(upbeat music) >> From our studios in the heart of Silicon Valley, Palo Alto, California this is a CUBE Conversation. >> Hi I'm Peter Burris and welcome to another CUBE Conversation. from our Palo Alto studios. Now as we do with all CUBE Conversations, we want to have a great conversation about an interesting topic with a thought leader in the industry and that's exactly what we're doing today. The topic we're going to breach is why is it that networking remains so expensive. If we go back over the past 20 years of computing, we've seen dramatic price performance improvements in virtually every single sector of infrastructure, but networking persists as a relatively expensive technology arena despite the fact that we're moving into an era that is going to become increasingly depending upon networks and to better understand both what the nature of the problem is and how we're going to move forward with a solution, we've got Dominic Wilde with us today. Dominic is a CEO of SnapRoute. Dominic, welcome back to theCUBE. >> Thank you. Great to be here. >> So tell us, let's start. Tell us a little bit about SnapRoute. Tell us about yourself and SnapRoute and then we'll get into it. >> Sure, sure. So SnapRoute is delivering basically a new paradigm in network operating systems. We're delivering a cloud native network operating system that's designed from the ground up to integrate in this, into this new world of cloud architecturally. It's a fully containerized microservices architecture from the ground up. And what that does is it enables an operator to deliver fast time-to-service for applications, to always be secure and up-to-date with security compliance and also to drive significant operational efficiencies as well. So we believe that we have a really strong value proposition for the industry here, particularly in the age of cloud. But we're also marrying to that architectural innovation some economic innovation as well. An economic disruption and we believe that the time is really right here for networking to step up its game effective. >> Oh let's talk a bit about that 'cause if I'm a CIO, >> Yeah. >> every year for a variety of reasons, every other business comes to me and says, okay, you got to give me back 10%. We want you to do more. And more is law and other physical features of how computing work has been very kind to me. >> Right. >> I've been able to provide some of that back because I was able to get cheaper servers and then open source allowed me to get cheaper operating systems and even applications got cheaper and then SAS comes along and the cloud comes along. Networking is a hold out. Why has networking been the hold out? >> Yeah, well simply stated, I think it's because networking has not embraced or driven software economics, whereas compute has in many different aspects, if you look at the sort of timeline of what's happened in recent history in compute and so to parallel that with networking, compute got Linux. And that gave an architectural innovation, it gave greater control and the opportunity for operators to innovate on their own. But it also drove this big economic disruption. The prices really came down. Then came virtualization, of course there was the opportunity there to drive down that the prices again because I don't need five servers I only need one. And another great innovation in terms of operator control. And here we are now in the age of containers and cloud native and get much greater, sort of performance benefits of going containers on bare metal and so all of these things have happened where you have an architectural innovation married together with an economic innovation >> at the software level >> At the software level. And this has not happened in networking because in networking we've continued to really treat the network as an appliance. Its proprietary integrated packaged switches, routers, et cetera. And quite frankly, we got Linux. We got Linux in networking but the price has gone up because there was, APIs are introduced and programmability, and there's much greater value there so therefore were charged more. And then virtualization came along, and SDN, the SDN movement. And there was great hope, I think, in the industry that this would drive a real sort of economic revolution in networking. But what happened was that, rather than really addressing the actual network itself and the software issues with the network itself that make it brittle and very difficult to manage, we got overlays and we added overlays over the top and abstracted the underlying network and added more layers of complexity and expense. And then here we are in the container age and one of the things that we've done here at SnapRoute is we've said, look, you know, let's embrace containers fundamentally and let's build an operating system using that technology with DevOps principles to deliver an architecture that lends itself to the task at hand, which is the move to cloud and how can we enable organizations to move quickly to cloud. And let's face it. Cloud is a distributed architecture and so >> Very much so. >> by building a network operating system with an architecture that is essentially a distributed architecture, it gives us some advantages. But let's marry together that, let's put the economic, software economics in there as well. And quite frankly we tried this around about the time of virtualization, the sort of white box networking movement happened and again there was great hope that, hey this means I can get cheaper networking. >> But we'll explain that. White box, you mean, is that effectively you're able to get commodity hardware >> Yeah. >> and hopefully you could just drop your network operating system software on top of it and replace these full stack switches and these full stack riders that were supporting 50, 60% margins. >> That's right, exactly right. And I can go direct to an ODM. I can buy the hardware at the same, if I buy the volumes at the same cost that an OEM would buy them at, go find myself some software or software operating system and put it on top, up I go, it should be cheaper. The reality was that what happened in the industry is that the software that you could buy, the disaggregated software operating systems absorbed the savings that you got from a lower-cost hardware and so everything evened out and actually, quite frankly the white box has not delivered on its promise. It has for the hyperscale vendors who are buying a massive, massive volume and are building their own operating systems, built for purpose, but in the broader industry we haven't seen those advantages. And so what we did at SnapRoute is we took a big step back and we said, look, if you really need software economics here then as a software company we need to step up. We need to be >> You're a software company and not a networking company. >> We're a software company, I mean, at the end of the day, we're delivering a network operating system >> Got it. >> but we view it as it's an application >> Sure. >> And the architecture we've built is not a traditional monolithic Linux sort of blob as it were. We've really embraced the DevOps culture, the DevOps paradigms. We've been embraced all this sort of, the application and software developer paradigms of how you build a state-of-the-art cloud class application today. And that's what we've done with the network operating system. We've taken that approach to deliver what is effectively a distributed application. >> So let's build on that a little bit because the, as you said, the white box approach doesn't work that well in the networking world largely because some of these network operating systems companies were delivering these very large monolithic pieces of software >> Right. >> that really were just layers on top of the network that often people didn't need and generated a significant amount of lock-in so that was always questionable to begin with. The approach that you're taking, using containers, modern software techniques, cloud native approaches, allows, it seems to be two benefits, let me see if I got this right. >> Yeah, sure. >> Benefit number one is it looks like a set of programmable services to the DevOps world, which is good. >> Yeah. >> And number two because it doesn't have this monolithic footprint you can appropriately skinny it up so that it now does make sense >> Right. >> to think in terms of a new economic model. >> Yeah. >> because you can get access to the services you want, you don't have the security, you don't have the footprint associated with... >> Yeah. >> Talk about that. >> Yeah it's, I mean, it's if you look at it architecturally and you're spot on it but if you look at it architecturally and let's for a moment empathize with the net ops teams because their job has been to take something, take a network using tools and products that the industry have given them and try to live in a very dynamic world, the cloud world, the new class of enterprise. But what they've been given is a set of tools and a set of products that only enable them to build a very static and very brittle, distributed sort of, system, distributed network. And these are, they just haven't had the tools to work with. >> They're largely separate from the services that were running on the network. >> Very much so. The net ops has been siloed, the network is more siloed. Our founders came from Apple, where they ran Apple's biggest data centers and one of things they tell me is that the sort of peer pressure and stuff was that if there was a security vulnerability that had to be patched or something that the DevOps team would come in, the compute team would sort of say, okay, we can patch that in couple of hours, a couple of days at worst. And there's the networking team, they would sit there and in the corner of the room, very shy, sort of saying, well it will take us several weeks to get back to you with a plan for a plan and then we've got to wait for an outage window and we've got a, and it could take months. And so net ops has had this really, really difficult task of living in this dynamic world with everybody else. But the issue here is that if you can deliver the tools, the set of tools and that means an operating system that is designed to be dynamic in the first place, then you should also not only be able to reduce the operational costs overall because now you enable NetOps teams to move faster and stuff. But you have to be able to deliver an economic value in terms of Opex because otherwise there's no reason for anybody to move. It's probably safer to stay where you are. It's probably, Change, it always comes with some kind of cost and some kind of risk. And by the very nature NetOps teams have become risk-averse because any time they changed anything the network could break so they have had to start live in a world of no. Every time somebody comes to them and says, hey I have an application, I need you to do this, that and the other, the answer is no, because I don't want to change anything. I'm measured on uptime. That is the standard measure that networking teams are measured by. And if I'm measured by uptime then I don't want to change anything. >> Well, the server world we used to talk about how the cost of the change was underwritten by the improvements in price performance and in many respects what you're saying is by taking a new approach you are paying for the cost and risk of the change because you're jumping to a new economic model >> Right. >> that could fundamentally put you on a different vector not only for new economics but also creates new classes of options in the network that's much more cloud-like. >> Yes, exactly. I mean it's, And this is I believe a fundamental of the sort of cloud thinking, cloud mentality and the reason that we're all trying to get to cloud is exactly because it gives you, it gives you more flexibility at a lower cost. I mean, everybody's embracing the public cloud. Now what we've seen is some recent numbers that are coming out of Lyft that they've had to commit 300 million dollars through 2021 to the public cloud provider and those numbers are scary and terrifying for a lot of companies. So going all-in on the public cloud maybe is not the right way to go. But living in a hybrid world where you have some on-prem, you have some public cloud and working out which model is best for your company is the right way to go. And the network has been an inhibitor to that because if you have to have a different on-prem network model than is being used in the cloud and the public cloud or use the virtual services there well now you're adding a bunch of cost operationally 'cause you have to do two different things. You have to figure all this out >> And very importantly you're losing a lot of the options that the cloud provides you and the whole point is to get a better, get a better cost profile to be able to use new techniques and approaches >> Right. >> to building applications but also to be on a vector that provides new types of options in the future so that you don't have to worry about this network having these limits and that network having a different set of limits. And so >> Right. >> it brings a more unified approach to say, this is a common resource to the business that is these profiles, this physical characteristic, these software characteristics, and these economic characteristics. >> Exactly. >> Yeah, it's a service book mentality. It's like, hey I want to have us a set, a list of services that I subscribe to and I just pick and choose. Or innovate new ones and that's been very difficult in the legacy networking world. So yeah, we're, the approach is to come in with this, this architectural change that it enables the innovation, it enables that service mentality. It enables, it frees up the business to be more dynamic, to be more responsive and agile. But give the economic driver. Do it in software economics, allows you to kick-start that, allows you to gain the momentum within your organization to say hey we should try something new because there is enough savings here and there are significant savings here. So to give you an idea. What we deliver at the system level so if you take a white box, an ODM box and you take our software and put the two together. Install one on the other at the system level. We're about 50% the price of any of the legacy, incumbent vendors, so it's half the price now. Previously in white box what people have found is actually when they were trying to do stuff themselves the price is pretty much the same if not a little bit more expensive once you add in the operational costs. So we're really actually giving the opportunity to make white box successful. We're giving the opportunity to deliver control and the opportunity to innovate to operators, but most significantly when you're going to talk to your CFO or your CIO or anybody else we're driving the price down so significantly that >> Well I was doing quick calculation on my head, 50% savings on network and a sizable enterprise translates into about two-tenths of a margin point for the business. >> Yeah. >> Not bad. Dominic Wilde, CEO of SnapRoute. Thanks very much for talking to us on theCUBE today. >> Thanks, mate, thanks. >> And once again I'm Peter Burris and this has been another CUBE Conversation. Until next time. (dramatic music)

>> Live from Las Vegas, it's theCUBE covering VMworld 2018. Brought to you by VMware and it's ecosystem partners. >> Hey, welcome back everyone, we are live here in the broadcast booth presented by theCUBE. I'm John Furrier co-host with Dave Vellante. VMworld 2018, day three of three days of wall-to-wall coverage. Our 9th year covering VMworld and the VMware ecosystem. It's great to have on theCUBE Tom Corn, who's the Senior Vice President, General Manager of the Security Products from VMware. Welcome to theCUBE, good to see you. >> Thank you! >> We were just bantering before we came on that you are part of building AppDefense, one-year-old product. >> Yes, yeah. >> You're in the nerd nation, if you will. >> (chuckles) Yes. (laughter) >> We say that with all due respect, Tom. >> I take it. >> I had to stay for Stanford since the football opening day is Friday, so we'll be tailgating at Stanford, but Palo Alto VMware, tons of technology in VMware, we covered the radio event, which was first opened to the press this year, we were there. Security's number one. Pat Gelsinger has said on theCUBE so many times, even four years ago, he said security's a do-over. But it's more than a do-over, it's central to how the Cloud and on-premises are working. >> Yes. >> Hybrid Cloud validated by Andy Jassy this week. >> Yes. >> With RDS on VMware on premises, pretty major industry milestone there. You're in the middle of the security leading the team. What's the update for VMware, still pumping on all cylinders? >> Uh, I think this is actually, we're making some of the biggest strides forward in security right now. I think there is such a huge opportunity to not make the mistakes we made in the past, and start with a clean slate, do security the way it really, ultimately, makes sense. At the end of the day, we're really not trying to protect servers or networks, we're trying to protect data and applications. And being able to see things through, look at the infrastructure through the lens of the application, the lens of the data, and align security to that, is a huge opportunity to fundamentally make Cloud more secure than a traditional, sort of physical environment. >> So, we, I got a stat from TrendMicro, just came by theCUBE today on the briefing, they said one in six dollars are being spent outside the organization and buying other SAAS platforms. Cloud certainly, with Shadow IT has caused that. Whether it's DropBox, ADS-Bih instances, just stuff flying up there opening up, potential vulnerabilities. Virtual networking is clearly a part of the architecture with virtual machines. So security is really under a lot of pressure, and Micro Segmentation seems to be a hot topic. This is driving a lot of new value as the architecture shifts to Hybrid Cloud, which is such a Cloud Operations. >> Yeah. >> Infosec teams, Net Ops, are all working together now, but it seems more confusing than ever. Can you clarify how companies are organizing around the Cloud, Hybrid Cloud operating model in Multi-Cloud with security? >> Yeah, so, first it's important to understand the central idea behind micro-segmentation is to provide a mechanism to compartmentalize all the elements that compose an application, a regulatory scope, so that if one thing falls, everything doesn't fall, right? The reality is a perimeter of a data center is so porous in so many dimensions that you cannot, your security strategy can't be predicated on anything inside my data center is just fundamentally secure. I think we live in a state of compromise. Deal with it, right? And so, the notion of compartmentalizing an application allows for a limited lateral movement of attacks. It also provides a policy boundary to say, you know, I can place controls on the boundaries of an application and that boundary may not exist in the physical world, but it does in the virtual world. You know, the best analogy I came up with for this is imagine you had an entire company in a skyscraper, now all the employees were in that skyscraper. You could put guards in the front door of that building, and the instructions for them on who gets in and who gets out, or what looks weird in the lobby, pretty straightforward, okay? Now take the employees and spread them out into parts of floors of different buildings all over the city, fill the building that you had with employees from lots of different companies, now there's a bank, a TGI Friday's, a bowling alley, and the FBI. Now tell those guards what looks weird in the lobby. Like, now tell those guards who should get in. Now, suddenly, it gets really confusing, and the ability to say I want to create a virtual skyscraper that will put all the employees in one place, that's the idea behind micro-segmentation. >> Tom, you talked about the Cloud, the potential for the Cloud to be more secure than the traditional environment. In June, John and I were at the public sector summit, and we heard the CEO of the CIA say Cloud, on our worst day, from a security standpoint, is better than my client server. 'Cos the first time I'd heard client server in about ten years, but nonetheless, >> (laughs) That's the government. >> So, (laughs) my question for you is, in terms of, so his implication was, it's already there. What has to be done to bring that level of security to that hybrid world? >> Yeah. First, I would be careful with that statement. I think we are probably right for the average company, the way a Cloud provider would secure the infrastructure on down, is actually very solid. The application's your problem. The data that's running on it is your problem. And that's not quite the same thing, there's a different set of things about what can get access, how that's isolated for other things. So-- >> Let me make sure I understand that. So you're saying, the infrastructure check, but that's not the story. >> And what's above the operating system, my applications, and how data's flowing on that, and there's no good excuse that oh, it was running on such and such infrastructures or service, it's not my problem. It's still the company's problem, right? >> Right. >> So a lot of the basic things of access control, alignment of controls, policy, those are still, ultimately, in the hands of the customer. Now, I do agree that the opportunity is to make the simpler, less misalignment, less misconfigurations, those are tremendous opportunities of the Cloud. >> But there's some conventional wisdom in the industry that says, you know what, it's a fait accompli you're going to get hacked, so it's all about how you respond. I'm inferring from you that no, that's not the case, that you could actually protect the data if you take an application view. >> Yeah. >> Of course, response is important. >> Yeah, but I feel like there's no perfect solution. I guess maybe the best way to think of security is as a risk management exercise. You're going to spend whatever you're going to spend. The question is, are you spreading that like peanut butter on a bunch of stuff, or are you investing your time, money, and capital in the things that would have the most material reduction in risk? There's a wonderful framework that Gartner came up with that I liked that, and Neil Macdonald from Gartner came up with it, which is the, he calls it the Cloud Workload Protection Framework. He's stack ranked all the things you could do to protect the workload, in order of how much risk it gets rid of. The things at the bottom, the big risks, patching, segmentation, application control, protect the memory, encryption, those are all things that have to do with reducing attack surface as opposed to finding the attack of the day. The stuff at the top, you know, antivirus running for a server inside the data server behind all these walls, it's not, it's marginal residual risk, so the focus of VMware, in the security realm, has been we can not only bake security in, so you're not adding boxes, you're not managing agents. More importantly, we're in this unique position to understand where things are supposed to be. You know, for example, the AppDefense product that we launched last year, you mentioned, and we have a bunch of new stuff here, we're leveraging the hypervisor itself to understand the intention of the applications you loaded on it, and then use the hypervisor to say that's all it can do, nothing else. It flips the model completely from saying I'm going to try to find bad things to I'm going to really understand what good it's supposed to be, and that's all that's allowed. >> So you're narrowing the scope with policy, bascially? >> 100%. >> I mean, so this comes up with IOT, I heard a guy saying these light bulbs that are WiFi-enabled have full, multi-process threads, we don't need it, it's a light bulb. It needs to go on and off, so by bounding, by bounding the apps, that's what you're saying. >> That's exactly right. >> Using virtualization mechanisms to do that. >> Exactly right. We've never used it for this before, but the hypervisor kernel does a bunch of pretty amazing things, we just. It can see what's running, it can see what you provisioned in the first place, it can do that without adding an agent, it can do that in a way that can't be turned off, without a lot of overheard, and it can do almost anything in response. So the central idea behind AppDefense was, let's use it, it will tell you what all your VM's are for, now you have an application view that says here are the applications in your infrastructure divided into services, divided into machines, here's what they're supposed to be, tell us what you want to have happen if what's running doesn't match what you intended. That's it. >> Well, technology's perfectly positioned with that. And Pat was mentioning NSX, and I want to ask about that in a second about NSX. >> Yes. >> But I want to put you on the spot and ask the question that comes up all the time. Two factors in security that's hard to get your arms around. >> Yeah. >> One is, patching. Which, you said, you don't patch stuff, so you don't patch up the whole surface area. Two, social engineering. 'Cos you've got human error whether you pass or not, did I configure the bounding properly, that's a human error, batching, I call human error and social engineering. Those are two factors that are still prevalent in security. >> Absolutely. >> Your thoughts on that? >> Well, you can't patch humans, so that is all weak, and then the thing that we can really advance there is to move increasingly to automation, and do things that, candidly, humans probably aren't the best at doing that, but you can't just automate, old, unreliable processes, that just makes them faster, it doesn't necessarily make them better. >> Yeah. >> I think that the key to a lot of this is, >> Automating a bad process still makes it a bad process. >> Yeah, it's just faster. (chuckles) It's more efficient. >> (chuckles) An efficiently bad process. >> Exactly, exactly right. So, you know, I think a lot of the automation and ability to compartmentalize things and, candidly, a lot of the policies, whether it's for patching, etc, when thought of through the lens of an application as opposed to like, what's our policy for patching the patient care system, how often? Is my patient care system unpatched, is different from saying I've got thousands of machines, and some of them are patched and some of them are not, how do I prioritize which ones I should get. It really does, not only simplify things, but align things to a business outcome, which really, it goes back to a risk management decision a business has. >> Ransomware is a great example to your point earlier, I think you said that off-camera as well, is that, you know, you don't want to attack the same treadmill of problems. So ransomware, one guy said that on theCUBE here at another event said that, ransomware's easy, just patch them back up and you're good. >> Yeah. >> That sounds simple, doesn't it? >> Yeah. It-- >> Surface area, patch it, back it up. >> Yeah. Sometimes there's reasons why the patch, that people just don't roll out the updates to an absolute critical server on the trading floor, sometimes they have challenges. But, you know, interesting enough, yesterday we were showing, we had a live, we did a live attack on stage with Petya, with a live strain or ransomware, throwing it against the machine, we showed why it worked, and we were just using AppDefense to say, all right, let's assume you didn't patch it, AppDefense is going to make sure that application can't do anything you didn't intend it to do, the ransomware doesn't work. And it's not because we understand what malware you had there, it's because the malware, to work, has to change. >> I'm thinking about security strategies in general for organizations. You know, given that credential theft is still such a huge problem, are the things that you can do with analytics, because you may have visibility on certain parts from the infrastructure standpoint, that you can do to maybe not stop credential theft, that's bad human behavior, but to identify some anomalous behavior. What's happening with analytics, and what role, if any, does VMware play? >> Yeah, so, again, the central theme, I suppose, is summed up as, we're trying to say, here's your applications and data, what is intended? On the network with NSX, on the compute stack with AppDefense, Workspace One is trying to address that from a user and a device perspective. And the questions one asks for what your discussing is, is this who they say they are, are they on the list of invites, and are they on a trusted device? And those were traditionally silo decisions, separately. And what we're saying is, it's about answering those things in concert that allow us to spot the stuff that doesn't make sense. It's the ability to answer them in concert that allows you to make that less intrusive into the daily activities of the users. So the work that's happening on Workspace One Intelligence to do analytics looking at the device and how the device is behaving, the user, and how the user is, what indication, what risk do we see? This may not be the person or the risk that they're working from a device I might not trust even if I trust who it is. Either of those might tip me off to say, you know what, I might want to limit what they have access to, or this is the place I need to look at first. Again, I think that starts to clarify and put things in context. >> We were talking off-camera about the infosec team and the IT team, and often they're in silos and not talking to each other. What's the right regime, in terms of what you see in the marketplace, of best practice to approach this problem? >> It sort of depends on the size and scope. But the infosec team, often lead by the Chief Security Officer, often, in most organizations that I deal with, own the security operation center, security architecture, and governs it's risk and compliance. They're mostly looking at setting overall policy, and seeing when things are breaking down, and reacting to it. But as you point out, there's a lot of security happening in the infrastructure teams, whether it's firewalling, segmentation, locking down the computer stack, even things like AV running by end user services teams. They're looking to set policy, and things that are getting in the data path, that are about locking things down, and they need to collaborate. They need to, to be effective, they need to each know their roles and operate from a single source of truth, and that's where it's breaking down. In fact, I would take it a step further. The other group that needs to be part of this conversation is the application team. And as we move to Dev Ops, and the applications change very rapidly, it's going to be increasingly important that they collaborate, and not ignore each other as silos. >> Mm-hmm. >> I want to ask you, I know we've got one more question left, but, I want to get out there. You mentioned adaptive segmentation is an extension of where micro-segmentation is going. A lot of buzz here at VMworld on micro-segmentation. What is adaptive segmentation? >> So it's really the next logical evolution. Which is, we've taken some of the technology that we've built with AppDefense, that can figure out and map out the applications. Now we have manifests that say what these things are for, and we know the patient care system is actually all these machines and how they interact. It's basically saying, why don't we have the system program the micro-segment, and do it in an automated way? Now you have a micro-segment that is automatically and perfectly aligned driven from the application itself. And the other beauty is, the adaptive portion, which says, if the application changes, that's pushed down through puppet or chef or it's, or something is modified through patching, to have the system to be smart enough to see that's an update, and that automatically changed the actual segment, and lock the network and compute down. That's what we're doing there. >> What is the impact to the customer? And what is the impact of that? >> It's simpler. Much faster time to actually go in. It's simpler, and it's a much more accurate representation of the application. You lock things down both from lateral and direct attacks, so it's a big deal. >> Okay, final, final question. I always like to get the final question in here. Tom, tell us about a prediction for 2019. Next year VMworld, what are we going to be talking about? What are going to be the security issues on the table? More of the same, rinse and repeat issues? What is your prediction for 2019 in the security world? Well, you know what, I think security's going to get more complicated before it gets simpler. I think we're on the right path, but there are so many moving parts. I think, one thing, I don't think you're going to start seeing people increasingly open to security being delivered as SAAS. Because there's too many benefits of machine learning across populations of users. I think we're going to start to see security models that are, to fool one of us you've got to fool all of us. I think those are the kinds of things that are going to be the needle mover. >> Sounds a great service, security's a service, theCUBE is a service bringing these three days of wall-to-wall coverage, we'll be back with more on day three coverage. I'm John, for Dave, stay with us for more after this short break.