were to summarize the show so far, what is AWS's message to its massive audience this year? >> Well, that's a big question. Because we have such a wide, as we mentioned, such a wide ranging audience. I really see a couple key trends that we're trying to address. One is, again don't forget, I'm a storage guy, so it's going to come from an angle from data, right. So, I think it's just this volume of data and that customers are bringing into the Cloud, either moving in from enterprises today or organically, just growing. You know, a couple years ago, megabytes were a lot, and now, you know, we're talking about petabytes every day. Soon it's going to be exo bytes are going to become the norm. So the big, I'd say, point one is the trend that I see is just the volume of data. And so what we're doing to address that is obviously we talked a little bit about S3 and being able to manage volumes of data, but also things like DataZone that we introduced because customers are looking to make sure that the right governance and controls to be able to access that data. So I think that's one big thing that I see the theme for the show today. The second thing is around, as I said, really these enterprise customers really wanted to move in these mission critical applications into the Cloud, and having that infrastructure to be able to support that easily from what they're doing today and move in quickly. The third area is around data protection, making sure the data protection and malware recovery, that's the theme that we see is really unfortunately that's today. But being able to recover quickly, both having native services and native offerings just built in resiliency into the core platforms, like S3 with object application, et cetera. And also partnering with Dell with cyber recovery and some of the solutions with Dell. >> Excellent, and Brian, last question for you. A bumper sticker that succinctly and powerfully describes why Dell and AWS are such awesome partners for customer issues. >> Best of both worlds, right? >> Lisa: Mic drop. >> Mic drop, done. >> That's awesome. You said that a lot more succinctly. (people laughing) >> Enterprise in Cloud, Cloud comin' to enterprise. >> Yeah, leader meets leader, right? >> Yeah, right. >> Love it, leader meets leader. Guys, it's been a pleasure having you on theCUBE. We appreciate hearing the latest from AWS and Dell from a storage perspective and from a Cloud perspective and how you're helping customers manage the explosion of data that's not going to slow down. We really appreciate you coming by the set. >> Thank you. >> Great, thanks so much, appreciate it. >> My pleasure. For our guests and Dave Vellante, I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage. (techno music)

(gentle music) >> Hello, beautiful humans and welcome back to fabulous Las Vegas, where we are combating the dry air of the desert and all giggling about the rasp of our voice at this stage. We're theCUBE and we are live from AWS reinvent. I am Savannah Peterson, joined by the fabulous Paul Gillin. Paul, how are you holding up? How are your feet doing? >> My feet are, I can't feel them anymore. (both laugh) >> We can't feel much after these feet. >> Two miles. Just to get from, just to get to to the keynotes this morning. >> Did you do your cross training to prepare >> For, >> Apparently not well enough. (Savannah laughs) Not well enough. >> Well, it's great to have you here >> likewise. and I'm very excited for our next conversation. We've got Ramesh from Prosimo. >> Thank you. >> Savannah: Welcome to the show. How is the show going for you? How's your voice? >> Oh my God. I woke up this morning and I could not hear my own voice. I'm like, this is not me. I think it's the dry air here, so if I cough, I apologize in advance. But no, the show has been great. It's been nonstop at the booth. It's wonderful to see all the customers in one place so you don't have to schedule lots of meetings spread across three, four weeks. So you get to >> Savannah: Right. I, yeah >> So yesterday was like eight to six, nonstop and it was awesome, right? Because you get to meet all these guys. The other important thing is the focus on the right layer, right? Like, I loved the keynote from Adam. It was about applications, services, data. Nowhere in there was there like infrastructure. Like we are infrastructure, right? I actually love that because that's where the focus should be and that's what customers are caring about right? So it's, it's been great so far. >> Yeah. I'm so happy to hear your booth's packed. I know exactly what you mean. I mean, we're going to be talking about optimization. It's a theme, but we also optimize our time here >> Ramesh: Yeah. >> on the show floor by getting to engage with our community. Prosimo's been around for three years just in case folks aren't familiar, give us the pitch. >> Sure. We are in the cloud networking space, solving for two problems. What happens within the cloud as you bring up VPCs, vnet and workloads, how are they able to talk to each other, secure each other, and how to use those access workloads? Those are the two problems that we solve for. It stemmed from really us seeing a complete diversion in what cloud wants versus what network really focuses on. Cloud has been always focused on applications and speed of operations and network has always been about reliability, scalability, and robust architecture. And we didn't really see these things come together. So that's when prosimo was born. >> So what are some of the surprises newcomers to the cloud may encounter with networking, with cloud networking that was not a factor when they were fully on-prem? >> So the first thing is in the cloud, you can't deal with the workload the same way you dealt with in the data center. In the data center, you usually had pools of service. They were all allocated some level of addressing. And it was not about the workload, it was more about the identity, IP addresses and so forth. In the cloud, those things have completely gotten demolished, right? You have to refer to a S3 service as an S3 service. It's not an IP endpoint. IP endpoint comes and goes, right? >> Savannah: Yeah. >> And so you have to completely shift around that, right? >> Now, this actually challenges almost 10 years, 12, 20 years maybe, of networking that we knew about, right? So that's why cloud networking is almost night and day difference compared to regular networking right? And, we're seeing that and that's what we are really helping customers with. >> What are some of the trends that you're seeing? I, well actually, let me ask you this question. Do you, is there an industry or vertical you work with specifically? I would imagine most people across, >> Ramesh: The Yeah, across. >> Yeah. >> Anybody that has workloads in the cloud right? >> Yeah, right. >> Ramesh: That's, >> I mean I can't imagine any companies that would have that. >> Exactly. (Savannah laughs) >> What are some of the trends that you're seeing? I know we talk about time to value. We talk about cost optimization. Is that the top priority for your customers? >> Yeah. Up until end of last year, a lot of the focus was about speed of operations. And so people would look at what are the type of workloads? How do I enable things? How do I empower my development team? So, if I'm the cloud platform team responsible for connecting, securing and making sure my applications can get deployed smooth and fast, that was the primary focus. Fast forward to this year, we started to see this a little bit at the beginning of the year. Now it's in full force. It's about cost control, right? It's about egress charges coming out of the cloud. Suddenly the cloud bill and every single line item on the cloud bill is in focus, right? And so that has a direct impact on what does this mean for networking. Cloud networking for many may not be familiar, it's about 14% of the cloud bill. And so anything that materially moves the needle on the cloud networking costs can actually have a have a big impact, right? And so we have seen the focus on the speed of operations are still there but cloud cost control has become a big part of it. >> So where are the excesses? I mean, it's, it's a big part of the bill. Where can company, where do companies typically waste money in networking costs? >> So, if you bring a person who understands networking and networking architecture really, really well, they'll can build a solid architecture, but they'll not focus on operations and automation. If you bring a 25 year old, they will automate the heck out of it. They know python day in and day out. And so they'll automate the heck out of it but it will not be with a robust architecture, right? And so you, on one hand, you end up wasting because you do things very suboptimally. It's a solid architecture, it's a really good design but it's really bad for operations. In the other hand, with push of a button you can get anything done but underneath the covers, underneath the hood, if you look at it, it's a mess, right? And so you have more competence than necessary. And so, what customers want is really a best of both, right? You need solid architecture that has all the right principles but also you need the automation so that you don't employ four, five people and a whole toolkit in order to make things work, right? And that's where we see most of the efficiencies come from >> You said you were you were super busy at your booth. Do customers understand that this is a problem now? >> So more so now than I would say last year. The last reinvent when we had a session. >> Yeah. >> We had to educate a lot of people on these are the requirements for cloud networking. Thanks to Gartner, thanks to many of the sessions you guys have been doing as well. The focus and the education for what cloud networking requires has started to come about. Now, this is where the savviness of the customer is important, right? Like there are customers in different stages of their journey. Those that have been operating in the cloud for three years plus, know that they've crossed that initial phase, right? Like you have basic hygiene, you have certain things and moving from hundreds of VPCs to maybe about thousand, right? And so at that time, the set of challenges I need to work with are very, very different, right? So now increasingly we are seeing at the booth the challenges are, "Hey, I know how to operate in the cloud". Right? Like, "Don't talk to me about that." Right? "But how do I get from hundred to a thousand?" Because I have a gun to my head. My CIO has said, I need to decommission my data centers in the next couple of years and I need to go all in on cloud. Help me with that, right? And so it's the, I wouldn't call it like massive scale it's the scale from kind of the trivial to the next stage that's actually causing a lot of these problems to surface. >> It's that layer of transformation. >> Ramesh: Yeah. It's when you've made the commitment and now we've got to catch everything up >> [Ramesh} exactly. >> across the company locations and probably a variety of different silos doing different things. >> Ramesh: Exactly. Yeah. >> Super complex. So, how do folks get started with you? >> Yeah, so typically we start with like, even if the customer says, "Here's what my blueprint looks like." We say, "Bring two regions." That's it, two regions, a few workloads. We'll help you set up the connectivity, set up the secure access required, set up the foundational things There's a certain level of automation, right? Let's get to that point because governance is different. The cloud privileges are different so let's work through all of that, right? Usually this takes about a week or so. The actual proof of concept, proof of value can be done in a day, but getting permissions and what not takes about, about a week, right? And once you show two regions then it's actually game on, right? Then you go from 10 VPCs to a hundred to a thousand and it's just like one to one thing after another. So that's usually how we see customers get started. We have a full stack that covers kind of what does this mean for the network to application services to kind of layer seven and so forth. We tell the customer, as much as we want you to focus on the entire stack, let's start with one, right? Start baby steps, start with one. Because for many, cloud itself is, I wouldn't say new but they're in a region that's not comfortable, right? So you wannna, you don't want to throw too much at them. >> Savannah: Right. >> So we help them kind of progressively move towards different types of workplace. >> Savannah: Yeah. >> And you have a multicloud story as well. >> Ramesh: That's correct. >> So when companies begin to cross clouds with workloads, move them between clouds, what kinds of issues emerge then? >> Yeah, so there are two parts for this, right? There is the AWS and data center and then there is the AWS plus other clouds. Two different set of problems, actually, >> Paul: Hm-hmm. Hm-hmm. The AWS plus connectivity, back into my data center almost every single enterprise. We deal with kind of the global 2000. Every single one of them has that, right? And so we kind of, we go through a series of steps, come up with an architecture, deploy a solution. After that, it's, Hey, I have BigQuery in Google that needs to talk back to an S3 bucket out here. Like, no networking solution can help you with that. Like, you need like cloud native principles in order to come into the picture. So increasingly we are seeing requests for, hey I have a distributed workload. It's not, it's not that one single application is spread across multiple clouds, but I have these islands of workloads that all need to talk to each other. >> Paul: Right. And what I don't want to do is actually build highways that actually connect all these things together because that's a waste of time. I actually want to make sure that only these applications that care about the talking to each other, are allowed to talk to each other. So that's kind of one foundational thing that we see. A few others are around compliance and governance. So we say, Hey, if I'm a retailer, I need to have some workloads in Azure some in the GCP and so forth. So it depends on kind of the industry compliance, regulatory requirements and so forth. >> So many different needs >> Ramesh: Exactly. for so many different types of companies. But also, you know, creating that efficiency is so great. >> Ramesh: Yup. >> And especially that time to value tune, cost reduction >> Ramesh: Yup. doing a lot of great things for your customers. There's a note on my run sheet here that you've seen some success with Topgolf and I suspect we have some golfers in the audience. John even used to be a caddy. We had a caddy segment with someone who was a pro caddy. Drew, when we were at Cape Con. Tell us about that story. >> So it was a really wild idea. We said, okay people are going to be walking around 22,000 steps right? >> Savannah: Yeah. >> And so >> Like Paul, >> And, they're going to be talking to people, listening to sessions. So we said, let's, what do most others do? You set up some time in a restaurant, you come, you have a social time, and what not. We said, let's give people something different. So we reserve the Topgolf here and we opened it up. We initially paid for a certain number of things. It's actually gone three x of that right now. So we had in the Topgolf, can you give us like the entire thing? I think people just want to go do something different, right? >> Savannah: Yeah. >> And of course the topic is important but equally important is like, I just want to have a good time, right? >> Yeah. And if you, hit a few And there you go. >> It doesn't have to relate back to network >> Cloud, network. >> Yeah, exactly. And so >> Well, it's all about building community. >> Exactly. >> And especially right now, we all, you know, we're stronger together. >> Ramesh: Yup. We're entering a unique time, we're coming out of a unique time. >> Ramesh: Exactly. >> And, no, I think that's great. And we actually do a swag segment here on theCUBE, differentiating on the show floor. I mean, it's clear because of how thoughtful you are >> Ramesh: Yeah. there's a reason that your, that your booth is so busy. >> Ramesh: That's right. >> So what's next? What can you, can you give us a little sneak preview? What's coming out for you? >> Yeah, so, I'm sensitive and sympathetic to all the macroeconomic conditions that are happening but there's been, we have not skipped a beat. So our business is growing really well. Thanks to all the things that are happening in the cloud. Increasingly, folks are looking at, you know, how how do I move in mass into the cloud? And so a few themes have come about as a result. One, certainly around cost control. How do I, how do I make, how do we make sure that we help our customers in that journey, right? So we have a few things around those lines. Modernization, especially after you go through the first few workloads, the next few that come about are invariably modern workloads. And modern workloads is this sensitive thing where I think the ultra savvy developers know what to do but the infrastructure guys don't know what to do in order to serve, right? And so we have actually developed a set of capabilities to help with that kind of modernization, right? Because it's not enough if your apps are modernized, your infrastructure that serves the apps also need to be modernized. And so those are the, those are the things and certainly, getting our customers less than us. We want to get our customers to talk. And so you'll see quite a bit of that as well. >> I want to ask you about a statement that was in the notes that we were reading, running up this interview. Zero Trust network access is the next solution that will be disrupted. What do you mean by that? >> So, when we started the company about three years ago, zero test network access was there. It was about maybe two, three years old at that time. And so we said, it needs to be done differently in the cloud. Why? Because you are a user. You're trying to access an application in the cloud. Do you care what's in the middle? You really don't, you just want to be able to open up your laptop, go to dub dub something.com and you should be able to access, right? But that's not how the experience is today. There's invariably something that comes, a middle mile solution that comes in the middle, right? And then the guy needs to operationalize all of that. And that now passes on to you. You need to launch a an agent on your thing, connect into something. It just brings a lot of complexity, right? So we looked at that problem and we said, cloud has done really really a few things really, really well, right? It's literally at your doorstep. Cloud presence is literally at your doorstep. So as you open up your browser, connect from your home, I don't need anything in the middle. I am jumping straight into the cloud. And so when you do that, then you actually have the luxury of bringing a few capabilities to the entry point of the cloud so that security can be done better, posture control can be done better and so on and so forth. So we developed those capabilities almost three years ago. We have quite a few large enterprises that have deployed this. And we fundamentally believe on building on top of the hyperscale network because billions of tens of billions of dollars go into the investment here. And we want to be building a layer of value on top, right? And so we've been working closely with our AWS buddies here and actually built capabilities so that the infrastructure presence, the massive reach and also the underlying capabilities for zero trust are provided. But what the customer regains in terms of value is through our platform, right? And so we'll see a whole lot more innovation along these lines. Probably bad news for the Middle Mile provider who sit in the, in the middle because hey AWS is literally at your doorstep, so you have to rethink your strategy. >> Going to be a lot of agility >> Ramesh: Yes, absolutely. >> In a very different context than we normally use it in Nerdland. And no, I think that's great. So we have, it's an exciting time for you as a company. We have a new challenge here at Reinvent. >> Okay. >> On theCUBE. I know you're a venerable alumni. >> Yep. >> You have been on theCUBE multiple times with multiple companies which is very impressive. Which says a lot about you. Although given how fun this interview's been, I'm not surprised. Give us your 30 second, Instagram real highlight, sound bite on the biggest or most important theme or takeaway from this year's show. >> From this show? Yeah, so if you look across the keynotes in all the sessions, the focus is on data, services and the applications. So the biggest takeaway I would offer anybody is focus on that first because that's where the outcome needs to shine. The rest of the stuff is a means to an end. I am an infrastructure guy through and through, I have been for the last 20 years. It hurts me to say infrastructure is a means to end but it is, right. Let the people dealing with the infrastructure deal with the infrastructure. If you are a customer or a client of the service, focus on the outcome, focus on the apps, focus on the services focus on on the data. That would be the biggest takeaway. >> Savannah: I appreciate your >> Paul: Words of wisdom >> Savannah: transparency. Yeah, no, exactly. Words of wisdom and very honest words of wisdom. Really great to talk to you about intelligent infrastructure. >> Absolutely. >> Savannah: Thank you so much for being on the show, Ramesh. >> Thank you. >> Savannah: It's been, it's been awesome. Paul, it's always a pleasure. >> Likewise. Thank you all for tuning in today here live from the show floor at AWS, reinvent in beautiful sin city, in the high desert and the high end dry desert with Paul Gillin. My name is Savannah Peterson and you're watching theCUBE, the leader in high tech coverage. (gentle music)

(upbeat music) >> Welcome back to Vegas. Lisa Martin and Dave Vellante here with theCUBE live on the Venetian Expo Hall Floor, talking all things AWS re:Invent 2022. This is the first full day of coverage. It is jam-packed here. People are back. They are ready to hear all the new innovations from AWS. Dave, how does it feel to be back yet again in Vegas? >> Yeah, Vegas. I think it's my 10th time in Vegas this year. So, whatever. >> This year alone. You must have a favorite steak restaurant then. >> There are several. The restaurants in Vegas are actually really good. >> You know? >> They are good. >> They used to be terrible. But I'll tell you. My favorite? The place that closed. >> Oh! >> Yeah, closed. In between where we are in the Wynn and the Venetian. Anyway. >> Was it CUT? >> No, I forget what the name was. >> Something else, okay. >> It was like a Greek sort of steak place. Anyway. >> Now, I'm hungry. >> We were at Pure Accelerate a couple years ago. >> Yes, we were. >> When they announced Cloud Block Store. >> That's right. >> Pure was the first- >> In Austin. >> To do that. >> Yup. >> And then they made the acquisition of Portworx which was pretty prescient given that containers have been going through the roof. >> Yeah. >> So I'm sort of excited to have these guys on and talk about that. >> We're going to unpack all of this. We've got one of our alumni back with us, Venkat Ramakrishna, VP of Product, Portworx by Pure Storage. And Dan Kogan joins us for the first time, VP of Product Management and Product Marketing, FlashArray at Pure Storage. Guys, welcome to the program. >> Thank you. >> Hey, guys. >> Dan: Thanks for having us. >> Do you have a favorite steak restaurant in Vegas? Dave said there's a lot of good choices. >> There's a lot of good steak restaurants here. >> I like SDK. >> Yeah, that's a good one. >> That's the good one. >> That's a good one. >> Which one? >> SDK. >> SDK. >> Where's that? >> It's, I think, in Cosmopolitan. >> Ooh. >> Yeah. >> Oh, yeah, yeah, yeah. >> It's pretty good, yeah. >> There's one of the Western too that's pretty. >> I'm an Herbs and Rye guy. Have you ever been there? >> No. >> No. >> Herbs and Rye is off strip, but it's fantastic. It's kind of like a locals joint. >> I have to dig through all of this great stuff today and then check that out. Talk to me. This is our first day, obviously. First main day. I want to get both of your perspectives. Dan, we'll start with you since you're closest to me. How are you finding this year's event so far? Obviously, tons of people. >> Busy. >> Busy, yeah. >> Yeah, it is. It is old times. Bigger, right? Last re:Invent I was at was 2019 right before everything shut down and it's probably half the size of this which is a different trend than I feel like most other tech conferences have gone where they've come back, but a little bit smaller. re:Invent seems to be the IT show. >> It really does. Venkat, are you finding the same? In terms of what you're experiencing so far on day one of the events? >> Yeah, I mean... There's tremendous excitement. Overall, I think it's good to be back. Very good crowd, great turnout, lot of excitement around some of the new offerings we've announced. The booth traffic has been pretty good. And just the quality of the conversations, the customer meetings, have been really good. There's very interesting use cases shaping up and customers really looking to solve real large scale problems. Yeah, it's been a phenomenal first day. >> Venkat, talk a little bit about, and then we'll get to you Dan as well, the relationship that Portworx by Pure Storage has with AWS. Maybe some joint customers. >> Yeah, so we... Definitely, we have been a partner of AWS for quite some time, right? Earlier this year, we signed what is called a strategic investment letter with AWS where we kind of put some joint effort together like to better integrate our products. Plus, kind of get in front of our customers more together and educate them on how going to how they can deploy and build vision critical apps on EKS and EKS anywhere and Outpost. So that partnership has grown a lot over the last year. We have a lot of significant mutual customer wins together both on the public cloud on EKS as well as on EKS anywhere, right? And there are some exciting use cases around Edge and Edge deployments and different levels of Edge as well with EKS anywhere. And there are pretty good wins on the Outpost as well. So that partnership I think is kind of like growing across not just... We started off with the one product line. Now our Portworx backup as a service is also available on EKS and along with the Portworx Data Services. So, it is also expanded across the product lanes as well. >> And then Dan, you want to elaborate a bit on AWS Plus Pure? >> Yeah, it's for kind of what we'll call the core Pure business or the traditional Pure business. As Dave mentioned, Cloud Block Store is kind of where things started and we're seeing that move and evolve from predominantly being a DR site and kind of story into now more and more production applications being lifted and shifted and running now natively in AWS honor storage software. And then we have a new product called Pure Fusion which is our storage as code automation product essentially. It takes you from moving and managing of individual arrays, now obfuscates a fleet level allows you to build a very cloud-like backend and consume storage as code. Very, very similar to how you do with AWS, with an EBS. That product is built in AWS. So it's a SaaS product built in AWS, really allowing you to turn your traditional Pure storage into an AWS-like experience. >> Lisa: Got it. >> What changed with Cloud Block Store? 'Cause if I recall, am I right that you basically did it on S3 originally? >> S3 is a big... It's a number of components. >> And you had a high performance EC2 instances. >> Dan: Yup, that's right. >> On top of lower cost object store. Is that still the case? >> That's still the architecture. Yeah, at least for AWS. It's a different architecture in Azure where we leverage their disc storage more. But in AWS were just based on essentially that backend. >> And then what's the experience when you go from, say, on-prem to AWS to sort of a cross cloud? >> Yeah, very, very simple. It's our replication technology built in. So our sync rep, our async rep, our active cluster technology is essentially allowing you to move the data really, really seamlessly there and then again back to Fusion, now being that kind of master control plan. You can have availability zones, running Cloud Block Store instances in AWS. You can be running your own availability zones in your data centers wherever those may happen to be, and that's kind of a unification layer across it all. >> It looks the same to the customer. >> To the customer, at the end of the day, it's... What the customer sees is the purity operating system. We have FlashArray proprietary hardware on premises. We have AWS's hardware that we run it on here. But to the customer, it's just the FlashArray. >> That's a data super cloud actually. Yeah, it's a data super cloud. >> I'd agree. >> It spans multiple clouds- >> Multiple clouds on premises. >> It extracts all the complexity of the underlying muck and the primitives and presents a common experience. >> Yeah, and it's the same APIs, same management console. >> Dave: Yeah, awesome. >> Everything's the same. >> See? It's real. It's a thing, On containers, I have a question. So we're in this environment, everybody wants to be more efficient, what's happening with containers? Is there... The intersection of containers and serverless, right? You think about all the things you have to do to run containers in VMs, configure everything, configure the memory, et cetera, and then serverless simplifies all that. I guess Knative in between or I guess Fargate. What are you seeing with customers between stateless apps, stateful apps, and how it all relates to containers? >> That's a great question, right? I think that one of the things that what we are seeing is that as people run more and more workloads in the cloud, right? There's this huge movement towards being the ability to bring these applications to run anywhere, right? Not just in one public cloud, but in the data centers and sometimes the Edge clouds. So there's a lot of portability requirements for the applications, right? I mean, yesterday morning I was having breakfast with a customer who is a big AWS customer but has to go into an on-prem air gap deployment for one of their large customers and is kind of re-platforming some other apps into containers in Kubernetes because it makes it so much easier for them to deploy. So there is no longer the debate of, is it stateless versus it stateful, it's pretty much all applications are moving to containers, right? And in that, you see people are building on Kubernetes and containers is because they wanted multicloud portability for their applications. Now the other big aspect is cost, right? You can significantly run... You know, like lower cost by running with Kubernetes and Portworx and by on the public cloud or on a private cloud, right? Because it lets you get more out of your infrastructure. You're not all provisioning your infrastructure. You are like just deploying the just-enough infrastructure for your application to run with Kubernetes and scale it dynamically as your application load scales. So, customers are better able to manage costs. >> Does serverless play in here though? Right? Because if I'm running serverless, I'm not paying for the compute the whole time. >> Yeah. >> Right? But then stateless and stateful come into play. >> Serverless has a place, but it is more for like quick event-driven decision. >> Dave: The stateless apps. >> You know, stuff that needs to happen. The serverless has a place, but majority of the applications have need compute and more compute to run because there's like a ton of processing you have to do, you're serving a whole bunch of users, you're serving up media, right? Those are not typically good serverless apps, right? The several less apps do definitely have a place. There's a whole bunch of minor code snippets or events you need to process every now and then to make some decisions. In that, yeah, you see serverless. But majority of the apps are still requiring a lot of compute and scaling the compute and scaling storage requirements at a time. >> So what Venkat was talking about is cost. That is probably our biggest tailwind from a cloud adoption standpoint. I think initially for on-premises vendors like Pure Storage or historically on-premises vendors, the move to the cloud was a concern, right? In that we're getting out the data center business, we're going all in on the cloud, what are you going to do? That's kind of why we got ahead of that with Cloud Block Store. But as customers have matured in their adoption of cloud and actually moved more applications, they're becoming much more aware of the costs. And so anywhere you can help them save money seems to drive adoption. So they see that on the Kubernetes side, on our side, just by adding in things that we do really well: Data reduction, thin provisioning, low cost snaps. Those kind of things, massive cost savings. And so it's actually brought a lot of customers who thought they weren't going to be using our storage moving forward back into the fold. >> Dave: Got it. >> So cost saving is great, huge business outcomes potentially for customers. But what are some of the barriers that you're helping customers to overcome on the storage side and also in terms of moving applications to Kubernetes? What are some of those barriers that you could help us? >> Yeah, I mean, I can answer it simply from a core FlashArray side, it's enabling migration of applications without having to refactor them entirely, right? That's Kubernetes side is when they think about changing their applications and building them, we'll call quote unquote more cloud native, but there are a lot of customers that can't or won't or just aren't doing that, but they want to run those applications in the cloud. So the movement is easier back to your data super cloud kind of comment, and then also eliminating this high cost associated with it. >> I'm kind of not a huge fan of the whole repatriation narrative. You know, you look at the numbers and it's like, "Yeah, there's something going on." But the one use case that looks like it's actually valid is, "I'm going to test in the cloud and I'm going to deploy on-prem." Now, I dunno if that's even called repatriation, but I'm looking to help the repatriation narrative because- >> Venkat: I think it's- >> But that's a real thing, right? >> Yeah, it's more than repatriation, right? It's more about the ability to run your app, right? It's not just even test, right? I mean, you're going to have different kinds of governance and compliance and regulatory requirements have to run your apps in different kinds of cloud environments, right? There are certain... Certain regions may not have all of the compliance and regulatory requirements implemented in that cloud provider, right? So when you run with Kubernetes and containers, I mean, you kind of do the transformation. So now you can take that app and run an infrastructure that allows you to deliver under those requirements as well, right? So that portability is the major driver than repatriation. >> And you would do that for latency reasons? >> For latency, yeah. >> Or data sovereign? >> Data sovereignty. >> Data sovereignty. >> Control. >> I mean, yeah. Availability of your application and data just in that region, right? >> Okay, so if the capability is not there in the cloud region, you come in and say, "Hey, we can do that on-prem or in a colo and get you what you need to comply to your EDX." >> Yeah, or potentially moves to a different cloud provider. It's just a lot more control that you're providing on customer at the end of the day. >> What's that move like? I mean, now you're moving data and everybody's going to complain about egress fees. >> Well, you shouldn't be... I think it's more of a one-time move. You're probably not going to be moving data between cloud providers regularly. But if for whatever reasons you decide that I'm going to stop running in X Cloud and I'm going to move to this cloud, what's the most seamless way to do? >> So a customer might say, "Okay, that's certification's not going to be available in this region or gov cloud or whatever for a year, I need this now." >> Yeah, or various commercial. Whatever it might be. >> "And I'm going to make the call now, one-way door, and I'm going to keep it on-prem." And then worry about it down the road. Okay, makes sense. >> Dan, I got to talk to you about the sustainability element there because it's increasingly becoming a priority for organizations in every industry where they need to work with companies that really have established sustainability programs. What are some of the factors that you talk with customers about as they have choice in all FlashArray between Pure and competitors where sustainability- >> Yeah, I mean we've leaned very heavily into that from a marketing standpoint recently because it has become so top of mind for so many customers. But at the end of the day, sustainability was built into the core of the Purity operating system in FlashArray back before it was FlashArray, right? In our early generation of products. The things that drive that sustainability of high density, high data reduction, small footprint, we needed to build that for Pure to exist as a company. And we are maybe kind of the last all-flash vendor standing that came ground up all-flash, not just the disc vendor that's refactored, right? And so that's sort of engineering from the ground up that's deeply, deeply into our software as a huge sustainability payout now. And we see that and that message is really, really resonating with customers. >> I haven't thought about that in a while. You actually are. I don't think there's any other... Nobody else made it through the knothole. And you guys hit escape velocity and then some. >> So we hit escape velocity and it hasn't slowed down, right? Earnings will be tomorrow, but the last many quarters have been pretty good. >> Yeah, we follow you pretty closely. I mean, there was one little thing in the pandemic and then boom! It's just kept cranking since, so. >> So at the end of the day though, right? We needed that level to be economically viable as a flash bender going against disc. And now that's really paying off in a sustainability equation as well because we consume so much less footprint, power cooling, all those factors. >> And there's been some headwinds with none pricing up until recently too that you've kind of blown right through. You know, you dealt with the supply issues and- >> Yeah, 'cause the overall... One, we've been, again, one of the few vendors that's been able to navigate supply really well. We've had no major delays in disruptions, but the TCO argument's real. Like at the end of the day, when you look at the cost of running on Pure, it's very, very compelling. >> Adam Selipsky made the statement, "If you're looking to tighten your belt, the cloud is the place to do it." Yeah, okay. It might be that, but... Maybe. >> Maybe, but you can... So again, we are seeing cloud customers that are traditional Pure data center customers that a few years ago said, "We're moving these applications into the cloud. You know, it's been great working with you. We love Pure. We'll have some on-prem footprint, but most of everything we're going to do is in the cloud." Those customers are coming back to us to keep running in the cloud. Because again, when you start to factor in things like thin provisioning, data reduction, those don't exist in the cloud. >> So, it's not repatriation. >> It's not repatriation. >> It's we want Pure in the cloud. >> Correct. We want your software. So that's why we built CBS, and we're seeing that come all the way through. >> There's another cost savings is on the... You know, with what we are doing with Kubernetes and containers and Portworx Data Services, right? So when we run Portworx Data Services, typically customers spend a lot of money in running the cloud managed services, right? Where there is obviously a sprawl of those, right? And then they end up spending a lot of item costs. So when we move that, like when they run their data, like when they move their databases to Portworx Data Services on Kubernetes, because of all of the other cost savings we deliver plus the licensing costs are a lot lower, we deliver 5X to 10X savings to our customers. >> Lisa: Significant. >> You know, significant savings on cloud as well. >> The operational things he's talking about, too. My Fusion engineering team is one of his largest customers from Portworx Data Services. Because we don't have DBAs on that team, it's just developers. But they need databases. They need to run those databases. We turn to PDS. >> This is why he pays my bills. >> And that's why you guys have to come back 'cause we're out of time, but I do have one final question for each of you. Same question. We'll start with you Dan, the Venkat we'll go to you. Billboard. Billboard or a bumper sticker. We'll say they're going to put a billboard on Castor Street in Mountain View near the headquarters about Pure, what does it say? >> The best container for containers. (Dave and Lisa laugh) >> Venkat, Portworx, what's your bumper sticker? >> Well, I would just have one big billboard that goes and says, "Got PX?" With the question mark, right? And let people start thinking about, "What is PX?" >> I love that. >> Dave: Got Portworx, beautiful. >> You've got a side career in marketing, I can tell. >> I think they moved him out of the engineering. >> Ah, I see. We really appreciate you joining us on the program this afternoon talking about Pure, Portworx, AWS. Really compelling stories about how you're helping customers just really make big decisions and save considerable costs. We appreciate your insights. >> Awesome. Great. Thanks for having us. >> Thanks, guys. >> Thank you. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage. (upbeat music)

(bright music) >> Hello cloud computing friends and welcome back to theCUBE, where we are live from Las Vegas, Nevada, here at AWS re:Invent all week. My name is Savannah Peterson, very excited to be joined by Paul Gillan today. How are you doing? >> I'm doing great, Savannah. It's my first re:Invent. >> I was just going to ask you >> So it's quite an experience. >> If you've ever been to re:Invent. >> It's dazzling much like the sequins on your top. It's dazzling. >> Yes. >> It's a jam packed affair. I came to the COMDEX Conference for many years in Las Vegas, which was huge event and this really rivals it in terms of these crowd sizes. But I think there's more intensity here. There's more excitement. People are just jazzed about being here to the extent that I never saw at other computer conferences. >> I thought I would agree with you. It's my first re:Invent as well. I'm glad we could share this experience together. And the vibe, the pulse, I think being back in person is really contagious as well. Ooh, maybe the wrong word to use, but in a great way. The energy is definitely radiating between people here. I'll watch my words a little bit better. >> And in person we have with us Samuel Nicholls, the director of public cloud at Global Product Marketing at Veeam Software. Sam, is it Sam or Samuel? >> Depends if I'm in trouble, Paul. >> Savannah: But it depends on who's saying it out loud. >> Yeah, yeah. It's typically, Samuel is usually reserved for my mother, so- >> Yeah. >> (laughs) Well, Sam, thanks for joining us. >> We'll stick with Sam on the show. >> Yeah. >> So Veeam been a red hot company for several years. Really made its, uh, its reputation in the VMware world. Now you've got this whole-sail shift to the cloud, not that VMware is not important still, but how is that affecting, you're shifting with it, how is that affecting your role as a product manager and the business overall? >> Yeah, it's a fantastic question. Obviously Veeam was pioneered in terms of being the purpose-built backup and recovery company for VMware. And as these workloads are being transitioned from the data center into the cloud or just net new workloads being created in the cloud, there is that equal need for backup and recovery there. So it's incredibly important that we were able to provide a purpose-built backup and recovery solution for workloads that live in AWS as well. >> Paul: And how different is it backing up an AWS workload compared to a VMware workload? >> I think it depends on what kind of service a user is, is, is utilizing, right? There's infrastructure as a service, platform as a service, software as a service. And given the differences in what is exposed to that customer that can make backup and recovery quite challenging. So I would say that the primary thing that we want to look at is utilizing native snapshots is our first line of defense when it comes to backup and recovery, irrespective of what workload that right might be whether it's a virtual machine, Amazon EC2, some sort of database on Amazon RDS, a file share, so on. >> Savannah: I bet you're seeing a lot across verticals and across the industry given the support that you're giving customers. What are you seeing in the market and in customer environments? What are some of those trends? >> So I think the major trends that we highlight in our data protection trend support, which is a new update is coming very shortly in the new year, is- >> Savannah: We have to check that out. >> Yeah, absolutely. The physical server is on a decline within the data center. Virtualized workloads, namely VMware is relatively static, kind of flat. The real hockey stick is with the cloud workloads. And as I mentioned before, that is partially because workloads are being transitioned from physical to virtual machines to being cloud hosted but also we're creating more applications and the cloud has become lead de facto standard for new workloads. So you hear about cloud first initiatives, digital transformation, the cloud is central to that. >> You mentioned snapshotting, which is a relatively new phenomenon, although it's taken a hold rapidly, how does snapshotting work in the cloud versus in on your on-prem environment? >> Samuel: It's not wildly different at all. I think the snapshots is again, a great first line of defense for helping users achieve very low recovery point objectives. So the frequency that they can protect their data as well as very low recovery time objectives, how quickly that I can recover the data. Because that's why we're backing up, right? We need the ability to recover. However, snapshots certainly have their limitations as well. They are not independent of the workload that is being protected. So if there were to be some sort of cybersecurity event like ransomware that is prolific throughout pretty much every business, every vertical. When that snapshot is not independent, if the production system becomes compromised that snapshot's likely to be compromised as well. And then going back to the recovery piece, not going to have something to recover from. >> And it's not a one and done with ransomware. >> No. >> It's, yeah. So how, so what is the role that backup plays? I mean a lot of people, I feel like security is such a hot topic here in the show and just in general, attacks are coming in unique form factors for everyone. I mean, I feel like backup is, no pun intended, the backbone of a system here. How does that affect what you're creating, I mean? >> Yeah, absolutely. I think, like you say the backup is core to any comprehensive security strategy, right? I think when we talk about security, everyone tends to focus on the preventative, the proactive piece, stopping the bad guys from getting in. However, there is that remediative aspect as well because like you say, ransomware is relentless, right? You, you as a good guy have to pretty much fend off each and every single attack that comes your way. And that can be an infinite number of attacks. We're all human beings, we're fallible, right? And sometimes we can't defend against everything. So having a secure backup strategy is part of that remediative recovery component for a cybersecurity strategy is critical. And that includes things like encryption, immutability, logical separation of data and so forth. >> Paul: We know that ransomware is a scourge on-premises, typically begins with the end users, end user workstation. How does ransomware work in the cloud? And do the cloud providers have adequate protections against ransomware? Or can they? >> Samuel: Yeah, it's a, it's a fantastic question as well. I think when we look at the cloud, one of the common misconceptions is as we transition workloads to the cloud, we are transitioning responsibility to that cloud provider. And again, it's a misconception, right? It is a shared responsibility between the cloud provider in this case, AWS and the user. So as we transition these workloads across varying different services, infrastructure, platform, software as a service, we're always, always transitioning varying degrees of responsibility. But we always own our data and it is our responsibility to protect and secure that data, for the actual infrastructure components, the hardware that is on the onus of the cloud provider, so I'd say that's the major difference. >> Is ransomware as big a threat in the cloud as it is on-prem? >> Absolutely. There's no difference between a ransomware attack on-premises or in the cloud. Irrespective of where you are choosing to run your workloads, you need to have that comprehensive cybersecurity strategy in order to defend against that and ultimately recover as well if there's a successful attempt. >> Yeah, it's, ooh, okay. Let's get us out at the dark shadows real quick (laughs) and bring us back to a little bit of the business use case here. A lot of people using AWS. What do you think are some of the considerations, they should have when they're thinking about this, thinking about growing their (indistinct)? >> Well, if we're going to stick down the dark shadows, the cybersecurity piece. >> We can be the darkness. >> You and me kind of dark shadows business. >> Yeah, yeah. >> We can go rainbows and unicorns, nice and happy if you like. I think there's a number of considerations they need to keep up. Security is, is, is number one. The next piece is around the recovery as well. I think folks, when they, when we talk about backup and recovery, the focus is always on the backup piece of it. But again, we need to focus on why we're doing the backup. It's the recovery, it's the recovery component. So making sure that we have a clean verifiable backup that we're able to restore data from. Can we do that in a, in efficient and timely manner? And I think the other major consideration is looking at the entirety of our environments as well. Very few companies are a hundred percent sole sourced on a single cloud provider. It is typically hybrid cloud. It's around 80% of organizations are hybrid, right? So they have their on-premises data and they also have workloads running in one or multiple clouds. And when it comes to backup and recovery of all of these different infrastructures and environments, the way that we approach it is very different. And that often leads to multiple different point products from multiple different vendors. The average company utilizes three different backup products, sometimes as many as seven and that can introduce a management nightmare that's very complex, very resource intensive, expensive. So looking at the entirety of the environment and looking to utilize a backup provider that can cover the entirety of that environment while centralizing everything under a single management console helps folks be a lot more efficient, a lot more cost effective and ultimately better when it comes to data protection. >> Amazon and all cloud providers really are increasingly making regions transparent. Just at this conference, Amazon introduced failover controls from multiple multi-region access points. So you can, you can failover from one access from one region to another. What kind of challenges does that present to you as a backup provider? >> I don't think it represents any challenges. When we look at the native durability of the cloud, we look at availability zones, we look at multi-region failover. That is, that durability is ultimately founded on, on replication. And I wouldn't say that replication and backup, you would use one or the other. I would say that they are complimentary. So for replication, that is going to help with the failover scenario, that durability component. But then backup again is that independent copy. Because if we look at replication, if let's say the source data were to be compromised by ransomware or there was accidental deletion or corruption, that's simply going to be copied over to the target destination as well. Having that backup as an independent copy, again compliments that strategy as well. >> Paul: You need it in either, in any scenario. >> Samuel: In any scenario. >> I think the average person would probably say that backup is not the most exciting technology aspect of this industry. But, but you guys certainly made, build a great business on it. What excites you about what's coming in backup? What are the new technologies, new advancements that perhaps we haven't seen and productized yet that you think are going to change the game? >> I think actually what we offer right now is the most exciting piece which is just choice flexibility. So Veeam again is synonymous with VMware backup but we cover a multitude of environments including AWS, containerized workloads, Kubernetes physical systems and the mobility pieces is critical because as organizations look to act on their digital transformation, cloud first initiatives, they need to be able to mobilize their workloads across different infrastructures, maybe from on-premises into the cloud, one cloud to another, maybe it's cloud back to on-premises, 'cause we do also see that. That flexibility of choice is what excites me about Veeam because it's ultimately giving the users best in class data protection tool sets without any prescriptive approach from us in terms of where you should be running your workloads. That is the choice that you use. >> Yeah, Veeam is definitely more than VMware. We actually had a chance to chat with you all like KubeCon and CloudNativeCon in Detroit. So we, we've seen the multitude of things that you touch. I want to bring it back to something and something kind of fun because you talked a lot about the community and being able to serve them. It's very clear, actually I shouldn't say this, I shouldn't say it's very clear, but to me it appears clear that community is a big priority for Veeam. I just want to call this out 'cause this was one of the cooler pieces of swag. You all gave out a hundred massage guns. Okay, very hot topic. Hot Christmas gift for 2022. I feel like Vanna White right now. And, but I thought that I was actually really compelled by this because we do a swag segment on theCUBE but it's not just about the objects or getting stuff. It's really about who's looking out for their community and how are they saying thanks. I mean, swag is a brand activation but it's also a thank you and I loved that you were giving out massage guns to the AWS Heroes and Community Builders. >> Yep. >> What role does community play in the culture and the product development at Veeam? >> So community has always been at the heart of Veeam. If you have a look at pretty much every single development across all of our versions, across all of our products it's always did by the community, right? We have a wonderful Veeam forum where we got 400,000 plus users actively providing feedback on the product what they would like to see. And that is ultimately what steers the direction of the product. Of course market trends and technology chain. >> A couple other factors, I'm sure. >> A couple of other factors, but community is huge for us. And the same goes for AWS. So, you know, talking with the AWS Heroes, the Community Builders helps Veeam reach further into that, into that community and the AWS user base and empower those folks with data protection tools and massage guns, when your feet are tired from, you know, being standing on them all day in Vegas. >> (laughs) Yeah, well, I mean, everybody, everybody's working hard and it's nice to say, it's nice to say, thank you. So I love, I love to hear that and it's, it's clear from the breadth of products that you're creating, the ways that you're supporting your customers that you already, they care a lot about community. We have a new challenge on theCUBE this year at AWS re:Invent. Think of it as an Instagram reel of your thought leadership, your hot take on the show, key themes as we look into 2023. What do you think is the most important story or trend or thing going on here at the show? >> I think it's just the continuation of cybersecurity and the importance of backup as a comprehensive cybersecurity strategy. You know, some folks might say that secure backup is your last line of defense. Again, ransomware is relentless. These folks are going to keep coming and even if they're successful, it's not a one and done thing. It's going to happen again and again and again. So, you know, we have a look around the show floor, the presentations there is a huge cybersecurity focus and really just what folks should be doing as their best practice to secure their AWS environments. >> That's awesome. Well, Paul, any final, any final thoughts or questions? >> I just quickly, you've mentioned data security, you mentioned data protection and backup sort of interchangeably but they're not really the same thing, are they? I mean, what businesses do you see Veeam as being here? >> I would say that we are a data protection company because of, yes, there is backup, but there's also the replication component. There's the continuous data protection component where we've got, you know, near-zero RTOs and then we again look at the cybersecurity components of that. What can we do to really protect that data? So I would say that the two are different. Backup is a subset of data protection. >> Sam, thank you so much for being here with us on theCUBE. It's been a super insightful conversation. Hopefully we'll get you back soon and more of the teams, there seem to be celebrities here with us on theCUBE. Paul Gillan, thank you so much for being here with me. >> Pleasure Savannah. >> And I'm glad we get to celebrate our first re:Invent and most importantly, thank you to the audience for tuning in. Without you, we don't get to hang out here in fabulous Las Vegas, Nevada, where we're live from the show floor at AWS re:Invent. My name is Savannah Peterson with Paul Gillan. We're theCUBE and we are the leading source for high-tech coverage. (bright music)

>>Hello everyone. Welcome back to the Cube Live, AWS Reinvent 2022. This is our first day of three and a half days of wall to wall coverage on the cube. Lisa Martin here with Dave Valante. Dave, it's getting louder and louder behind us. People are back. They're excited. >>You know what somebody told me today? Hm? They said that less than 15% of the audience is developers. I'm like, no way. I don't believe it. But now maybe there's a redefinition of developers because it's all about the data and it's all about the developers in my mind. And that'll never change. >>It is. And one of the things we're gonna be talking about is app modernization. As customers really navigate the journey to do that so that they can be competitive and, and meet the demands of customers. We've got an alumni back with us to talk about that. AJ Patel joins us, the SVP and GM Modern Apps and Management business group at VMware. Aj, welcome back. Thank >>You. It's always great to be here, so thank you David. Good to see >>You. Isn't great. It's great to be back in person. So the VMware Tansu team here back at Reinvent on the Flow Shore Flow show floor. There we go. Talk about some of the things that you guys are doing together, innovating with aws. >>Yeah, so it's, it's great to be back after in person after multiple years and the energy level continues to amaze me. The partnership with AWS started on the infrastructure side with VMware cloud on aws. And when with tanza, we're extending it to the application space. And the work here is really about how do you make developers productive To your earlier point, it's all about developers. It's all about getting applications in production securely, safely, continuously. And tanza is all about making that bridge between great applications being built, getting them deployed and running, running and operating at scale. And EKS is a dominant Kubernetes platform. And so the better together story of tanu and EKS is a great one for us, and we're excited to announce some sort of innovations in that area. >>Well, Tanu was so front and center at VMware Explorer. I wasn't at in, in VMware Explorer, Europe. Right. But I'm sure it was a similar kind of focus. When are customers choosing Tanu? Why are they choosing Tanu? What's, what's, what's the update since last August when >>We, you know, the market settled into three main use cases. One is all about developer productivity. You know, consistently we're all dealing with skill set gap issues. How do we make every developer productive, modern developer? And so 10 is all about enabling that develop productivity. And we can talk quite a bit about it. Second one is security's front and center and security's being shifted left right into how you build great software. How do you secure that through the entire supply chain process? And how do you run and operationalize secure at runtime? So we're hearing consistently about making secure software supply chain heart of what our solution is. And third one is, how do I run and operate the modern application at scale across any Kubernetes, across any cloud? These are the three teams that are continuing to get resonance and empowering. All of this is exciting. David is this formation of platform teams. I just finished a study with Bain Consulting doing some research for me. 40% of our organization now have some form of a central team that's responsive for, for we call platform engineering and building platforms to make developers productive. That is a big change since about two years ago even. So this is becoming mainstream and customers are really focusing on delivering in value to making developers productive. >>Now. And, and, and the other nuance that I see, and you kinda see it here in the ecosystem, but when you talk about your customers with platform engineering, they're actually building their, they're pointing their business. They gonna page outta aws, pointing their businesses to their customers, right? Becoming software companies, becoming cloud companies and really generating new forms of revenue. >>You know, the interesting thing is, some of my customers I would never have thought as leading edge are retailers. Yeah. And not your typical Starbucks that you get a great example. I have an auto parts company that's completely modernizing how they deliver point of sale all the way to the supply chain. All built on ES at scale. You're typically think of that a financial services or a telco leading the pack. But I'm seeing innovation in India. I'm seeing the innovation in AMEA coming out of there, across the board. Every industry is becoming a product company. A digital twin as we would call it. Yeah. And means they become software houses. Yeah. They behave more like you and I in this event versus a, a traditional enterprise. >>And they're building their own ecosystems and that ecosystem's generating data that's generating more value. And it's just this cycle. It's, >>It's a amazing, it's a flywheel. So innovation continues to grow. Talk about really unlocking the developer experience and delivering to them what they need to modernize apps to move as fast and quickly as they want to. >>So, you know, I think AWS coin this word undifferentiated heavy lifting. If you think of a typical developer today, how much effort does he have to put in before he can get a single line of code out in production? If you can take away all the complexity, typically security compliance is a big headache for them, right? Developer doesn't wanna worry about that. Infrastructure provisioning, getting all the configurations right, is a headache for them. Being able to understand what size of infrastructure or resource to use cost effectively. How do you run it operationally? Cuz the application team is responsible for the operational cost of the product or service. So these are the un you know, heavy lifting that developers want to get away from. So they wanna write great code, build great experiences. And we've always talked about frameworks a way to abstract with the complexity. And so for us, there's a massive opportunity to say, how do I simplify and take away all the heavy lifting to get an idea into production seamlessly, continuously, securely. >>Is that part of your partnership? Because you think about a aws, they're really not about frameworks, they're about primitives. I mean, Warner Vos even talks about that in his, in his speech, you know, but, but that makes it more challenging for developers. >>No, actually, if you look at some of their initial investments around proton and et cetera work, they're starting to do, they're recognized, you know, PS is a bad, bad word, but the outcomes a platform as a service offers is what everybody wants. Just talking to the AWS leaders, responsible area, he actually has a separate build team. He didn't know what to call the third team. He has a Kubernetes team, he has a serverless team and has a build team. And that build team is everything above Kubernetes to make the developer productive. Right. And the ecosystem to bring together to make that happen. So I think AWS is recognizing that primitives are great for the elite developers, but if they want to get the mass scale and adoption in the business, it, if you will, they're gonna have to provide richer set of building blocks and reduce the complex and partnership like ours. Make that a reality. And what I'm excited about is there's a clear gap here, and t's the best platform to kind of fill that gap. Well, >>And I, I think that, you know, they're gonna double down triple, I just wrote about this double down, triple down on the primitives. Yes. They have to have the best, you know, servers and storage and database. And I think the way they, they, I call it taping the seams is with the ecosystem. Correct. You know, and they, nobody has a, a better ecosystem. I mean, you guys are, you know, the, the postage child for the ecosystem and now this even exceeds that. But partnering up, that's how they >>Continue to, and they're looking for someone who's open, right? Yeah. Yeah. And so one of the first question is, you know, are you proprie or open? Because one of the things they're fighting against is the lock in. So they can find a friendly partner who is open source, led, you know, upstream committing to the code, delivering that innovation, and bring the ecosystem into orchestrated choreography. It's like singing a music, right? They're running a, running an application delivery team is like running a, a musical orchestra. There's so many moving parts here, right? How do you make them sing together? And so if Tan Zoo and our platform can help them sing and drive more of their services, it's only more valuable for them. And >>I think the partners would generally say, you know, AWS always talking about customer obsession. It's like becomes this bromine, you go, yeah, yeah. But I actually think in the field, the the sellers would say, yeah, we're gonna do what the customer, if that means we're gonna partner up. Yeah. And I think AWS's comp structure makes it sort >>Of, I learned today how, how incentives with marketplaces work. Yeah. And it is powerful. It's very powerful. Yeah. Right. So you line up the sales incentive, you line up the customer and the benefits, you line up bringing the ecosystem to drive business results and everybody, and so everybody wins. And which is what you're seeing here, the excitement and the crowd is really the whole, all boats are rising. Yeah. Yeah. Right, right. And it's driven by the fact that customers are getting true value out of it. >>Oh, absolutely. Tremendous value. Speaking of customers, give us an example of a customer story that you think really articulates the value of what Tanzi was delivering, especially making that developer experience far simpler. What are some of those big business outcomes that that delivers? >>You know, at Explorer we had the CIO of cvs and with their acquisition of Aetna and CVS Health, they're transforming the, the health industry. And they talked about the whole covid and then how they had to deliver the number of, you know, vaccines to u i and how quickly they had to deliver on that. It talked about Tanu and how they leverage, leverage a Tanza platform to get those new applications out and start to build that. And Ro was basically talking about his number one prior is how does he get his developers more productive? Number to priority? How does he make sure the apps are secure? Number three, priority, how does he do it cost effectively in the world? Particularly where we're heading towards where, you know, the budgets are gonna get tighter. So how do I move more dollars to innovation while I continue to drive more efficiency in my platform? And so cloud is the future. How does he make the best use of the cloud both for his developers and his operations team? Right? >>What's happening in serverless, I, in 2017, Andy Chassy was in the cube. He said if AWS or if Amazon had to build all over again, they would build in, in was using serverless. And that was a big quote. We've mined that for years. And as you were talking about developer productivity, I started writing down all the things developers have to do. Yep. With it, they gotta, they gotta build a container image. They said they gotta deploy an EC two instance. They gotta allocate memory, they gotta fence off the apps in a virtual machine. They gotta run the, you know, compute against the app goes, they gotta pay for all that. So, okay, what's your story on, what's the market asking for in terms of serverless? Because there's still some people who want control over the run time. Help us sift through that. >>And it really comes back to the application pattern or the type you're running. If it's a stateless application that you need to spin up and spin down. Serverless is awesome. Why would I wanna worry about scaling it up in, I wanna set up some SLAs, SLIs service level objectives or, or, or indicators and then let the systems bring the resources I need as I need them. That's a perfect example for serverless, right? On the other hand, if you have a, a more of a workflow type application, there's a sequence, there's state, try building an application using serverless where you had to maintain state between two, two steps in the process. Not so much fun, right? So I don't think serverless is the answer for everything, but many use cases, the scale to zero is a tremendous benefit. Events happen. You wanna process something, work is done, you quietly go away. I don't wanna shut down the server started up, I want that to happen magically. So I think there's a role of serverless. So I believe Kubernetes and servers are the new runtime platform. It's not one or the other. It's about marrying that around the application patterns. I DevOps shouldn't care about it. That's an infrastructure concern. Let me just run application, let the infrastructure manage the operations of it, whether it's serverless, whether it's Kubernetes clusters, whether it's orchestration, that's details right. I I I shouldn't worry about it. Right. >>So we shouldn't think of those as separate architectures. We should think of it as an architecture, >>The continuum in some ways Yeah. Of different application workload types. And, and that's a toolkit that the operator has at his disposal to configure and saying, where does, should that application run? Should I want control? You can run it on a, a conveyance cluster. Can I just run it on a serverless infrastructure and and leave it to the cloud provider? Do it all for me. Sure. What, what was PAs? PAs was exactly that. Yeah. Yeah. Write the code once you do the rest. Yeah. Okay. Those are just elements of that. >>And then K native is kinda in the middle, >>Right? K native is just a technology that's starting to build that capability out in a standards way to make serverless available consistently across all clouds. So I'm not building to a, a lambda or a particular, you know, technology type. I'm building it in a standard way, in a standard programming model. And infrastructure just >>Works for me on any cloud. >>The whole idea portability. Consistency. >>Right. Powerful. Yep. >>What are some of the things that, that folks can expect to learn from VMware Tan to AWS this week at the >>Show? Yeah, so there's some really great announcements. First of all, we're excited to extend our, our partnership with AWS in the area of eks. What I mean by that is we traditionally, we would manage an EKS cluster, you visibility of what's running in there, but we weren't able to manage the lifecycle With this announcement. We can give you a full management of lifecycle of S workloads. Our customers have 400 plus EKS clusters, multiple teams sharing those in a multi-tenanted way with common policy. And they wanna manage a full life cycle, including all the upstream open source component that make up Kubernetes people. That ES is the one thing, it's a collection of a lot of open, open source packages. We're making it simple to manage it consistently from a single place on the security front. We're now making tons of service mesh available in the marketplace. >>And if you look at what service MeSHs, it's an overlay. It's an abstraction. I can create an idea of a global name space that cuts across multiple VPCs. I'm, I'm hearing at Amazon's gonna make some announcements around VPC and how they stitch VPCs together. It's all moving towards this idea of abstractions. I can set policy at logical level. I don't have to worry about data security and the communication between services. These are the things we're now enabling, which are really an, and to make EKS even more productive, making enterprise grade enterprise ready. And so a lot of excitement from the EKS development teams as well to partner closely with us to make this an end to end solution for our >>Customers. Yeah. So I mean it's under chasy, it was really driving those primitives and helping developers under continuing that path, but also recognizing the need for solutions. And that's where the ecosystem comes in, >>Right? And the question is, what is that box? As you said last time, right? For the super cloud, there is a cloud infrastructure, which is becoming the new palette, but how do you make sense of the 300 plus primitives? How do you bring them together? What are the best practices, patterns? How do I manage that when something goes wrong? These are real problems that we're looking to solve. >>And if you're gonna have deeper business integration with the cloud and technology in general, you have to have that >>Abstraction. You know, one of the simple question I ask is, how do you know you're getting value from your cloud investment? That's a very hard question. What's your trade off between performance and cost? Do you know where your security, when a lock 4G happens, do you know all the open source packages you need to patch? These are very simple questions, but imagine today having to do that when everybody's doing in a bespoke manner using the set of primitives. You need a platform. The industry is shown at scale. You have to start standardizing and building a consistent way of delivering and abstracting stuff. And that's where the next stage of the cloud journey >>And, and with the economic environment, I think people are also saying, okay, how do we get more? Exactly. We're in the cloud now. How do we get more? How do we >>Value out of the cloud? >>Exactly. Totally. >>How do we transform the business? Last question, AJ for you, is, if you had a bumper sticker and you're gonna put it on your fancy car, what would it say about VMware tan zone aws? >>I would say tan accelerates apps. >>Love >>It. Thank you so much. >>Thank you. Thank you so much for joining us. >>Appreciate it. Always great to be here. >>Pleasure. Likewise. For our guest, I'm Dave Ante. I'm Lisa Martin. You're watching The Cube, the leader in emerging and enterprise tech coverage.

(upbeat music) >> We are back, approaching the finish line here at Supercomputing 22, our last interview of the day, our last interview of the show. And I have to say Dave Nicholson, my co-host, My name is Paul Gillin. I've been attending trade shows for 40 years Dave, I've never been to one like this. The type of people who are here, the type of problems they're solving, what they talk about, the trade shows are typically, they're so speeds and feeds. They're so financial, they're so ROI, they all sound the same after a while. This is truly a different event. Do you get that sense? >> A hundred percent. Now, I've been attending trade shows for 10 years since I was 19, in other words, so I don't have necessarily your depth. No, but seriously, Paul, totally, completely, completely different than any other conference. First of all, there's the absolute allure of looking at the latest and greatest, coolest stuff. I mean, when you have NASA lecturing on things when you have Lawrence Livermore Labs that we're going to be talking to here in a second it's a completely different story. You have all of the academics you have students who are in competition and also interviewing with organizations. It's phenomenal. I've had chills a lot this week. >> And I guess our last two guests sort of represent that cross section. Armando Acosta, director of HPC Solutions, High Performance Solutions at Dell. And Matt Leininger, who is the HPC Strategist at Lawrence Livermore National Laboratory. Now, there is perhaps, I don't know you can correct me on this, but perhaps no institution in the world that uses more computing cycles than Lawrence Livermore National Laboratory and is always on the leading edge of what's going on in Supercomputing. And so we want to talk to both of you about that. Thank you. Thank you for joining us today. >> Sure, glad to be here. >> For having us. >> Let's start with you, Armando. Well, let's talk about the juxtaposition of the two of you. I would not have thought of LLNL as being a Dell reference account in the past. Tell us about the background of your relationship and what you're providing to the laboratory. >> Yeah, so we're really excited to be working with Lawrence Livermore, working with Matt. But actually this process started about two years ago. So we started looking at essentially what was coming down the pipeline. You know, what were the customer requirements. What did we need in order to make Matt successful. And so the beauty of this project is that we've been talking about this for two years, and now it's finally coming to fruition. And now we're actually delivering systems and delivering racks of systems. But what I really appreciate is Matt coming to us, us working together for two years and really trying to understand what are the requirements, what's the schedule, what do we need to hit in order to make them successful >> At Lawrence Livermore, what drives your computing requirements I guess? You're working on some very, very big problems but a lot of very complex problems. How do you decide what you need to procure to address them? >> Well, that's a difficult challenge. I mean, our mission is a national security mission dealing with making sure that we do our part to provide the high performance computing capabilities to the US Department of Energy's National Nuclear Security Administration. We do that through the Advanced Simulation computing program. Its goal is to provide that computing power to make sure that the US nuclear rep of the stockpile is safe, secure, and effective. So how we go about doing that? There's a lot of work involved. We have multiple platform lines that we accomplish that goal with. One of them is the advanced technology systems. Those are the ones you've heard about a lot, they're pushing towards exit scale, the GPU technologies incorporated into those. We also have a second line, a platform line, called the Commodity Technology Systems. That's where right now we're partnering with Dell on the latest generation of those. Those systems are a little more conservative, they're right now CPU only driven but they're also intended to be the everyday work horses. So those are the first systems our users get on. It's very easy for them to get their applications up and running. They're the first things they use usually on a day to day basis. They run a lot of small to medium size jobs that you need to do to figure out how to most effectively use what workloads you need to move to the even larger systems to accomplish our mission goals. >> The workhorses. >> Yeah. >> What have you seen here these last few days of the show, what excites you? What are the most interesting things you've seen? >> There's all kinds of things that are interesting. Probably most interesting ones I can't talk about in public, unfortunately, 'cause of NDA agreements, of course. But it's always exciting to be here at Supercomputing. It's always exciting to see the products that we've been working with industry and co-designing with them on for, you know, several years before the public actually sees them. That's always an exciting part of the conference as well specifically with CTS-2, it's exciting. As was mentioned before, I've been working with Dell for nearly two years on this, but the systems first started being delivered this past August. And so we're just taking the initial deliveries of those. We've deployed, you know, roughly about 1600 nodes now but that'll ramp up to over 6,000 nodes over the next three or four months. >> So how does this work intersect with Sandia and Los Alamos? Explain to us the relationship there. >> Right, so those three laboratories are the laboratories under the National Nuclear Security Administration. We partner together on CTS. So the architectures, as you were asking, how do we define these things, it's the labs coming together. Those three laboratories we define what we need for that architecture. We have a joint procurement that is run out of Livermore but then the systems are deployed at all three laboratories. And then they serve the programs that I mentioned for each laboratory as well. >> I've worked in this space for a very long time you know I've worked with agencies where the closest I got to anything they were actually doing was the sort of guest suite outside the secure area. And sometimes there are challenges when you're communicating, it's like you have a partner like Dell who has all of these things to offer, all of these ideas. You have requirements, but maybe you can't share 100% of what you need to do. How do you navigate that? Who makes the decision about what can be revealed in these conversations? You talk about NDA in terms of what's been shared with you, you may be limited in terms of what you can share with vendors. Does that cause inefficiency? >> To some degree. I mean, we do a good job within the NSA of understanding what our applications need and then mapping that to technical requirements that we can talk about with vendors. We also have kind of in between that we've done this for many years. A recent example is of course with the exit scale computing program and some things it's doing creating proxy apps or mini apps that are smaller versions of some of the things that we are important to us. Some application areas are important to us, hydrodynamics, material science, things like that. And so we can collaborate with vendors on those proxy apps to co-design systems and tweak the architectures. In fact, we've done a little bit that with CTS-2, not as much in CTS as maybe in the ATS platforms but that kind of general idea of how we collaborate through these proxy applications is something we've used across platforms. >> Now is Dell one of your co-design partners? >> In CTS-2 absolutely, yep. >> And how, what aspects of CTS-2 are you working on with Dell? >> Well, the architecture itself was the first, you know thing we worked with them on, we had a procurement come out, you know they bid an architecture on that. We had worked with them, you know but previously on our requirements, understanding what our requirements are. But that architecture today is based on the fourth generation Intel Xeon that you've heard a lot about at the conference. We are one of the first customers to get those systems in. All the systems are interconnected together with the Cornell Network's Omni-Path Network that we've used before and are very excited about as well. And we build up from there. The systems get integrated in by the operations teams at the laboratory. They get integrated into our production computing environment. Dell is really responsible, you know for designing these systems and delivering to the laboratories. The laboratories then work with Dell. We have a software stack that we provide on top of that called TOSS, for Tri-Lab Operating System. It's based on Redhead Enterprise Linux. But the goal there is that it allows us, a common user environment, a common simulation environment across not only CTS-2, but maybe older systems we have and even the larger systems that we'll be deploying as well. So from a user perspective they see a common user interface, a common environment across all the different platforms that they use at Livermore and the other laboratories. >> And Armando, what does Dell get out of the co-design arrangement with the lab? >> Well, we get to make sure that they're successful. But the other big thing that we want to do, is typically when you think about Dell and HPC, a lot of people don't make that connection together. And so what we're trying to do is make sure that, you know they know that, hey, whether you're a work group customer at the smallest end or a super computer customer at the highest end, Dell wants to make sure that we have the right setup portfolio to match any needs across this. But what we were really excited about this, this is kind of our, you know big CTS-2 first thing we've done together. And so, you know, hopefully this has been successful. We've made Matt happy and we look forward to the future what we can do with bigger and bigger things. >> So will the labs be okay with Dell coming up with a marketing campaign that said something like, "We can't confirm that alien technology is being reverse engineered." >> Yeah, that would fly. >> I mean that would be right, right? And I have to ask you the question directly and the way you can answer it is by smiling like you're thinking, what a stupid question. Are you reverse engineering alien technology at the labs? >> Yeah, you'd have to suck the PR office. >> Okay, okay. (all laughing) >> Good answer. >> No, but it is fascinating because to a degree it's like you could say, yeah, we're working together but if you really want to dig into it, it's like, "Well I kind of can't tell you exactly how some of this stuff is." Do you consider anything that you do from a technology perspective, not what you're doing with it, but the actual stack, do you try to design proprietary things into the stack or do you say, "No, no, no, we're going to go with standards and then what we do with it is proprietary and secret."? >> Yeah, it's more the latter. >> Is the latter? Yeah, yeah, yeah. So you're not going to try to reverse engineer the industry? >> No, no. We want the solutions that we develop to enhance the industry to be able to apply to a broader market so that we can, you know, gain from the volume of that market, the lower cost that they would enable, right? If we go off and develop more and more customized solutions that can be extraordinarily expensive. And so we we're really looking to leverage the wider market, but do what we can to influence that, to develop key technologies that we and others need that can enable us in the high forms computing space. >> We were talking with Satish Iyer from Dell earlier about validated designs, Dell's reference designs for for pharma and for manufacturing, in HPC are you seeing that HPC, Armando, and is coming together traditionally and more of an academic research discipline beginning to come together with commercial applications? And are these two markets beginning to blend? >> Yeah, I mean so here's what's happening, is you have this convergence of HPC, AI and data analytics. And so when you have that combination of those three workloads they're applicable across many vertical markets, right? Whether it's financial services, whether it's life science, government and research. But what's interesting, and Matt won't brag about, but a lot of stuff that happens in the DoE labs trickles down to the enterprise space, trickles down to the commercial space because these guys know how to do it at scale, they know how to do it efficiently and they know how to hit the mark. And so a lot of customers say, "Hey we want what CTS-2 does," right? And so it's very interesting. The way I love it is their process the way they do the RFP process. Matt talked about the benchmarks and helping us understand, hey here's kind of the mark you have to hit. And then at the same time, you know if we make them successful then obviously it's better for all of us, right? You know, I want to secure nuclear stock pile so I hope everybody else does as well. >> The software stack you mentioned, I think Tia? >> TOSS. >> TOSS. >> Yeah. >> How did that come about? Why did you feel the need to develop your own software stack? >> It originated back, you know, even 20 years ago when we first started building Linux clusters when that was a crazy idea. Livermore and other laboratories were really the first to start doing that and then push them to larger and larger scales. And it was key to have Linux running on that at the time. And so we had the. >> So 20 years ago you knew you wanted to run on Linux? >> Was 20 years ago, yeah, yeah. And we started doing that but we needed a way to have a version of Linux that we could partner with someone on that would do, you know, the support, you know, just like you get from an EoS vendor, right? Security support and other things. But then layer on top of that, all the HPC stuff you need either to run the system, to set up the system, to support our user base. And that evolved into to TOSS which is the Tri-Lab Operating System. Now it's based on the latest version of Redhead Enterprise Linux, as I mentioned before, with all the other HPC magic, so to speak and all that HPC magic is open source things. It's not stuff, it may be things that we develop but it's nothing closed source. So all that's there we run it across all these different environments as I mentioned before. And it really originated back in the early days of, you know, Beowulf clusters, Linux clusters, as just needing something that we can use to run on multiple systems and start creating that common environment at Livermore and then eventually the other laboratories. >> How is a company like Dell, able to benefit from the open source work that's coming out of the labs? >> Well, when you look at the open source, I mean open source is good for everybody, right? Because if you make a open source tool available then people start essentially using that tool. And so if we can make that open source tool more robust and get more people using it, it gets more enterprise ready. And so with that, you know, we're all about open source we're all about standards and really about raising all boats 'cause that's what open source is all about. >> And with that, we are out of time. This is our 28th interview of SC22 and you're taking us out on a high note. Armando Acosta, director of HPC Solutions at Dell. Matt Leininger, HPC Strategist, Lawrence Livermore National Laboratories. Great discussion. Hopefully it was a good show for you. Fascinating show for us and thanks for being with us today. >> Thank you very much. >> Thank you for having us >> Dave it's been a pleasure. >> Absolutely. >> Hope we'll be back next year. >> Can't believe, went by fast. Absolutely at SC23. >> We hope you'll be back next year. This is Paul Gillin. That's a wrap, with Dave Nicholson for theCUBE. See here in next time. (soft upbear music)

(bright music) >> Okay, we're back. With Jeff and Travis Vigil to dig deeper into the news. Guys, again, good to see you. Travis, if you could, maybe before we get into the news, can you set the business context for us? What's going on out there? >> Yeah, thanks for that question, Dave. To set a little bit of the context when you look at the data protection market, Dell has been a leader in providing solutions to customers for going on nearly two decades now. We have tens of thousands of people using our appliances. We have multiple thousands of people using our latest, modern, simple power protect data manager software. And as Jeff mentioned, we have, you know, 1700 customers protecting 14 exabytes of data in the public clouds today. And that foundation gives us a unique vantage point. We talked to a lot of customers. And they're really telling us three things. They want simple solutions, they want us to help them modernize, and they want us as the highest priority, maintain that high degree of resiliency that they expect from our data protection solutions. So that's the backdrop to the news today. And as we go through the news, I think you'll agree that each of these announcements deliver on those pillars. And in particular, today we're announcing the PowerProtect Data Manager Appliance. We are announcing PowerProtect Cyber Recovery enhancements, and we are announcing enhancements to our APEX data storage services. >> Okay, so three pieces, let's dig to that. It's interesting appliance, everybody wants software but then you talk to customers and they're like, "Well, we actually want appliances because we just want to put it in and it works, and performs great." So what do we need to know about the appliance? What's the news there? >> Well, you know, part of the reason I gave you some of those stats to begin with is, that we have this strong foundation of experience, but also intellectual property. Components that we've taken, that have been battle tested in the market. And we've put them together in a new simple, integrated appliance that really combines the best of the target appliance capabilities, we have with that modern, simple software. And we've integrated it from the, you know, sort of taking all of those pieces, putting them together in a simple, easy-to-use and easy-to-scale interface for customers. >> So the premise that I've been putting forth for, you know, months now, probably well over a year, is that data protection is becoming an extension of your cybersecurity strategies. So I'm interested in your perspective on Cyber Recovery, your specific news that you have there? >> Yeah, you know, we are in addition to simplifying things via the appliance. We are providing solutions for customers no matter where they're deploying. And Cyber Recovery, especially, when it comes to cloud deployments, it's an increasing area of interest and deployment that we see with our customers. So what we're announcing today is that we're expanding our Cyber Recovery services to be available in Google Cloud. With this announcement, it means we're available in all three of the major Clouds. And it really provides customers the flexibility to cure their data no matter if they're running, you know, on premises, in a Colo, at the edge in the public cloud. And the other nice thing about this announcement is that you have the ability to use Google Cloud as a Cyber Recovery vault. That really allows customers to isolate critical data and they can recover that critical data from the vault back to on-premises or from that vault back to running their cyber protection, or their data protection solutions in the public cloud. >> I always involve my favorite Matt Baker here, It's not a zero-sum game, but this is a perfect example where there's opportunities for a company like Dell to partner with the public cloud provider. You've got capabilities that don't exist there. You've got the on-prem capabilities. We could talk about Edge all day, but that's a different topic. Okay so my other question, Travis, is how does this all fit into APEX? We hear a lot about APEX as a service it's sort of the new hot thing. What's happening there? What's the news around APEX? >> Yeah, we've seen incredible momentum with our APEX Solutions, since we introduced data protection options into them earlier this year. And we're really building on that momentum with this announcement being, you know, providing solutions that allow customers to consume flexibly. And so what we're announcing specifically is, that we're expanding APEX Data Storage Services to include a data protection option. And it's like with all APEX offers, it's a pay-as-you go solution. Really streamlines the process of customers purchasing, deploying, maintaining and managing their backup software. All a customer really needs to do is, you know, specify their base capacity, they specify their performance tier, they tell us do they want a one-year term, or a three-year term? And we take it from there. We get them up and running, so they can start deploying and consuming flexibly. And as with many of our APEX solutions, it's a simple user experience all exposed through a unified APEX console. >> Okay, so you're keeping a simple, like, I think large, medium, small, you know, we hear a lot about T-shirt sizes. I'm a big fan of that 'cause you guys should be smart enough to figure out, you know, based on my workload, what I need. How different is this? I wonder if you guys could address this, Jeff, maybe you can- >> So, I'll start and then, pitch me, you know, Travis, you jump in when I screw up here so... >> Awesome. >> So first I'd say we offer innovative Multi-cloud data protection solutions. We provide that deliver performance, efficiency and scale that our customers demand and require. We support as Travis at all the major public clouds. We have a broad ecosystem of workload support and I guess the great news is we're up to 80% more cost effective than any of the competition. >> 80%? >> 80%. >> That's a big number. Travis, what's your point of view on this? >> Yeah, I think number one, end-to-end data protection. We, we are that one stop shop that I talked about. Whether it's a simplified appliance, whether it's deployed in the cloud, whether it's at the edge, whether it's integrated appliances, target appliances, software we have solutions that span the gamut as a service. I mentioned the APEX solution as well. So really we can provide solutions that helps support customers and protect them, any workload, any cloud, anywhere that data lives, Edge core to cloud. The other thing that we're here, as a big differentiator for Dell and Jeff touched on this a little bit earlier, is our intelligent cyber resiliency. We have a unique combination in the market where we can offer immutability or protection against deletion as sort of that first line of defense. But we can also offer a second level of defense which is isolation, talking about data vaults or cyber vaults and Cyber Recovery. And more importantly, the intelligence that goes around that vault. It can look at detecting cyber-attacks, it can help customer speed time to recovery and really provides AI and ML to help early diagnosis of a cyber-attack and fast recovery should a cyber-attack occur. And you know, if you look at customer adoption of that solution specifically in the clouds, we have over 1300 customers utilizing PowerProtect Cyber Recovery. >> So I think it's fair to say that your, I mean your portfolio has obviously been a big differentiator whenever I talk to, you know your finance team, Michael Dell, et cetera that an end-to-end capability that that your ability to manage throughout the supply chain. We actually just did an event recently with you guys where you went into what you're doing to make infrastructure trusted. And so my take on that is, in a lot of respects, you're shifting, you know, the client's burden to your R&D, and now, they have a lot of work to do, so it's not like they can go home and just relax, but that's a key part of the partnership that I see. Jeff, I wonder if you could give us the final thoughts. >> Sure, Dell has a long history of being a trusted partner within IT, right? So we have unmatched capabilities, going back to your point, we have the broadest portfolio, we have, you know, we're a leader in every category that we participate and we have a broad deep breadth of portfolio. We have scale, we have innovation that is just unmatched. Within data protection itself, we have the trusted market leader, no if and or buts. We're a number one for both data protection software in appliances per IDC. And we were just named, for the 17th consecutive time the leader in the Gartner Magic Quadrant. So bottom line is customers can count on Dell. >> Yeah. And I think again, we're seeing the evolution of data protection. It's not like the last 10 years, it's really becoming an adjacency and really a key component of your cyber strategy. I think those two parts of the organization are coming together. So guys, really appreciate your time. Thanks for (indistinct). >> Thank you, sir. Thanks, Travis, good to see you. All right, in a moment, I'm going to come right back and summarize what we learned today, what actions you can take for your business. You're watching "The Future of Multicloud Data Protection" made possible by Dell and collaboration with the Cube, your leader in enterprise and emerging tech coverage, right back. (upbeat music) >> In our data driven world. Protecting data has never been more critical, to guard against everything from cyber incidents to unplanned outages. You need a cyber resilient multi-cloud data protection strategy. >> It's not a matter of if you're going to get hacked, it's a matter of when. And I want to know that I can recover and continue to recover each day. >> It is important to have a cyber security and a cyber resiliency plan in place, because the threat of cyber-attack are imminent. >> PowerProtects Data manager from Dell Technologies helps deliver the data protection and security confidence you would expect from a trusted we chose PowerProtect Data Manager because we've been on strategic partner with Dell Technologies, for roughly 20 years now. Our partnership with Dell Technologies has provided us with the ability to scale, and grow as we've transition from 10 billion in assets to 20 billion. >> With PowerProtect Data Manager, you can enjoy exceptional ease of use to increase your efficiency and reduce costs. >> Got installed it by myself, learn it by myself, with very intuitive >> While restoring a machine with PowerProtect Data Manager is fast. We can fully manage PowerProtect through the center. We can recover a whole machine in seconds. >> Data Manager offers innovation such as Transparent Snapshots to simplify virtual machine backups and it goes beyond backup and restore to provide valuable insights and to protected data, workloads and VMs. >> In our previous environment, it would take anywhere from three to six hours a night to do a single backup of each VM. Now we're backing up hourly and it takes two to three seconds with the Transparent Snapshots. >> With PowerProtect's Data Manager, you get the peace of mind knowing that your data is safe and available whenever you need it. >> Data is extreme important. We can't afford to lose any data. We need things just to work. >> Start your journey to modern data protection with Dell PowerProtect Data Manager. Visit dell.com/powerprotectdatamanager. >> We put forth the premise in our introduction that the worlds of data protection and cyber security must be more integrated. We said that data recovery strategies have to be built into security practices and procedures and by default, this should include modern hardware and software. Now in addition, to reviewing some of the challenges that customers face, which have been pretty well documented, we heard about new products that Dell Technologies is bringing to the marketplace. Specifically, address these customer concerns. There were three that we talked about today. First, the PowerProtect Data Manager Appliance, which is an integrated system. Taking advantage of Dell's history in data protection but adding new capabilities. And I want to come back to that in a moment. Second is Dell's PowerProtect Cyber Recovery for Google Cloud platform. This rounds out the big three public cloud providers for Dell, which joins AWS and Azure support. Now finally, Dell has made its target backup appliances available in APEX. You might recall earlier this year, we saw the introduction from Dell of APEX backup services. And then in May at Dell Technologies World, we heard about the introduction of APEX Cyber Recovery Services. And today, Dell is making its most popular backup appliances available in APEX. Now I want to come back to the PowerProtect Data Manager Appliance because it's a new integrated appliance. And I asked Dell off camera, really, what is so special about these new systems and what's really different from the competition because look, everyone offers some kind of integrated appliance. So I heard a number of items Dell talked about simplicity and efficiency and containers and Kubernetes. So I kind of kept pushing and got to what I think is the heart of the matter in two really important areas. One is simplicity. Dell claims that customers can deploy the system in half the time relative to the competition. So we're talking minutes to deploy and of course, that's going to lead to much simpler management. And the second real difference I heard, was backup and restore performance for VMware workloads. In particular, Dell has developed transparent snapshot capabilities to fundamentally change the way VMs are protected which leads to faster backup and restores with less impact on virtual infrastructure. Dell believes this new development is unique in the market, and claims that in its benchmarks, the new appliance was able to back up 500 virtual machines in 47% less time compared to a leading competitor. Now this is based on Dell benchmarks so hopefully these are things that you can explore in more detail with Dell to see if and how they apply to your business. So if you want more information go to the Data Protection page at Dell.com. You can find that at dell.com/dataprotection. And all the content here and all the videos are available on demand at thecube.net. Check out our series, on the blueprint for trusted infrastructure it's related and has some additional information. And go to siliconangle.com for all the news and analysis related to these and other announcements. This is Dave Vellante. Thanks for watching "The Future of Multi-cloud Protection." Made possible by Dell in collaboration with the Cube your leader in enterprise and emerging tech coverage. (upbeat music)