(soft electronic music) >> Hey everyone, welcome to this CUBE conversation as part of the AWS Startup Showcase, season three, episode one, featuring Astronomer. I'm your host, Lisa Martin. I'm in the CUBE's Palo Alto Studios, and today excited to be joined by a couple of guests, a couple of co-founders from Astronomer. Viraj Parekh is with us, as is Paola Peraza-Calderon. Thanks guys so much for joining us. Excited to dig into Astronomer. >> Thank you so much for having us. >> Yeah, thanks for having us. >> Yeah, and we're going to be talking about the role of data orchestration. Paola, let's go ahead and start with you. Give the audience that understanding, that context about Astronomer and what it is that you guys do. >> Mm-hmm. Yeah, absolutely. So, Astronomer is a, you know, we're a technology and software company for modern data orchestration, as you said, and we're the driving force behind Apache Airflow. The Open Source Workflow Management tool that's since been adopted by thousands and thousands of users, and we'll dig into this a little bit more. But, by data orchestration, we mean data pipeline, so generally speaking, getting data from one place to another, transforming it, running it on a schedule, and overall just building a central system that tangibly connects your entire ecosystem of data services, right. So what, that's Redshift, Snowflake, DVT, et cetera. And so tangibly, we build, we at Astronomer here build products powered by Apache Airflow for data teams and for data practitioners, so that they don't have to. So, we sell to data engineers, data scientists, data admins, and we really spend our time doing three things. So, the first is that we build Astro, our flagship cloud service that we'll talk more on. But here, we're really building experiences that make it easier for data practitioners to author, run, and scale their data pipeline footprint on the cloud. And then, we also contribute to Apache Airflow as an open source project and community. So, we cultivate the community of humans, and we also put out open source developer tools that actually make it easier for individual data practitioners to be productive in their day-to-day jobs, whether or not they actually use our product and and pay us money or not. And then of course, we also have professional services and education and all of these things around our commercial products that enable folks to use our products and use Airflow as effectively as possible. So yeah, super, super happy with everything we've done and hopefully that gives you an idea of where we're starting. >> Awesome, so when you're talking with those, Paola, those data engineers, those data scientists, how do you define data orchestration and what does it mean to them? >> Yeah, yeah, it's a good question. So, you know, if you Google data orchestration you're going to get something about an automated process for organizing silo data and making it accessible for processing and analysis. But, to your question, what does that actually mean, you know? So, if you look at it from a customer's perspective, we can share a little bit about how we at Astronomer actually do data orchestration ourselves and the problems that it solves for us. So, as many other companies out in the world do, we at Astronomer need to monitor how our own customers use our products, right? And so, we have a weekly meeting, for example, that goes through a dashboard and a dashboarding tool called Sigma where we see the number of monthly customers and how they're engaging with our product. But, to actually do that, you know, we have to use data from our application database, for example, that has behavioral data on what they're actually doing in our product. We also have data from third party API tools, like Salesforce and HubSpot, and other ways in which our customer, we actually engage with our customers and their behavior. And so, our data team internally at Astronomer uses a bunch of tools to transform and use that data, right? So, we use FiveTran, for example, to ingest. We use Snowflake as our data warehouse. We use other tools for data transformations. And even, if we at Astronomer don't do this, you can imagine a data team also using tools like, Monte Carlo for data quality, or Hightouch for Reverse ETL, or things like that. And, I think the point here is that data teams, you know, that are building data-driven organizations have a plethora of tooling to both ingest the right data and come up with the right interfaces to transform and actually, interact with that data. And so, that movement and sort of synchronization of data across your ecosystem is exactly what data orchestration is responsible for. Historically, I think, and Raj will talk more about this, historically, schedulers like KRON and Oozie or Control-M have taken a role here, but we think that Apache Airflow has sort of risen over the past few years as the defacto industry standard for writing data pipelines that do tasks, that do data jobs that interact with that ecosystem of tools in your organization. And so, beyond that sort of data pipeline unit, I think where we see it is that data acquisition is not only writing those data pipelines that move your data, but it's also all the things around it, right, so, CI/CD tool and Secrets Management, et cetera. So, a long-winded answer here, but I think that's how we talk about it here at Astronomer and how we're building our products. >> Excellent. Great context, Paola. Thank you. Viraj, let's bring you into the conversation. Every company these days has to be a data company, right? They've got to be a software company- >> Mm-hmm. >> whether it's my bank or my grocery store. So, how are companies actually doing data orchestration today, Viraj? >> Yeah, it's a great question. So, I think one thing to think about is like, on one hand, you know, data orchestration is kind of a new category that we're helping define, but on the other hand, it's something that companies have been doing forever, right? You need to get data moving to use it, you know. You've got it all in place, aggregate it, cleaning it, et cetera. So, when you look at what companies out there are doing, right. Sometimes, if you're a more kind of born in the cloud company, as we say, you'll adopt all these cloud native tooling things your cloud provider gives you. If you're a bank or another sort of institution like that, you know, you're probably juggling an even wider variety of tools. You're thinking about a cloud migration. You might have things like Kron running in one place, Uzi running somewhere else, Informatics running somewhere else, while you're also trying to move all your workloads to the cloud. So, there's quite a large spectrum of what the current state is for companies. And then, kind of like Paola was saying, Apache Airflow started in 2014, and it was actually started by Airbnb, and they put out this blog post that was like, "Hey here's how we use Apache Airflow to orchestrate our data across all their sources." And really since then, right, it's almost been a decade since then, Airflow emerged as the open source standard, and there's companies of all sorts using it. And, it's really used to tie all these tools together, especially as that number of tools increases, companies move to hybrid cloud, hybrid multi-cloud strategies, and so on and so forth. But you know, what we found is that if you go to any company, especially a larger one and you say like, "Hey, how are you doing data orchestration?" They'll probably say something like, "Well, I have five data teams, so I have eight different ways I do data orchestration." Right. This idea of data orchestration's been there but the right way to do it, kind of all the abstractions you need, the way your teams need to work together, and so on and so forth, hasn't really emerged just yet, right? It's such a quick moving space that companies have to combine what they were doing before with what their new business initiatives are today. So, you know, what we really believe here at Astronomer is Airflow is the core of how you solve data orchestration for any sort of use case, but it's not everything. You know, it needs a little more. And, that's really where our commercial product, Astro comes in, where we've built, not only the most tried and tested airflow experience out there. We do employ a majority of the Airflow Core Committers, right? So, we're kind of really deep in the project. We've also built the right things around developer tooling, observability, and reliability for customers to really rely on Astro as the heart of the way they do data orchestration, and kind of think of it as the foundational layer that helps tie together all the different tools, practices and teams large companies have to do today. >> That foundational layer is absolutely critical. You've both mentioned open source software. Paola, I want to go back to you, and just give the audience an understanding of how open source really plays into Astronomer's mission as a company, and into the technologies like Astro. >> Mm-hmm. Yeah, absolutely. I mean, we, so we at Astronomers started using Airflow and actually building our products because Airflow is open source and we were our own customers at the beginning of our company journey. And, I think the open source community is at the core of everything we do. You know, without that open source community and culture, I think, you know, we have less of a business, and so, we're super invested in continuing to cultivate and grow that. And, I think there's a couple sort of concrete ways in which we do this that personally make me really excited to do my own job. You know, for one, we do things like we organize meetups and we sponsor the Airflow Summit and there's these sort of baseline community efforts that I think are really important and that reminds you, hey, there just humans trying to do their jobs and learn and use both our technology and things that are out there and contribute to it. So, making it easier to contribute to Airflow, for example, is another one of our efforts. As Viraj mentioned, we also employ, you know, engineers internally who are on our team whose full-time job is to make the open source project better. Again, regardless of whether or not you're a customer of ours or not, we want to make sure that we continue to cultivate the Airflow project in and of itself. And, we're also building developer tooling that might not be a part of the Apache Open Source project, but is still open source. So, we have repositories in our own sort of GitHub organization, for example, with tools that individual data practitioners, again customers are not, can use to make them be more productive in their day-to-day jobs with Airflow writing Dags for the most common use cases out there. The last thing I'll say is how important I think we've found it to build sort of educational resources and documentation and best practices. Airflow can be complex. It's been around for a long time. There's a lot of really, really rich feature sets. And so, how do we enable folks to actually use those? And that comes in, you know, things like webinars, and best practices, and courses and curriculum that are free and accessible and open to the community are just some of the ways in which I think we're continuing to invest in that open source community over the next year and beyond. >> That's awesome. It sounds like open source is really core, not only to the mission, but really to the heart of the organization. Viraj, I want to go back to you and really try to understand how does Astronomer fit into the wider modern data stack and ecosystem? Like what does that look like for customers? >> Yeah, yeah. So, both in the open source and with our commercial customers, right? Folks everywhere are trying to tie together a huge variety of tools in order to start making sense of their data. And you know, I kind of think of it almost like as like a pyramid, right? At the base level, you need things like data reliability, data, sorry, data freshness, data availability, and so on and so forth, right? You just need your data to be there. (coughs) I'm sorry. You just need your data to be there, and you need to make it predictable when it's going to be there. You need to make sure it's kind of correct at the highest level, some quality checks, and so on and so forth. And oftentimes, that kind of takes the case of ELT or ETL use cases, right? Taking data from somewhere and moving it somewhere else, usually into some sort of analytics destination. And, that's really what businesses can do to just power the core parts of getting insights into how their business is going, right? How much revenue did I had? What's in my pipeline, salesforce, and so on and so forth. Once that kind of base foundation is there and people can get the data they need, how they need it, it really opens up a lot for what customers can do. You know, I think one of the trendier things out there right now is MLOps, and how do companies actually put machine learning into production? Well, when you think about it you kind of have to squint at it, right? Like, machine learning pipelines are really just any other data pipeline. They just have a certain set of needs that might not not be applicable to ELT pipelines. And, when you kind of have a common layer to tie together all the ways data can move through your organization, that's really what we're trying to make it so companies can do. And, that happens in financial services where, you know, we have some customers who take app data coming from their mobile apps, and actually run it through their fraud detection services to make sure that all the activity is not fraudulent. We have customers that will run sports betting models on our platform where they'll take data from a bunch of public APIs around different sporting events that are happening, transform all of that in a way their data scientist can build models with it, and then actually bet on sports based on that output. You know, one of my favorite use cases I like to talk about that we saw in the open source is we had there was one company whose their business was to deliver blood transfusions via drone into remote parts of the world. And, it was really cool because they took all this data from all sorts of places, right? Kind of orchestrated all the aggregation and cleaning and analysis that happened had to happen via airflow and the end product would be a drone being shot out into a real remote part of the world to actually give somebody blood who needed it there. Because it turns out for certain parts of the world, the easiest way to deliver blood to them is via drone and not via some other, some other thing. So, these kind of, all the things people do with the modern data stack is absolutely incredible, right? Like you were saying, every company's trying to be a data-driven company. What really energizes me is knowing that like, for all those best, super great tools out there that power a business, we get to be the connective tissue, or the, almost like the electricity that kind of ropes them all together and makes so people can actually do what they need to do. >> Right. Phenomenal use cases that you just described, Raj. I mean, just the variety alone of what you guys are able to do and impact is so cool. So Paola, when you're with those data engineers, those data scientists, and customer conversations, what's your pitch? Why use Astro? >> Mm-hmm. Yeah, yeah, it's a good question. And honestly, to piggyback off of Viraj, there's so many. I think what keeps me so energized is how mission critical both our product and data orchestration is, and those use cases really are incredible and we work with customers of all shapes and sizes. But, to answer your question, right, so why use Astra? Why use our commercial products? There's so many people using open source, why pay for something more than that? So, you know, the baseline for our business really is that Airflow has grown exponentially over the last five years, and like we said has become an industry standard that we're confident there's a huge opportunity for us as a company and as a team. But, we also strongly believe that being great at running Airflow, you know, doesn't make you a successful company at what you do. What makes you a successful company at what you do is building great products and solving problems and solving pin points of your own customers, right? And, that differentiating value isn't being amazing at running Airflow. That should be our job. And so, we want to abstract those customers from meaning to do things like manage Kubernetes infrastructure that you need to run Airflow, and then hiring someone full-time to go do that. Which can be hard, but again doesn't add differentiating value to your team, or to your product, or to your customers. So, folks to get away from managing that infrastructure sort of a base, a base layer. Folks who are looking for differentiating features that make their team more productive and allows them to spend less time tweaking Airflow configurations and more time working with the data that they're getting from their business. For help, getting, staying up with Airflow releases. There's a ton of, we've actually been pretty quick to come out with new Airflow features and releases, and actually just keeping up with that feature set and working strategically with a partner to help you make the most out of those feature sets is a key part of it. And, really it's, especially if you're an organization who currently is committed to using Airflow, you likely have a lot of Airflow environments across your organization. And, being able to see those Airflow environments in a single place and being able to enable your data practitioners to create Airflow environments with a click of a button, and then use, for example, our command line to develop your Airflow Dags locally and push them up to our product, and use all of the sort of testing and monitoring and observability that we have on top of our product is such a key. It sounds so simple, especially if you use Airflow, but really those things are, you know, baseline value props that we have for the customers that continue to be excited to work with us. And of course, I think we can go beyond that and there's, we have ambitions to add whole, a whole bunch of features and expand into different types of personas. >> Right? >> But really our main value prop is for companies who are committed to Airflow and want to abstract themselves and make use of some of the differentiating features that we now have at Astronomer. >> Got it. Awesome. >> Thank you. One thing, one thing I'll add to that, Paola, and I think you did a good job of saying is because every company's trying to be a data company, companies are at different parts of their journey along that, right? And we want to meet customers where they are, and take them through it to where they want to go. So, on one end you have folks who are like, "Hey, we're just building a data team here. We have a new initiative. We heard about Airflow. How do you help us out?" On the farther end, you know, we have some customers that have been using Airflow for five plus years and they're like, "Hey, this is awesome. We have 10 more teams we want to bring on. How can you help with this? How can we do more stuff in the open source with you? How can we tell our story together?" And, it's all about kind of taking this vast community of data users everywhere, seeing where they're at, and saying like, "Hey, Astro and Airflow can take you to the next place that you want to go." >> Which is incredibly- >> Mm-hmm. >> and you bring up a great point, Viraj, that every company is somewhere in a different place on that journey. And it's, and it's complex. But it sounds to me like a lot of what you're doing is really stripping away a lot of the complexity, really enabling folks to use their data as quickly as possible, so that it's relevant and they can serve up, you know, the right products and services to whoever wants what. Really incredibly important. We're almost out of time, but I'd love to get both of your perspectives on what's next for Astronomer. You give us a a great overview of what the company's doing, the value in it for customers. Paola, from your lens as one of the co-founders, what's next? >> Yeah, I mean, I think we'll continue to, I think cultivate in that open source community. I think we'll continue to build products that are open sourced as part of our ecosystem. I also think that we'll continue to build products that actually make Airflow, and getting started with Airflow, more accessible. So, sort of lowering that barrier to entry to our products, whether that's price wise or infrastructure requirement wise. I think making it easier for folks to get started and get their hands on our product is super important for us this year. And really it's about, I think, you know, for us, it's really about focused execution this year and all of the sort of core principles that we've been talking about. And continuing to invest in all of the things around our product that again, enable teams to use Airflow more effectively and efficiently. >> And that efficiency piece is, everybody needs that. Last question, Viraj, for you. What do you see in terms of the next year for Astronomer and for your role? >> Yeah, you know, I think Paola did a really good job of laying it out. So it's, it's really hard to disagree with her on anything, right? I think executing is definitely the most important thing. My own personal bias on that is I think more than ever it's important to really galvanize the community around airflow. So, we're going to be focusing on that a lot. We want to make it easier for our users to get get our product into their hands, be that open source users or commercial users. And last, but certainly not least, is we're also really excited about Data Lineage and this other open source project in our umbrella called Open Lineage to make it so that there's a standard way for users to get lineage out of different systems that they use. When we think about what's in store for data lineage and needing to audit the way automated decisions are being made. You know, I think that's just such an important thing that companies are really just starting with, and I don't think there's a solution that's emerged that kind of ties it all together. So, we think that as we kind of grow the role of Airflow, right, we can also make it so that we're helping solve, we're helping customers solve their lineage problems all in Astro, which is our kind of the best of both worlds for us. >> Awesome. I can definitely feel and hear the enthusiasm and the passion that you both bring to Astronomer, to your customers, to your team. I love it. We could keep talking more and more, so you're going to have to come back. (laughing) Viraj, Paola, thank you so much for joining me today on this showcase conversation. We really appreciate your insights and all the context that you provided about Astronomer. >> Thank you so much for having us. >> My pleasure. For my guests, I'm Lisa Martin. You're watching this Cube conversation. (soft electronic music)

(upbeat music) >> Okay, welcome back everyone. I'm John Furrier here in theCUBE, in Palo Alto for "CUBE Conversation" with Chris Jones, Director of Product Management at Platform9. I've got a series of questions, had a great conversation earlier. Chris, I have a couple questions for you, what do you think? >> Let's do it, John. >> Okay, how does Platform9 Solution, you- can it be used on any infrastructure anywhere, cloud, edge, on-premise? >> It can, that's the beauty of our control plane, right? It was born in the cloud, and we primarily deliver that SaaS, which allows it to work in your data center, on bare metal, on VMs, or with public cloud infrastructure. We now give you the ability to take that control plane, install it in your data center, and then use it with anything, or even in air gap. And that includes capabilities with bare metal orchestration as well. >> Second question. How does Platform9 ensure maximum uptime, and proactive issue resolution? >> Oh, that's a good question. So if you come to Platform nine we're going to talk about always on assurance. What is driving that is a system of three components around self-healing, monitoring, and proactive assistance. So our software will heal broken things on nodes, right? If something stops running that should be running, it will attempt to restart that. We also have monitoring that's deployed with everything. So you build a cluster in AWS, well, we put open source monitoring agents, that are actually Prometheus, on every single node. That means it's resilient, right? So if you lose a node, you don't lose monitoring. But that data importantly comes back to our control plane, and that's the control plane that you can put in your data center as well. That data is what alerts us, and you as a user, anytime of the day that something's going wrong. Let's say etcd latency, good example, etcd is going slow. We'll find out, we might not be able to take restorative action immediately, but we're definitely going to reach out and say,, "You have a problem, let's get ahead of this and let's prevent that from becoming a bigger problem." And that's what we're delivering. When we say always on assurance, we're talking about self-healing, we're talking about remote monitoring, we're talking about being proactive with our customers, not waiting for the phone call or the support desk ticket saying, "Oh we think something's not working." Or worse, the customer has an outage. >> Awesome. Thanks for sharing. Can you explain the process for implementing Platform9 within a company's existing infrastructure. >> Are we doing air gap, or on-prem or SaaS approached? SaaS approach I think is by far the easiest, right? We can build a dedicated Platform9 control plane instance in a manner of minutes, for any customer. So when we do a proof of concept or onboarding, we just literally put in an email address, put in the name you want for your fully qualified domain name, and your instance is up. From that point onwards, the user can just log in, and using our CLI, talk to any number of, say, virtual machines, or physical servers in their environment for, you know, doing this in a data center or colo, and say, "I want these to be my Kubernetes control plane nodes. Here's the five of them. Here's the VIP for the load balancing, the API server and here are all of my compute nodes." And that CLI will work with the SaaS control plane, and go and build the cluster. That's as simple as it, CentOS, Ubuntu, just plain old operating system. Our software takes care of all the prerequisites, installing all the pieces, putting down MetalLB, CoreDNS, Metrics Server, Kubernetes dashboard, etcd backups. You built some servers. That's essentially what you've done, and the rest is being handled by Platform9. It's as simple as that. >> Great, thanks for that. What are the two traditional paths for companies considering the cloud native journey? The two paths. >> The traditional paths. I think that's your engineering team running so fast that before you even realize that you've got, you know, 10 EKS clusters. Or, hey, we can do this. You know, I've got the I can build it mentality. Let's go DIY completely open source Kubernetes on our infrastructure, and we're going to piecemeal build it all up together. They're, I think the pathways that people traditionally look at this journey, as opposed to having that third alternative saying can I just consume it on my infrastructure, be it cloud or on-premise or at the edge. >> Third is the new way, you guys do that. >> That's been our focus since the company was, you know, brought together back in the open OpenStack days. >> Awesome, what's the makeup of your customer base? Is there a certain pattern to the size or environments that you guys work with? Is there a pattern or consistency to your customer base? >> It's a spread, right? We've got large enterprises like Juniper, and we go all the way down to people with 20, 30, 50 nodes in total. We've got people in banking and finance, we've got things all the way through to telecommunications and storage infrastructure. >> What's your favorite feature of Platform9? >> My favorite feature? You know, if I ask, should I say this as a pre-sales engineer, let me show you a favorite thing. My immediate response is, I should never do this. (John laughs) To me it's just being able to define my cluster and say, go. And in five minutes I have that environment, I can see everything that's running, right? It's all unified, it's one spot, right? I'm a cluster admin. I said I wanted three control plane, 25 workers. Here's the infrastructure, it creates it, and once it's built, I can see everything that's running, right? All the applications that are there. One UI, I don't have to go click around. I'm not trying to solve things or download things. It's the fact that it's unified and just delivered in one hit. >> What is the one thing that people should know about Platform9 that they might not know about it? >> I think it's that we help developers and engineers as much as we can help our operations teams. I think, for a long time we've sort of targeted that user and said, hey, we, we really help you. It's like, but why are they doing this? Why are they building any infrastructure or any cloud platform? Well, it's to run applications and services, to help their customers, but how do they get there? There's people building and writing those things, and we're helping them, right? For the last two years, we've been really focused on making it simple, and I think that's an important thing to know. >> Chris, thanks so much, appreciate it. >> Yeah, thank you, John. >> Okay, that's theCUBE Q&A session here with Platform9. I'm John Furrier, thanks for watching. (light music)

(upbeat music) >> Welcome back, everyone, to our Cube special programming on "Securing Compute, Engineered for the Hybrid World." We got Cole Humphreys who's with HPE, global server security product manager, and Mike Ferron-Jones with Intel. He's the product manager for data security technology. Gentlemen, thank you for coming on this special presentation. >> All right, thanks for having us. >> So, securing compute, I mean, compute, everyone wants more compute. You can't have enough compute as far as we're concerned. You know, more bits are flying around the internet. Hardware's mattering more than ever. Performance markets hot right now for next-gen solutions. When you're talking about security, it's at the center of every single conversation. And Gen11 for the HPE has been big-time focus here. So let's get into the story. What's the market for Gen11, Cole, on the security piece? What's going on? How do you see this impacting the marketplace? >> Hey, you know, thanks. I think this is, again, just a moment in time where we're all working towards solving a problem that doesn't stop. You know, because we are looking at data protection. You know, in compute, you're looking out there, there's international impacts, there's federal impacts, there's state-level impacts, and even regulation to protect the data. So, you know, how do we do this stuff in an environment that keeps changing? >> And on the Intel side, you guys are a Tier 1 combination partner, Better Together. HPE has a deep bench on security, Intel, We know what your history is. You guys have a real root of trust with your code, down to the silicon level, continuing to be, and you're on the 4th Gen Xeon here. Mike, take us through the Intel's relationship with HPE. Super important. You guys have been working together for many, many years. Data security, chips, HPE, Gen11. Take us through the relationship. What's the update? >> Yeah, thanks and I mean, HPE and Intel have been partners in delivering technology and delivering security for decades. And when a customer invests in an HPE server, like at one of the new Gen11s, they're getting the benefit of the combined investment that these two great companies are putting into product security. On the Intel side, for example, we invest heavily in the way that we develop our products for security from the ground up, and also continue to support them once they're in the market. You know, launching a product isn't the end of our security investment. You know, our Intel Red Teams continue to hammer on Intel products looking for any kind of security vulnerability for a platform that's in the field. As well as we invest heavily in the external research community through our bug bounty programs to harness the entire creativity of the security community to find those vulnerabilities, because that allows us to patch them and make sure our customers are staying safe throughout that platform's deployed lifecycle. You know, in 2021, between Intel's internal red teams and our investments in external research, we found 93% of our own vulnerabilities. Only a small percentage were found by unaffiliated external entities. >> Cole, HPE has a great track record and long history serving customers around security, actually, with the solutions you guys had. With Gen11, it's more important than ever. Can you share your thoughts on the talent gap out there? People want to move faster, breaches are happening at a higher velocity. They need more protection now than ever before. Can you share your thoughts on why these breaches are happening, and what you guys are doing, and how you guys see this happening from a customer standpoint? What you guys fill in with Gen11 with solution? >> You bet, you know, because when you hear about the relentless pursuit of innovation from our partners, and we in our engineering organizations in India, and Taiwan, and the Americas all collaborating together years in advance, are about delivering solutions that help protect our customer's environments. But what you hear Mike talking about is it's also about keeping 'em safe. Because you look to the market, right? What you see in, at least from our data from 2021, we have that breaches are still happening, and lot of it has to do with the fact that there is just a lack of adequate security staff with the necessary skills to protect the customer's application and ultimately the workloads. And then that's how these breaches are happening. Because ultimately you need to see some sort of control and visibility of what's going on out there. And what we were talking about earlier is you see time. Time to seeing some incident happen, the blast radius can be tremendous in today's technical, advanced world. And so you have to identify it and then correct it quickly, and that's why this continued innovation and partnership is so important, to help work together to keep up. >> You guys have had a great track record with Intel-based platforms with HPE. Gen11's a really big part of the story. Where do you see that impacting customers? Can you explain the benefits of what's going on with Gen11? What's the key story? What's the most important thing we should be paying attention to here? >> I think there's probably three areas as we look into this generation. And again, this is a point in time, we will continue to evolve. But at this particular point it's about, you know, a fundamental approach to our security enablement, right? Partnering as a Tier 1 OEM with one of the best in the industry, right? We can deliver systems that help protect some of the most critical infrastructure on earth, right? I know of some things that are required to have a non-disclosure because it is some of the most important jobs that you would see out there. And working together with Intel to protect those specific compute workloads, that's a serious deal that protects not only state, and local, and federal interests, but, really, a global one. >> This is a really- >> And then there's another one- Oh sorry. >> No, go ahead. Finish your thought. >> And then there's another one that I would call our uncompromising focus. We work in the industry, we lead and partner with those in the, I would say, in the good side. And we want to focus on enablement through a specific capability set, let's call it our global operations, and that ability to protect our supply chain and deliver infrastructure that can be trusted and into an operating environment. You put all those together and you see very significant and meaningful solutions together. >> The operating benefits are significant. I just want to go back to something you just said before about the joint NDAs and kind of the relationship you kind of unpacked, that to me, you know, I heard you guys say from sand to server, I love that phrase, because, you know, silicone into the server. But this is a combination you guys have with HPE and Intel supply-chain security. I mean, it's not just like you're getting chips and sticking them into a machine. This is, like, there's an in-depth relationship on the supply chain that has a very intricate piece to it. Can you guys just double down on that and share that, how that works and why it's important? >> Sure, so why don't I go ahead and start on that one. So, you know, as you mentioned the, you know, the supply chain that ultimately results in an end user pulling, you know, a new Gen11 HPE server out of the box, you know, started, you know, way, way back in it. And we've been, you know, Intel, from our part are, you know, invest heavily in making sure that all of our entire supply chain to deliver all of the Intel components that are inside that HPE platform have been protected and monitored ever since, you know, their inception at one of any of our 14,000, you know, Intel vendors that we monitor as part of our supply-chain assurance program. I mean we, you know, Intel, you know, invests heavily in compliance with guidelines from places like NIST and ISO, as well as, you know, doing best practices under things like the Transported Asset Protection Alliance, TAPA. You know, we have been intensely invested in making sure that when a customer gets an Intel processor, or any other Intel silicone product, that it has not been tampered with or altered during its trip through the supply chain. HPE then is able to pick up that, those components that we deliver, and add onto that their own supply-chain assurance when it comes down to delivering, you know, the final product to the customer. >> Cole, do you want to- >> That's exactly right. Yeah, I feel like that integration point is a really good segue into why we're talking today, right? Because that then comes into a global operations network that is pulling together these servers and able to deploy 'em all over the world. And as part of the Gen11 launch, we have security services that allow 'em to be hardened from our factories to that next stage into that trusted partner ecosystem for system integration, or directly to customers, right? So that ability to have that chain of trust. And it's not only about attestation and knowing what, you know, came from whom, because, obviously, you want to trust and make sure you're get getting the parts from Intel to build your technical solutions. But it's also about some of the provisioning we're doing in our global operations where we're putting cryptographic identities and manifests of the server and its components and moving it through that supply chain. So you talked about this common challenge we have of assuring no tampering of that device through the supply chain, and that's why this partnering is so important. We deliver secure solutions, we move them, you're able to see and control that information to verify they've not been tampered with, and you move on to your next stage of this very complicated and necessary chain of trust to build, you know, what some people are calling zero-trust type ecosystems. >> Yeah, it's interesting. You know, a lot goes on under the covers. That's good though, right? You want to have greater security and platform integrity, if you can abstract the way the complexity, that's key. Now one of the things I like about this conversation is that you mentioned this idea of a hardware-root-of-trust set of technologies. Can you guys just quickly touch on that, because that's one of the major benefits we see from this combination of the partnership, is that it's not just one, each party doing something, it's the combination. But this notion of hardware-root-of-trust technologies, what is that? >> Yeah, well let me, why don't I go ahead and start on that, and then, you know, Cole can take it from there. Because we provide some of the foundational technologies that underlie a root of trust. Now the idea behind a root of trust, of course, is that you want your platform to, you know, from the moment that first electron hits it from the power supply, that it has a chain of trust that all of the software, firmware, BIOS is loading, to bring that platform up into an operational state is trusted. If you have a breach in one of those lower-level code bases, like in the BIOS or in the system firmware, that can be a huge problem. It can undermine every other software-based security protection that you may have implemented up the stack. So, you know, Intel and HPE work together to coordinate our trusted boot and root-of-trust technologies to make sure that when a customer, you know, boots that platform up, it boots up into a known good state so that it is ready for the customer's workload. So on the Intel side, we've got technologies like our trusted execution technology, or Intel Boot Guard, that then feed into the HPE iLO system to help, you know, create that chain of trust that's rooted in silicon to be able to deliver that known good state to the customer so it's ready for workloads. >> All right, Cole, I got to ask you, with Gen11 HPE platforms that has 4th Gen Intel Xeon, what are the customers really getting? >> So, you know, what a great setup. I'm smiling because it's, like, it has a good answer, because one, this, you know, to be clear, this isn't the first time we've worked on this root-of-trust problem. You know, we have a construct that we call the HPE Silicon Root of Trust. You know, there are, it's an industry standard construct, it's not a proprietary solution to HPE, but it does follow some differentiated steps that we like to say make a little difference in how it's best implemented. And where you see that is that tight, you know, Intel Trusted Execution exchange. The Intel Trusted Execution exchange is a very important step to assuring that route of trust in that HPE Silicon Root of Trust construct, right? So they're not different things, right? We just have an umbrella that we pull under our ProLiant, because there's ILO, our BIOS team, CPLDs, firmware, but I'll tell you this, Gen11, you know, while all that, keeping that moving forward would be good enough, we are not holding to that. We are moving forward. Our uncompromising focus, we want to drive more visibility into that Gen11 server, specifically into the PCIE lanes. And now you're going to be able to see, and measure, and make policies to have control and visibility of the PCI devices, like storage controllers, NICs, direct connect, NVME drives, et cetera. You know, if you follow the trends of where the industry would like to go, all the components in a server would be able to be seen and attested for full infrastructure integrity, right? So, but this is a meaningful step forward between not only the greatness we do together, but, I would say, a little uncompromising focus on this problem and doing a little bit more to make Gen11 Intel's server just a little better for the challenges of the future. >> Yeah, the Tier 1 partnership is really kind of highlighted there. Great, great point. I got to ask you, Mike, on the 4th Gen Xeon Scalable capabilities, what does it do for the customer with Gen11 now that they have these breaches? Does it eliminate stuff? What's in it for the customer? What are some of the new things coming out with the Xeon? You're at Gen4, Gen11 for HP, but you guys have new stuff. What does it do for the customer? Does it help eliminate breaches? Are there things that are inherent in the product that HP is jointly working with you on or you were contributing in to the relationship that we should know about? What's new? >> Yeah, well there's so much great new stuff in our new 4th Gen Xeon Scalable processor. This is the one that was codenamed Sapphire Rapids. I mean, you know, more cores, more performance, AI acceleration, crypto acceleration, it's all in there. But one of my favorite security features, and it is one that's called Intel Control-Flow Enforcement Technology, or Intel CET. And why I like CET is because I find the attack that it is designed to mitigate is just evil genius. This type of attack, which is called a return, a jump, or a call-oriented programming attack, is designed to not bring a whole bunch of new identifiable malware into the system, you know, which could be picked up by security software. What it is designed to do is to look for little bits of existing, little bits of existing code already on the server. So if you're running, say, a web server, it's looking for little bits of that web-server code that it can then execute in a particular order to achieve a malicious outcome, something like open a command prompt, or escalate its privileges. Now in order to get those little code bits to execute in an order, it has a control mechanism. And there are different, each of the different types of attacks uses a different control mechanism. But what CET does is it gets in there and it disrupts those control mechanisms, uses hardware to prevent those particular techniques from being able to dig in and take effect. So CET can, you know, disrupt it and make sure that software behaves safely and as the programmer intended, rather than picking off these little arbitrary bits in one of these return, or jump, or call-oriented programming attacks. Now it is a technology that is included in every single one of the new 4th Gen Xeon Scalable processors. And so it's going to be an inherent characteristic the customers can benefit from when they buy a new Gen11 HPE server. >> Cole, more goodness from Intel there impacting Gen11 on the HPE side. What's your reaction to that? >> I mean, I feel like this is exactly why you do business with the big Tier 1 partners, because you can put, you know, trust in from where it comes from, through the global operations, literally, having it hardened from the factory it's finished in, moving into your operating environment, and then now protecting against attacks in your web hosting services, right? I mean, this is great. I mean, you'll always have an attack on data, you know, as you're seeing in the data. But the more contained, the more information, and the more control and trust we can give to our customers, it's going to make their job a little easier in protecting whatever job they're trying to do. >> Yeah, and enterprise customers, as you know, they're always trying to keep up to date on the skills and battle the threats. Having that built in under the covers is a real good way to kind of help them free up their time, and also protect them is really killer. This is a big, big part of the Gen11 story here. Securing the data, securing compute, that's the topic here for this special cube conversation, engineering for a hybrid world. Cole, I'll give you the final word. What should people pay attention to, Gen11 from HPE, bottom line, what's the story? >> You know, it's, you know, it's not the first time, it's not the last time, but it's our fundamental security approach to just helping customers through their digital transformation defend in an uncompromising focus to help protect our infrastructure in these technical solutions. >> Cole Humphreys is the global server security product manager at HPE. He's got his finger on the pulse and keeping everyone secure in the platform integrity there. Mike Ferron-Jones is the Intel product manager for data security technology. Gentlemen, thank you for this great conversation, getting into the weeds a little bit with Gen11, which is great. Love the hardware route-of-trust technologies, Better Together. Congratulations on Gen11 and your 4th Gen Xeon Scalable. Thanks for coming on. >> All right, thanks, John. >> Thank you very much, guys, appreciate it. Okay, you're watching "theCube's" special presentation, "Securing Compute, Engineered for the Hybrid World." I'm John Furrier, your host. Thanks for watching. (upbeat music)

(upbeat music) >> Hello and welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Its first inaugural event. It's theCUBE's coverage. We were there at the first event for a KubeCon before CNCF kind of took it over. It was in Seattle. And so in Seattle this week is Cloud Native SecurityCon. Of course, theCUBE is there covering via our Palo Alto Studios and our experts around the world who are bringing in Bassam Tabbara who's the CEO and founder of upbound.io. That's the URL, but Upbound is the company. The creators of Crossplane. Really kind of looking at the Crossplane, across the abstraction layer, across clouds. A big part of, as we call supercloud trend. Bassam, great to see you. You've been legend in the open source community. Great to have you on. >> Thanks, John. Always good to be on theCUBE. >> I really wanted to bring you in 'cause I want to get your perspective. You've seen the movie, you've seen open source software grow, it continues to grow. Now you're starting to see the Linux Foundation, which has CNCF really expanding their realm. They got the CloudNativeCon, KubeCon, which is Kubernetes event. That's gotten so massive and so successful. We've been to every single one as you know. I've seen you there and all of them as well. So that's going great. Now they got this new event that's spins out dedicated to security. Everybody wants to know why the new event? What's the focus? Is it needed? What will they do? What's different from KubeCon? Where do I play? And so there's a little bit of a question mark in the ecosystem around this event. And so we've been reporting on it. Looking good so far. People are buzzing, again, they're keeping it small. So that kind of managing expectations like any good event would do. But I think it's been successful, which I wanted like to get your take on how you see it. Is this good? Are you indifferent? Are you excited by this? What's your take? >> I mean, look, it's super exciting to see all the momentum around cloud native. Obviously there are different dimensions of cloud native securities, an important piece. Networking, storage, compute, like all those things I think tie back together and in some ways you can look at this event as a focused event on the security aspect as it relates to cloud native. And there are lots of vendors in this space. There's lots of interesting projects in the space, but the unifying theme is that they come together and probably around the Kubernetes API and the momentum around cloud native and with Kubernetes at the center of it. >> On the focus on Kubernetes, it seems this event is kind of classic security where you want to have deep dives. Again, I call it the event operating system 'cause you decouple, make things highly cohesive, and you link them together. I don't see a problem with it. I kind of like this. I gave it good reviews if they stay focused because security is super critical. There was references to bind and DNS. There's a lot of things in the infrastructure plumbing that need to be looked at or managed or figured out or just refactored for modernization needs. And I know you've done a lot with storage, for instance, storage, networking, kernel. There's a lot of things in the old tech or tech in the cloud that needs to be kind, I won't say rebooted, but maybe reset or jump. Do you see it that way? Are there things that need to get done or is it just that there's so much complexity in the different cloud cluster code thing going on? >> It's obviously security is a very, very big space and there are so many different aspects of it that people you can go into. I think the thing that's interesting around the cloud native community is that there is a unifying theme. Like forget the word cloud native for a second, but the unifying theme is that people are building around what looks like a standardized play around Kubernetes and the Kubernetes API. And as a result you can recast a lot of the technologies that we are used to in the past in a traditional security sense. You can recast them on top of this new standardized approach or on Kubernetes, whether it's policy or protecting a supply chain or scanning, or like a lot of the access control authorization, et cetera. All of those things can be either revived to apply to this cloud native play and the Kubernetes play or creating new opportunities for companies to actually build new and interesting projects and companies around a standardized play. >> Do you think this also will help the KubeCon be more focused around the developer areas there and just touching on security versus figuring out how to take something so important in KubeCon, which the stakeholders in KubeCon have have grown so big, I can see security sucking a lot of oxygen out of the room there. So here you move it over, you keep it over here. Will anything change on the KubeCon site? We'll be there in in Amsterdam in April. What do you think the impact will be? Good? Is it good for the community? Just good swim lanes? What's your take? >> Yeah, I still think KubeCon will be an umbrella event for the whole cloud native community. I suspect that you'll see some of the same vendors and projects and everything else represented in KubeCon. The way I think about all the branched cloud native events are essentially a way to have a more focused discussion, get people together to talk about security topics or networking topics or things that are more focused way. But I don't think it changes the the effect of KubeCon being the umbrella around all of it. So I think you'll see the same presence and maybe larger presence going forward at Amsterdam. We're planning to be there obviously and I'm excited to be there and I think it'll be a big event and having a smaller event is not going to diminish the effect of KubeCon. >> And if you look at the developer community they've all been online for a long time, from IRC chat to now Slack and now new technologies and stuff like Discord out there. The event world has changed post-pandemic. So it makes sense. And we're seeing this with all vendors, by the way, and projects. The digital community angle is huge because if you have a big tent event like KubeCon you can make that a rallying moment in the industry and then have similar smaller events that are highly focused that build off that that are just connective tissue or subnets, if you will, or communities targeted for really deeper conversations. And they could be smaller events. They don't have to be monster events, but they're connected and traverse into the main event. This might be the event format for the future for all companies, whether it's AWS or a company that has a community where you create this network effect, if you will, around the people. >> That's right. And if you look at things like AWS re:Invent, et cetera, I mean, that's a massive events. And in some ways it, if it was a set of smaller sub events, maybe it actually will flourish more. I don't know, I'm not sure. >> They just killed the San Francisco event. >> That's right. >> But they have re:Inforce, all right, so they just established that their big events are re:Invent and re:Inforce as their big. >> Oh, I didn't hear about re:Inforce. That's news to me. >> re:Inforce is their third event. So they're doing something similar as CloudNativeCon, which is you have to have an event and then they're going to create a lot of sub events underneath. So I think they are trying to do that. Very interesting. >> Very interesting for sure. >> So let's talk about what you guys are up to. I know from your standpoint, you had a lot of security conversations. How is Crossplane doing? Obviously, you saw our Supercloud coverage. You guys fit right into that model where clients, customers, enterprises are going to want to have multiple cloud operating environments for whatever the use case, whether you're using ChatGPT, you got to get an Azure instance up and running for that. Now with APIs, we're hearing a lot of developers doing that. So you're going to start to see this cross cloud as VMware calls, what we call it supercloud. There's more need for Crossplane like thinking. What's the update? >> For sure, and we see this very clearly as well. So the fact that there is a standardization layer, there is a layer that lets you converge the different vendors that you have, the different clouds that you have, the different hype models that you have, whether it's hybrid or private, public, et cetera. The unifying theme is that you're literally bringing all those things under one control plane that enables you to actually centralize and standardize on security, access control, helps you standardize on cost control, quota policy, as well as create a self-service experience for your developers. And so from a security standpoint, the beauty of this is like, you could use really popular projects like open policy agent or Kyverno or others if you want to do policy and do so uniformly across your entire stack, your entire footprint of tooling, vendors, services and across deployment models. Those things are possible because you're standardizing and consolidating on a control plane on top of all. And that's the thing that gets our customers excited. That we're seeing in the community that they could actually now normalize standardize on small number of projects and tools to manage everything. >> We were talking about that in our summary of the keynote yesterday. Dave Vellante and I were talking about the idea of clients want to have a redo of their security. They've been, just the tooling has been building up. They got zero trust in place, maybe with some big vendor, but now got the cloud native opportunity to refactor and reset and reinvent their security paradigm. And so that's the positive thing we're hearing. Now we're seeing enterprises want this cross cloud capabilities or Crossplane like thinking that you guys are talking about. What are your customers telling you? Can you share from an enterprise perspective where they're at in this journey? Because part of the security problems that we've been reporting on has been because clients are moving from IT to cloud native and not everyone's moved over yet. So they're highly vulnerable to ransomware and all kinds of other crap. So another attacks, so they're wide open, But people who are moving into cloud native, are they stepping up their game on this Crossplane opportunity? Where are they at? Can you share data on that? >> Yeah, we're grateful to be talking to a lot of customers these days. And the interesting thing is even if you talked about large financial institutions, banks, et cetera, the common theme that we hear is that they bought tools for each of the different departments and however they're organized. Sometimes you see the folks that are running databases, networking, being separated from say, the computer app developers or they're all these different departments within an organization. And for each one of those, they've made localized decisions for tooling and services that they bought. What we're seeing now consistently is that they're all together, getting together, and trying to figure out how to standardize on a smaller one set of tooling and services that goes across all the different departments and all different aspects of the business that they're running. And this is where this discussion gets a lot very interesting. If instead of buying a different policy tool for each department, or once that fits it you could actually standardize on policy or the entire footprint of services that they're managing. And you get that by standardizing on a control plane or standardizing on effectively one point of control for everything that they're doing. And that theme is like literally, it gets all our customers excited. This is why they're engaging in all of this. It's almost the holy grail. The thing that I've been trying to do for a long time. >> I know. >> And it's finally happening. >> I know you and I have talked about this many times, but I got to ask you the one thing that jumps into everybody's head when you hear control plane is lock-in. So how do you discuss that lock-in, perception from the reality of the situation? How do you unpack that for the customer? 'Cause they want choice at the end of the day. There's the preferred vendors for sure on the hyperscale side and app side and open source, but what's the lock-in? What does the lock-in conversation look like? Or do they even have that conversation? >> Yeah. To be honest, I mean, so their lock-in could be a two dimensions here. Most of our customers and people are using Crossplane or using app on product around it. Most of our do, concentrated in, say a one cloud vendor and have others. So I don't think this is necessarily about multicloud per se or being locked into one vendor. But they do manage many different services and they have legacy tooling and they have different systems that they bought at different stages and they want to bring them all together. And by bringing them all together that helps them make choices about consulting or even replacing some of them. But right now everything is siloed, everything is separate, both organizationally as well as the code bases or investments and tooling or contracts. Everything is just completely separated and it requires humans to put them together. And organizations actually try to gather around and put them together. I don't know if lock-in is the driving goal for this, but it is standardization consolidation. That's the driving initiative. >> And so unification and building is the big driver. They're building out >> Correct, and you can ask why are they doing that? What does standardization help with? It helps them to become more productive. They can move faster, they can innovate faster. Not as a ton of, like literally revenue written all over. So it's super important to them that they achieved this, increase their pace of innovation around this and they do that by standardizing. >> The great point in all this and your success at Upbound and now CNCF success with KubeCon + CloudNativeCon and now with the inaugural event of Cloud Native SecurityCon is that the customers are involved, a lot of end users are involved. There's a big driver not only from the industry and the developers and getting architecture right and having choice. The customers want this to happen. They're leaning in, they're part of it. So that's a big driver. Where does this go? If you had to throw a dart at the board five years from now Cloud Native SecurityCon, what does it look like if you had to predict the trajectory of this event and community? >> Yeah, I mean, look, I think the trajectory one is that we have what looks like a standardization layer emerging that is all encompassing. And as a result, there is a ton of opportunity for vendors, projects, communities to build around within on top of this layer. And essentially create, I think you talked about an operating system earlier and decentralized aspect of this, but it's an opportunity to actually, what it looks like for the first time we have a convergence happening industry-wide and through open source and open source foundations. And I think that means that there'll be new opportunity and lots of new projects and things that are created in the space. And it also means that if you don't attach this space, you'll likely be left out. >> Awesome. Bassam, great to have you on, great expert commentary, obviously multi CUBE alumni and supporter of theCUBE and as you become successful we really appreciate your support for helping us get the content out there. And best of luck to your team and thanks for weighing in on Cloud Native SecurityCon. >> Awesome. It's always good talking to you, John. Thank you. >> Great stuff. This is more CUBE coverage from Palo Alto, getting folks on the ground on location, getting us the stories in Seattle. Of course, Cloud Native SecurityCon, the inaugural event, which looks like will be the beginning of a series of multi-year journey for the CNCF, focusing on security. Of course, theCUBE's here to cover it, every angle of it, and extract the signal from the noise. I'm John Furrier, thanks for watching. (upbeat music)

(upbeat music) >> Hello, everyone, from Palo Alto, Lisa Martin here. This is The Cube's coverage of CloudNativeSecurityCon, the inaugural event. I'm here with John Furrier in studio. In Boston, Dave Vellante joins us, and our guest, Liz Rice, one of our alumni, is joining us from Seattle. Great to have everyone here. Liz is the Chief Open Source officer at Isovalent. She's also the Emeritus Chair Technical Oversight Committee at CNCF, and a co-chair of this new event. Everyone, welcome Liz. Great to have you back on theCUBE. Thanks so much for joining us today. >> Thanks so much for having me, pleasure. >> So CloudNativeSecurityCon. This is the inaugural event, Liz, this used to be part of KubeCon, it's now its own event in its first year. Talk to us about the importance of having it as its own event from a security perspective, what's going on? Give us your opinions there. >> Yeah, I think security was becoming so- at such an important part of the conversation at KubeCon, CloudNativeCon, and the TAG security, who were organizing the co-located Cloud Native Security Day which then turned into a two day event. They were doing this amazing job, and there was so much content and so much activity and so much interest that it made sense to say "Actually this could stand alone as a dedicated event and really dedicate, you know, all the time and resources of running a full conference, just thinking about cloud native security." And I think that's proven to be true. There's plenty of really interesting talks that we're going to see. Things like a capture the flag. There's all sorts of really good things going on this week. >> Liz, great to see you, and Dave, great to see you in Boston Lisa, great intro. Liz, you've been a CUBE alumni. You've been a great contributor to our program, and being part of our team, kind of extracting that signal from the CNCF cloud native world KubeCon. This event really kind of to me is a watershed moment, because it highlights not only security as a standalone discussion event, but it's also synergistic with KubeCon. And, as co-chair, take us through the thought process on the sessions, the experts, it's got a practitioner vibe there. So we heard from Priyanka early on, bottoms up, developer first. You know KubeCon's shift left was big momentum. This seems to be a breakout of very focused security. Can you share the rationale and the thoughts behind how this is emerging, and how you see this developing? I know it's kind of a small event, kind of testing the waters it seems, but this is really a directional shift. Can you share your thoughts? >> Yeah I'm just, there's just so many different angles that you can consider security. You know, we are seeing a lot of conversations about supply chain security, but there's also runtime security. I'm really excited about eBPF tooling. There's also this opportunity to talk about how do we educate people about security, and how do security practitioners get involved in cloud native, and how do cloud native folks learn about the security concepts that they need to keep their deployments secure. So there's lots of different groups of people who I think maybe at a KubeCon, KubeCon is so wide, it's such a diverse range of topics. If you really just want to focus in, drill down on what do I need to do to run Kubernetes and cloud native applications securely, let's have a really focused event, and just drill down into all the different aspects of that. And I think that's great. It brings the right people together, the practitioners, the experts, the vendors to, you know, everyone can be here, and we can find each other at a smaller event. We are not spread out amongst the thousands of people that would attend a KubeCon. >> It's interesting, Dave, you know, when we were talking, you know, we're going to bring you in real quick, because AWS, which I think is the bellweather for, you know, cloud computing, has now two main shows, AWS re:Invent and re:Inforce. Security, again, broken out there. you see the classic security events, RSA, Black Hat, you know, those are the, kind of, the industry kind of mainstream security, very wide. But you're starting to see the cloud native developer first with both security and cloud native, kind of, really growing so fast. This is a major trend for a lot of the ecosystem >> You know, and you hear, when you mention those other conferences, John you hear a lot about, you know, shift left. There's a little bit of lip service there, and you, we heard today way more than lip service. I mean deep practitioner level conversations, and of course the runtime as well. Liz, you spent a lot of time obviously in your keynote on eBPF, and I wonder if you could share with the audience, you know, why you're so excited about that. What makes it a more effective tool compared to other traditional methods? I mean, it sounds like it simplifies things. You talked about instrumenting nodes versus workloads. Can you explain that a little bit more detail? >> Yeah, so with eBPF programs, we can load programs dynamically into the kernel, and we can attach them to all kinds of different events that could be happening anywhere on that virtual machine. And if you have the right knowledge about where to hook into, you can observe network events, you can observe file access events, you can observe pretty much anything that's interesting from a security perspective. And because eBPF programs are living in the kernel, there's only one kernel shared amongst all of the applications that are running on that particular machine. So you don't- you no longer have to instrument each individual application, or each individual pod. There's no more need to inject sidecars. We can apply eBPF based tooling on a per node basis, which just makes things operationally more straightforward, but it's also extremely performant. We can hook these programs into events that typically very lightweight, small programs, kind of, emitting an event, making a decision about whether to drop a packet, making a decision about whether to allow file access, things of that nature. There's super fast, there's no need to transition between kernel space and user space, which is usually quite a costly operation from performance perspective. So eBPF makes it really, you know, it's taking the security tooling, and other forms of tooling, networking and observability. We can take these tools into the kernel, and it's really efficient there. >> So Liz- >> So, if I may, one, just one quick follow up. You gave kind of a space age example (laughs) in your keynote. When, do you think a year from now we'll be able to see, sort of, real world examples in in action? How far away are we? >> Well, some of that is already pretty widely deployed. I mean, in my keynote I was talking about Cilium. Cilium is adopted by hundreds of really big scale deployments. You know, the users file is full of household names who've been using cilium. And as part of that they will be using network policies. And I showed some visualizations this morning of network policy, but again, network policy has been around, pretty much since the early days of Kubernetes. It can be quite fiddly to get it right, but there are plenty of people who are using it at scale today. And then we were also looking at some runtime security detections, seeing things like, in my example, exfiltrating the plans to the Death Star, you know, looking for suspicious executables. And again, that's a little bit, it's a bit newer, but we do have people running that in production today, proving that it really does work, and that eBPF is a scalable technology. It's, I've been fascinated by eBPF for years, and it's really amazing to see it being used in the real world now. >> So Liz, you're a maintainer on the Cilium project. Talk about the use of eBPF in the Cilium project. How is it contributing to cloud native security, and really helping to change the dials on that from an efficiency, from a performance perspective, as well as a, what's in it for me as a business perspective? >> So Cilium is probably best known as a networking plugin for Kubernetes. It, when you are running Kubernetes, you have to make a decision about some networking plugin that you're going to use. And Cilium is, it's an incubating project in the CNCF. It's the most mature of the different CNIs that's in the CNCF at the moment. As I say, very widely deployed. And right from day one, it was based on eBPF. And in fact some of the people who contribute to the eBPF platform within the kernel, are also working on the Cilium project. They've been kind of developed hand in hand for the last six, seven years. So really being able to bring some of that networking capability, it required changes in the kernel that have been put in place several years ago, so that now we can build these amazing tools for Kubernetes operators. So we are using eBPF to make the networking stack for Kubernetes and cloud native really efficient. We can bypass some of the parts of the network stack that aren't necessarily required in a cloud native deployment. We can use it to make these incredibly fast decisions about network policy. And we also have a sub-project called Tetragon, which is a newer part of the Cilium family which uses eBPF to observe these runtime events. The things like people opening a file, or changing the permissions on a file, or making a socket connection. All of these things that as a security engineer you are interested in. Who is running executables who is making network connections, who's accessing files, all of these operations are things that we can observe with Cilium Tetragon. >> I mean it's exciting. We've chatted in the past about that eBPF extended Berkeley Packet Filter, which is about the Linux kernel. And I bring that up Liz, because I think this is the trend I'm trying to understand with this event. It's, I hear bottoms up developer, developer first. It feels like it's an under the hood, infrastructure, security geek fest for practitioners, because Brian, in his keynote, mentioned BIND in reference the late Dan Kaminsky, who was, obviously found that error in BIND at the, in DNS. He mentioned DNS. There's a lot of things that's evolving at the silicone, kernel, kind of root levels of our infrastructure. This seems to be a major shift in focus and rightfully so. Is that something that you guys talk about, or is that coincidence, or am I just overthinking this point in terms of how nerdy it's getting in terms of the importance of, you know, getting down to the low level aspects of protecting everything. And as we heard also the quote was no software secure. (Liz chuckles) So that's up and down the stack of the, kind of the old model. What's your thoughts and reaction to that? >> Yeah, I mean I think a lot of folks who get into security really are interested in these kind of details. You know, you see write-ups of exploits and they, you know, they're quite often really involved, and really require understanding these very deep detailed technical levels. So a lot of us can really geek out about the details of that. The flip side of that is that as an application developer, you know, as- if you are working for a bank, working for a media company, you're writing applications, you shouldn't have to be worried about what's happening at the kernel level. This might be kind of geeky interesting stuff, but really, operationally, it should be taken care of for you. You've got your work cut out building business value in applications. So I think there's this interesting, kind of dual track going on almost, if you like, of the people who really want to get involved in those nitty gritty details, and understand how the underlying, you know, kernel level exploits maybe working. But then how do we make that really easy for people who are running clusters to, I mean like you said, nothing is ever secure, but trying to make things as secure as they can be easily, and make things visual, make things accessible, make things, make it easy to check whether or not you are compliant with whatever regulations you need to be compliant with. That kind of focus on making things usable for the platform team, for the application developers who deliver apps on the platform, that's the important (indistinct)- >> I noticed that the word expert was mentioned, I mentioned earlier with Priyanka. Was there a rationale on the 72 sessions, was there thinking around it or was it kind of like, these are urgent areas, they're obvious low hanging fruit. Was there, take us through the selection process of, or was it just, let's get 72 sessions going to get this (Liz laughs) thing moving? >> No, we did think quite carefully about how we wanted to, what the different focus areas we wanted to include. So we wanted to make sure that we were including things like governance and compliance, and that we talk about not just supply chain, which is clearly a very hot topic at the moment, but also to talk about, you know, threat detection, runtime security. And also really importantly, we wanted to have space to talk about education, to talk about how people can get involved. Because maybe when we talk about all these details, and we get really technical, maybe that's, you know, a bit scary for people who are new into the cloud native security space. We want to make sure that there are tracks and content that are accessible for newcomers to get involved. 'Cause, you know, given time they'll be just as excited about diving into those kind of kernel level details. But everybody needs a place to start, and we wanted to make sure there were conversations about how to get started in security, how to educate other members of your team in your organization about security. So hopefully there's something for everyone. >> That education piece- >> Liz, what's the- >> Oh sorry, Dave. >> What the buzz on on AI? We heard Dan talk about, you know, chatGPT, using it to automate spear phishing. There's always been this tension between security and speed to market, but CISOs are saying, "Hey we're going to a zero trust architecture and that's helping us move faster." Will, in your, is the talk on the floor, AI is going to slow us down a little bit until we figure it out? Or is it actually going to be used as an offensive defensive tool if I can use that angle? >> Yeah, I think all of the above. I actually had an interesting chat this morning. I was talking with Andy Martin from Control Plane, and we were talking about the risk of AI generated code that attempts to replicate what open source libraries already do. So rather than using an existing open source package, an organization might think, "Well, I'll just have my own version, and I'll have an AI write it for me." And I don't, you know, I'm not a lawyer so I dunno what the intellectual property implications of this will be, but imagine companies are just going, "Well you know, write me an SSL library." And that seems terrifying from a security perspective, 'cause there could be all sorts of very slightly different AI generated libraries that pick up the same vulnerabilities that exist in open source code. So, I think we're going to go through a pretty interesting period of vulnerabilities being found in AI generated code that look familiar, and we'll be thinking "Haven't we seen these vulnerabilities before? Yeah, we did, but they were previously in handcrafted code and now we'll see the same things being generated by AI." I mean, in the same way that if you look at an AI generated picture and it's got I don't know, extra fingers, or, you know, extra ears or something that, (Dave laughs) AI does make mistakes. >> So Liz, you talked about the education, the enablement, the 72 sessions, the importance of CloudNativeSecurityCon being its own event this year. What are your hopes and dreams for the practitioners to be able to learn from this event? How do you see the event as really supporting the growth, the development of the cloud native security community as a whole? >> Yeah, I think it's really important that we think of it as a Cloud Native Security community. You know, there are lots of interesting sort of hacker community security related community. Cloud native has been very community focused for a long time, and we really saw, particularly through the tag, the security tag, that there was this growing group of people who were, really wanted to work at that intersection between security and cloud native. And yeah, I think things are going really well this week so far, So I hope this is, you know, the first of many additions of this conference. I think it will also be interesting to see how the balance between a smaller, more focused event, compared to the giant KubeCon and cloud native cons. I, you know, I think there's space for both things, but whether or not there will be other smaller focus areas that want to stand alone and justify being able to stand alone as their own separate conferences, it speaks to the growth of cloud native in general that this is worthwhile doing. >> Yeah. >> It is, and what also speaks to, it reminds me of our tagline here at theCUBE, being able to extract the signal from the noise. Having this event as a standalone, being able to extract the value in it from a security perspective, that those practitioners and the community at large is going to be able to glean from these conversations is something that will be important, that we'll be keeping our eyes on. >> Absolutely. Makes sense for me, yes. >> Yeah, and I think, you know, one of the things, Lisa, that I want to get in, and if you don't mind asking Dave his thoughts, because he just did a breaking analysis on the security landscape. And Dave, you know, as Liz talking about some of these root level things, we talk about silicon advances, powering machine learning, we've been covering a lot of that. You've been covering the general security industry. We got RSA coming up reinforced with AWS, and as you see the cloud native developer first, really driving the standards of the super cloud, the multicloud, you're starting to see a lot more application focus around latency and kind of controlling that, These abstraction layer's starting to see a lot more growth. What's your take, Dave, on what Liz and- is talking about because, you know, you're analyzing the horses on the track, and there's sometimes the old guard security folks, and you got open source continuing to kick butt. And even on the ML side, we've been covering some of these foundation models, you're seeing a real technical growth in open source at all levels and, you know, you still got some proprietary machine learning stuff going on, but security's integrating all that. What's your take and your- what's your breaking analysis on the security piece here? >> I mean, to me the two biggest problems in cyber are just the lack of talent. I mean, it's just really hard to find super, you know, deep expertise and get it quickly. And I think the second is it's just, it's so many tools to deal with. And so the architecture of security is just this mosaic and a mess. That's why I'm excited about initiatives like eBPF because it does simplify things, and developers are being asked to do a lot. And I think one of the other things that's emerging is when you- when we talk about Industry 4.0, and IIoT, you- I'm seeing a lot of tools that are dedicated just to that, you know, slice of the world. And I don't think that's the right approach. I think that there needs to be a more comprehensive view. We're seeing, you know, zero trust architectures come together, and it's going to take some time, but I think that you're going to definitely see, you know, some rethinking of how to architect security. It's a game of whack-a-mole, but I think the industry is just- the technology industry is doing a really really good job of, you know, working hard to solve these problems. And I think the answer is not just another bespoke tool, it's a broader thinking around architectures and consolidating some of those tools, you know, with an end game of really addressing the problem in a more comprehensive fashion. >> Liz, in the last minute or so we have your thoughts on how automation and scale are driving some of these forcing functions around, you know, taking away the toil and the muck around developers, who just want stuff to be code, right? So infrastructure as code. Is that the dynamic here? Is this kind of like new, or is it kind of the same game, different kind of thing? (chuckles) 'Cause you're seeing a lot more machine learning, a lot more automation going on. What's, is that having an impact? What's your thoughts? >> Automation is one of the kind of fundamental underpinnings of cloud native. You know, we're expecting infrastructure to be written as code, We're expecting the platform to be defined in yaml essentially. You know, we are expecting the Kubernetes and surrounding tools to self-heal and to automatically scale and to do things like automated security. If we think about supply chain, you know, automated dependency scanning, think about runtime. Network policy is automated firewalling, if you like, for a cloud native era. So, I think it's all about making that platform predictable. Automation gives us some level of predictability, even if the underlying hardware changes or the scale changes, so that the application developers have something consistent and standardized that they can write to. And you know, at the end of the day, it's all about the business applications that run on top of this infrastructure >> Business applications and the business outcomes. Liz, we so appreciate your time talking to us about this inaugural event, CloudNativeSecurityCon 23. The value in it for those practitioners, all of the content that's going to be discussed and learned, and the growth of the community. Thank you so much, Liz, for sharing your insights with us today. >> Thanks for having me. >> For Liz Rice, John Furrier and Dave Vellante, I'm Lisa Martin. You're watching the Cube's coverage of CloudNativeSecurityCon 23. (electronic music)

>>Hello everyone and welcome back to Motor City, Michigan. We're live from the Cube and my name is Savannah Peterson. Joined this afternoon with my co-host John Ferer. John, how you doing? Doing >>Great. This next segment's gonna be awesome about application modernization, scaling pluses. This is what's gonna, how are the next generation software revolution? It's gonna be >>Fun. You know, it's kind of been a theme of our day today is scale. And when we think about the complex orchestration platform that is Kubernetes, everyone wants to scale faster, quicker, more efficiently, and our guests are here to tell us all about that. Please welcome to Char and Andy, thank you so much for being here with us. You were on the Red Hat OpenShift team. Yeah. I suspect most of our audience is familiar, but just in case, let's give 'em a quick one-liner pitch so everyone's on the same page. Tell us about OpenShift. >>I, I'll take that one. OpenShift is our ES platform is our ES distribution. You can consume it as a self-managed platform or you can consume it as a managed service on on public clouds. And so we just call it all OpenShift. So it's basically Kubernetes, but you know, with a CNCF ecosystem around it to make things more easier. So maybe there's two >>Lights. So what does being at coupon mean for you? How does it feel to be here? What's your initial takes? >>Exciting. I'm having a fantastic time. I haven't been to coupon since San Diego, so it's great to be back in person and see old friends, make new friends, have hallway conversations. It's, it's great as an engineer trying to work in this ecosystem, just being able to, to be in the same place with these folks. >>And you gotta ask, before we came on camera, you're like, this is like my sixth co con. We were like, we're seven, you know, But that's a lot of co coupons. It >>Is, yes. I mean, so what, >>Yes. >>Take us status >>For sure. Where we are now. Compare and contrast co. Your first co con, just scope it out. What's the magnitude of change? If you had to put a pin on that, because there's a lot of new people coming in, they might not have seen where it's come from and how we got here is maybe not how we're gonna get to the next >>Level. I've seen it grow tremendously since the first one I went to, which I think was Austin several years ago. And what's great is seeing lots of new people interested in contributing and also seeing end users who are trying to figure out the best way to take advantage of this great ecosystem that we have. >>Awesome. And the project management side, you get the keys to the Kingdom with Red Hat OpenShift, which has been successful. Congratulations by the way. Thank you. We watched that grow and really position right on the wave. It's going great. What's the update on on the product? Kind of, you're in a good, good position right now. Yeah, >>No, we we're feeling good about it. It's all about our customers. Obviously the fact that, you know, we have thousands of customers using OpenShift as the cloud native platform, the container platform. We're very excited. The great thing about them is that, I mean you can go to like OpenShift Commons is kind of a user group that we run on the first day, like on Tuesday we ran. I mean you should see the number of just case studies that our customers went through there, you know? And it is fantastic to see that. I mean it's across so many different industries, across so many different use cases, which is very exciting. >>One of the things we've been reporting here in the Qla scene before, but here more important is just that if you take digital transformation to the, to its conclusion, the IT department and developers, they're not a department to serve the business. They are the business. Yes. That means that the developers are deciding things. Yeah. And running the business. Prove their code. Yeah. Okay. If that's, if that takes place, you gonna have scale. And we also said on many cubes, certainly at Red Hat Summit and other ones, the clouds are distributed computer, it's distributed computing. So you guys are focusing on this project, Andy, that you're working on kcp. >>Yes. >>Which is, I won't platform Kubernetes platform for >>Control >>Planes. Control planes. Yes. Take us through, what's the focus on why is that important and why is that relate to the mission of developers being in charge and large scale? >>Sure. So a lot of times when people are interested in developing on Kubernetes and running workloads, they need a cluster of course. And those are not cheap. It takes time, it takes money, it takes resources to get them. And so we're trying to make that faster and easier for, for end users and everybody involved. So with kcp, we've been able to take what looks like one normal Kubernetes and partition it. And so everybody gets a slice of it. You're an administrator in your little slice and you don't have to ask for permission to install new APIs and they don't conflict with anybody else's APIs. So we're really just trying to make it super fast and make it super flexible. So everybody is their own admin. >>So the developer basically looks at it as a resource blob. They can do whatever they want, but it's shared and provisioned. >>Yes. One option. It's like, it's like they have their own cluster, but you don't have to go through the process of actually provisioning a full >>Cluster. And what's the alternative? What's the what's, what's the, what's the benefit and what was the alternative to >>This? So the alternative, you spin up a full cluster, which you know, maybe that's three control plane nodes, you've got multiple workers, you've got a bunch of virtual machines or bare metal, or maybe you take, >>How much time does that take? Just ballpark. >>Anywhere from five minutes to an hour you can use cloud services. Yeah. Gke, E Ks and so on. >>Keep banging away. You're configuring. Yeah. >>Those are faster. Yeah. But it's still like, you still have to wait for that to happen and it costs money to do all of that too. >>Absolutely. And it's complex. Why do something that's been done, if there's a tool that can get you a couple steps down the path, which makes a ton of sense. Something that we think a lot when we're talking about scale. You mentioned earlier, Tohar, when we were chatting before the cams were alive, scale means a lot of different things. Can you dig in there a little bit? >>Yeah, I >>Mean, so when, when >>We talk about scale, >>We are talking about from a user perspective, we are talking about, you know, there are more users, there are more applications, there are more workloads, there are more services being run on Kubernetes now, right? So, and OpenShift. So, so that's one dimension of this scale. The other dimension of the scale is how do you manage all the underlying infrastructure, the clusters, the name spaces, and all the observability data, et cetera. So that's at least two levels of scale. And then obviously there's a third level of scale, which is, you know, there is scale across not just different clouds, but also from cloud to the edge. So there is that dimension of scale. So there are several dimensions of this scale. And the one that again, we are focused on here really is about, you know, this, the first one that I talk about is a user. And when I say user, it could be a developer, it could be an application architect, or it could be an application owner who wants to develop Kubernetes applications for Kubernetes and wants to publish those APIs, if you will, and make it discoverable and then somebody consumes it. So that's the scale we are talking about >>Here. What are some of the enterprise, you guys have a lot of customers, we've talked to you guys before many, many times and other subjects, Red Hat, I mean you guys have all the customers. Yeah. Enterprise, they've been there, done that. And you know, they're, they're savvy. Yeah. But the cloud is a whole nother ballgame. What are they thinking about? What's the psychology of the customer right now? Because now they have a lot of choices. Okay, we get it, we're gonna re-platform refactor apps, we'll keep some legacy on premises for whatever reasons. But cloud pretty much is gonna be the game. What's the mindset right now of the customer base? Where are they in their, in their psych? Not the executive, but more of the the operators or the developers? >>Yeah, so I mean, first of all, different customers are at different levels of maturity, I would say in this. They're all on a journey how I like to describe it. And in this journey, I mean, I see a customers who are really tip of the sphere. You know, they have containerized everything. They're cloud native, you know, they use best of tools, I mean automation, you know, complete automation, you know, quick deployment of applications and all, and life cycle of applications, et cetera. So that, that's kind of one end of this spectrum >>Advanced. Then >>The advances, you know, and, and I, you know, I don't, I don't have any specific numbers here, but I'd say there are quite a few of them. And we see that. And then there is kind of the middle who are, I would say, who are familiar with containers. They know what app modernization, what a cloud application means. They might have tried a few. So they are in the journey. They are kind of, they want to get there. They have some other kind of other issues, organizational or talent and so, so on and so forth. Kinds of issues to get there. And then there are definitely the quota, what I would call the lag arts still. And there's lots of them. But I think, you know, Covid has certainly accelerated a lot of that. I hear that. And there is definitely, you know, more, the psychology is definitely more towards what I would say public cloud. But I think where we are early also in the other trend that I see is kind of okay, public cloud great, right? So people are going there, but then there is the so-called edge also. Yeah. That is for various regions. You, you gotta have a kind of a regional presence, a edge presence. And that's kind of the next kind of thing taking off here. And we can talk more >>About it. Yeah, let's talk about that a little bit because I, as you know, as we know, we're very excited about Edge here at the Cube. Yeah. What types of trends are you seeing? Is that space emerges a little bit more firmly? >>Yeah, so I mean it's, I mean, so we, when we talk about Edge, you're talking about, you could talk about Edge as a, as a retail, I mean locations, right? >>Could be so many things edges everywhere. Everywhere, right? It's all around us. Quite literally. Even on the >>Scale. Exactly. In space too. You could, I mean, in fact you mentioned space. I was, I was going to >>Kinda, it's this world, >>My space actually Kubernetes and OpenShift running in space, believe it or not, you know, So, so that's the edge, right? So we have Industrial Edge, we have Telco Edge, we have a 5g, then we have, you know, automotive edge now and, and, and retail edge and, and more, right? So, and space, you know, So it's very exciting there. So the reason I tag back to that question that you asked earlier is that that's where customers are. So cloud is one thing, but now they gotta also think about how do I, whatever I do in the cloud, how do I bring it to the edge? Because that's where my end users are, my customers are, and my data is, right? So that's the, >>And I think Kubernetes has brought that attention to the laggards. We had the Laed Martin on yesterday, which is an incredible real example of Kubernetes at the edge. It's just incredible story. We covered it also wrote a story about it. So compelling. Cuz it makes it real. Yes. And Kubernetes is real. So then the question is developer productivity, okay, Things are starting to settle in. We've got KCP scaling clusters, things are happening. What about the tool chains? And how do I develop now I got scale of development, more code coming in. I mean, we are speculating that in the future there's so much code in open source that no one has to write code anymore. Yeah. At some point it's like this gluing things together. So the developers need to be productive. How are we gonna scale the developer equation and eliminate the, the complexity of tool chains and environments. Web assembly is super hyped up at this show. I don't know why, but sounds good. No one, no one can tell me why, but I can kind of connect the dots. But this is a big thing. >>Yeah. And it's fitting that you ask about like no code. So we've been working with our friends at Cross Plain and have integrated with kcp the ability to no code, take a whole bunch of configuration and say, I want a database. I want to be a, a provider of databases. I'm in an IT department, there's a bunch of developers, they don't wanna have to write code to create databases. So I can just take, take my configuration and make it available to them. And through some super cool new easy to use tools that we have as a developer, you can just say, please give me a database and you don't have to write any code. I don't have to write any code to maintain that database. I'm actually using community tooling out there to get that spun up. So there's a lot of opportunities out there. So >>That's ease of use check. What about a large enterprise that's got multiple tool chains and you start having security issues. Does that disrupt the tool chain capability? Like there's all those now weird examples emerging, not weird, but like real plumbing challenges. How do you guys see that evolving with Red >>Hat and Yeah, I mean, I mean, talking about that, right? The software, secure software supply chain is a huge concern for everyone after, especially some of the things that have happened in the past few >>Years. Massive team here at the show. Yeah. And just within the community, we're all a little more aware, I think, even than we were before. >>Before. Yeah. Yeah. And, and I think the, so to step back, I mean from, so, so it's not just even about, you know, run time vulnerability scanning, Oh, that's important, but that's not enough, right? So we are talking about, okay, how did that container, or how did that workload get there? What is that workload? What's the prominence of this workload? How did it get created? What is in it? You know, and what, what are, how do I make, make sure that there are no unsafe attack s there. And so that's the software supply chain. And where Red Hat is very heavily invested. And as you know, with re we kind of have roots in secure operating system. And rel one of the reasons why Rel, which is the foundation of everything we do at Red Hat, is because of security. So an OpenShift has always been secure out of the box with things like scc, rollbacks access control, we, which we added very early in the product. >>And now if you kind of bring that forward, you know, now we are talking about the complete software supply chain security. And this is really about right how from the moment the, the, the developer rights code and checks it into a gateway repository from there on, how do you build it? How do you secure it at each step of the process, how do you sign it? And we are investing and contributing to the community with things like cosign and six store, which is six store project. And so that secures the supply chain. And then you can use things like algo cd and then finally we can do it, deploy it onto the cluster itself. And then we have things like acs, which can do vulnerability scanning, which is a container security platform. >>I wanna thank you guys for coming on. I know Savannah's probably got a last question, but my last question is, could you guys each take a minute to answer why has Kubernetes been so successful today? What, what was the magic of Kubernetes that made it successful? Was it because no one forced it? Yes. Was it lightweight? Was it good timing, right place at the right time community? What's the main reason that Kubernetes is enabling all this, all this shift and goodness that's coming together, kind of defacto unifies people, the stacks, almost middleware markets coming around. Again, not to use that term middleware, but it feels like it's just about to explode. Yeah. Why is this so successful? I, >>I think, I mean, the shortest answer that I can give there really is, you know, as you heard the term, I think Satya Nala from Microsoft has used it. I don't know if he was the original person who pointed, but every company wants to be a software company or is a software company now. And that means that they want to develop stuff fast. They want to develop stuff at scale and develop at, in a cloud native way, right? You know, with the cloud. So that's, and, and Kubernetes came at the right time to address the cloud problem, especially across not just one public cloud or two public clouds, but across a whole bunch of public clouds and infrastructure as, and what we call the hybrid clouds. I think the ES is really exploded because of hybrid cloud, the need for hybrid cloud. >>And what's your take on the, the magic Kubernetes? What made it, what's making it so successful? >>I would agree also that it came about at the right time, but I would add that it has great extensibility and as developers we take it advantage of that every single day. And I think that the, the patterns that we use for developing are very consistent. And I think that consistency that came with Kubernetes, just, you have so many people who are familiar with it and so they can follow the same patterns, implement things similarly, and it's just a good fit for the way that we want to get our software out there and have, and have things operate. >>Keep it simple, stupid almost is that acronym, but the consistency and the de facto alignment Yes. Behind it just created a community. So, so then the question is, are the developers now setting the standards? That seems like that's the new way, right? I mean, >>I'd like to think so. >>So I mean hybrid, you, you're touching everything at scale and you also have mini shift as well, right? Which is taking a super macro micro shift. You ma micro shift. Oh yeah, yeah, exactly. It is a micro shift. That is, that is fantastic. There isn't a base you don't cover. You've spoken a lot about community and both of you have, and serving the community as well as your engagement with them from a, I mean, it's given that you're both leaders stepping back, how, how Community First is Red Hat and OpenShift as an organization when it comes to building the next products and, and developing. >>I'll take and, and I'm sure Andy is actually the community, so I'm sure he'll want to a lot of it. But I mean, right from the start, we have roots in open source. I'll keep it, you know, and, and, and certainly with es we were one of the original contributors to Kubernetes other than Google. So in some ways we think about as co-creators of es, they love that. And then, yeah, then we have added a lot of things in conjunction with the, I I talk about like SCC for Secure, which has become part security right now, which the community, we added things like our back and other what we thought were enterprise features needed because we actually wanted to build a product out of it and sell it to customers where our customers are enterprises. So we have worked with the community. Sometimes we have been ahead of the community and we have convinced the community. Sometimes the community has been ahead of us for other reasons. So it's been a great collaboration, which is I think the right thing to do. But Andy, as I said, >>Is the community well set too? Are well said. >>Yes, I agree with all of that. I spend most of my days thinking about how to interact with the community and engage with them. So the work that we're doing on kcp, we want it to be a community project and we want to involve as many people as we can. So it is a heavy focus for me and my team. And yeah, we we do >>It all the time. How's it going? How's the project going? You feel good >>About it? I do. It is, it started as an experiment or set of prototypes and has grown leaps and bounds from it's roots and it's, it's fantastic. Yeah. >>Controlled planes are hot data planes control planes. >>I >>Know, I love it. Making things work together horizontally scalable. Yeah. Sounds like cloud cloud native. >>Yeah. I mean, just to add to it, there are a couple of talks that on KCP at Con that our colleagues s Stephan Schemanski has, and I, I, I would urge people who have listening, if they have, just Google it, if you will, and you'll get them. And those are really awesome talks to get more about >>It. Oh yeah, no, and you can tell on GitHub that KCP really is a community project and how many people are participating. It's always fun to watch the action live to. Sure. Andy, thank you so much for being here with us, John. Wonderful questions this afternoon. And thank all of you for tuning in and listening to us here on the Cube Live from Detroit. I'm Savannah Peterson. Look forward to seeing you again very soon.

>>Hey guys. Welcome back to the Cubes coverage of Ansible Fast 2022. This is day two of our wall to wall coverage. Lisa Martin here with John Ferer. John, we're seeing this world where companies are saying if we can't automate it, we need to, The automation market is transforming. There's been a lot of buzz about that. A lot of technical chops here at Ansible Fest. >>Yeah, I mean, we've got a great guest here coming on Cuba alumni, Dean Newman, future room. He travels every event he's got. He's got his nose to the grindstone ear to the ground. Great analysis. I mean, we're gonna get into why it's important. How does Ansible fit into the big picture? It's really gonna be a great segment. The >>Board do it well, John just did my job for me about, I'll introduce him again. Daniel Newman, one of our alumni is Back Principal Analyst at Future and Research. Great to have you back on the cube. >>Yeah, it's good to join you. Excited to be back in Chicago. I don't know if you guys knew this, but for 40 years, this was my hometown. Now I don't necessarily brag about that anymore. I'm, I live in Austin now. I'm a proud Texan, but I did grow up here actually out in the west suburbs. I got off the plane, I felt the cold air, and I almost turned around and said, Does this thing go back? Yeah. Cause I'm, I've, I've grown thin skin. It did not take me long. I, I like the warm, Come on, >>I'm the saying, I'm from California and I got off the plane Monday. I went, Whoa, I need a coat. And I was in Miami a week ago and it was 85. >>Oh goodness. >>Crazy. So you just flew in. Talk about what's going on, your take on, on Ansible. We've talked a lot with the community, with partners, with customers, a lot of momentum. The flywheel of the community is going around and round and round. What are some of your perspectives that you see? >>Yeah, absolutely. Well, let's you know, I'm gonna take a quick step back. We're entering an era where companies are gonna have to figure out how to do more with less. Okay? We've got exponential data growth, we've got more architectural complexity than ever before. Companies are trying to discern how to deal with many different environments. And just at a macro level, Red Hat is one of the companies that is almost certainly gonna be part of this multi-cloud hybrid cloud era. So that should initially give a lot of confidence to the buying group that are looking at how to automate their environments. You're automating workflows, but really with, with Ansible, we're focused on automating it, automating the network. So as companies are kind of dig out, we're entering this recessionary period, Okay, we're gonna call it what it is. The first thing that they're gonna look at is how do we tech our way out of it? >>I had a wonderful one-on-one conversation with ServiceNow ceo, Bill McDermott, and we saw ServiceNow was in focus this morning in the initial opening session. This is the integration, right? Ansible integrating with ServiceNow. What we need to see is infrastructure automation, layers and applications working in concert to basically enable enterprises to be up and running all the time. Let's first fix the problems that are most common. Let's, let's automate 'em, let's script them. And then at some point, let's have them self resolving, which we saw at the end with Project Wisdom. So as I see it, automation is that layer that enterprises, boards, technologists, all can agree upon are basically here's something that can make our business more efficient, more profitable, and it's gonna deal with this short term downturn in a way that tech is actually gonna be the answer. Just like Bill and I said, let's tech our way out of it. >>If you look at the Red Hat being bought by ibm, you see Project Wisdom Project, not a product, it's a project. Project Wisdom is the confluence of research and practitioners kind of coming together with ai. So bringing AI power to the Ansible is interesting. Red Hat, Linux, Rel OpenShift, I mean, Red Hat's kind of position, isn't it? Kind of be in that right spot where a puck might be coming maybe. I mean, what do you think? >>Yeah, as analysts, we're really good at predicting the, the recent past. It's a joke I always like to make, but Red Hat's been building toward the future. I think for some time. Project Wisdom, first of all, I was very encouraged with it. One of the things that many people in the market probably have commented on is how close is IBM in Red Hat? Now, again, it's a $34 billion acquisition that was made, but boy, the cultures of these two companies couldn't be more different. And of course, Red Hat kind of carries this, this sort of middle ground layer where they provide a lot of value in services to companies that maybe don't use IBM at, at, for the public cloud especially. This was a great indication of how you can take the power of IBM's research, which of course has some of the world's most prolific data scientists, engineers, building things for the future. >>You know, you see things like yesterday they launched a, you know, an AI solution. You know, they're building chips, semiconductors, and technologies that are gonna power the future. They're building quantum. Long story short, they have these really brilliant technologists here that could be adding value to Red Hat. And I don't know that the, the world has fully been able to appreciate that. So when, when they got on stage and they kind of say, Here's how IBM is gonna help power the next generation, I was immediately very encouraged by the fact that the two companies are starting to show signs of how they can collaborate to offer value to their customers. Because of course, as John kind of started off with, his question is, they've kind of been where the puck is going. Open source, Linux hybrid cloud, This is the future. In the future. Every company's multi-cloud. And I said in a one-on-one meeting this morning, every company is going to probably have workloads on every cloud, especially large enterprises. >>Yeah. And I think that the secret's gonna be how do you make that evolve? And one of the things that's coming out of the industry over the years, and looking back as historians, we would say, gotta have standards. Well, with cloud, now people standards might slow things down. So you're gonna start to figure out how does the community and the developers are thinking it'll be the canary in the coal mine. And I'd love to get your reaction on that, because we got Cuban next week. You're seeing people kind of align and try to win the developers, which, you know, I always laugh cuz like, you don't wanna win, you want, you want them on your team, but you don't wanna win them. It's like a, it's like, so developers will decide, >>Well, I, I think what's happening is there are multiple forces that are driving product adoption. And John, getting the developers to support the utilization and adoption of any sort of stack goes a long way. We've seen how sticky it can be, how sticky it is with many of the public cloud pro providers, how sticky it is with certain applications. And it's gonna be sticky here in these interim layers like open source automation. And Red Hat does have a very compelling developer ecosystem. I mean, if you sat in the keynote this morning, I said, you know, if you're not a developer, some of this stuff would've been fairly difficult to understand. But as a developer you saw them laughing at jokes because, you know, what was it the whole part about, you know, it didn't actually, the ping wasn't a success, right? And everybody started laughing and you know, I, I was sitting next to someone who wasn't technical and, and you know, she kinda goes, What, what was so funny? >>I'm like, well, he said it worked. Do you see that? It said zero data trans or whatever that was. So, but if I may just really quickly, one, one other thing I did wanna say about Project Wisdom, John, that the low code and no code to the full stack developer is a continuum that every technology company is gonna have to think deeply about as we go to the future. Because the people that tend to know the process that needs to be automated tend to not be able to code it. And so we've seen every automation company on the planet sort of figuring out and how to address this low code, no code environment. I think the power of this partnership between IBM Research and Red Hat is that they have an incredibly deep bench of capabilities to do things like, like self-training. Okay, you've got so much data, such significant size models and accuracy is a problem, but we need systems that can self teach. They need to be able self-teach, self learn, self-heal so that we can actually get to the crux of what automation is supposed to do for us. And that's supposed to take the mundane out and enable those humans that know how to code to work on the really difficult and hard stuff because the automation's not gonna replace any of that stuff anytime soon. >>So where do you think looking at, at the partnership and the evolution of it between IBM research and Red Hat, and you're saying, you know, they're, they're, they're finally getting this synergy together. How is it gonna affect the future of automation and how is it poised to give them a competitive advantage in the market? >>Yeah, I think the future or the, the competitive space is that, that is, is ecosystems and integration. So yesterday you heard, you know, Red Hat Ansible focusing on a partnership with aws. You know, this week I was at Oracle Cloud world and they're talking about running their database in aws. And, and so I'm kind of going around to get to the answer to your question, but I think collaboration is sort of the future of growth and innovation. You need multiple companies working towards the same goal to put gobs of resources, that's the technical term, gobs of resources towards doing really hard things. And so Ansible has been very successful in automating and securing and focusing on very certain specific workloads that need to be automated, but we need more and there's gonna be more data created. The proliferation, especially the edge. So you saw all this stuff about Rockwell, How do you really automate the edge at scale? You need large models that are able to look and consume a ton of data that are gonna be continuously learning, and then eventually they're gonna be able to deliver value to these companies at scale. IBM plus Red Hat have really great resources to drive this kind of automation. Having said that, I see those partnerships with aws, with Microsoft, with ibm, with ServiceNow. It's not one player coming to the table. It's a lot of players. They >>Gotta be Switzerland. I mean they have the Switzerland. I mean, but the thing about the Amazon deal is like that marketplace integration essentially puts Ansible once a client's in on, on marketplace and you get the central on the same bill. I mean, that's gonna be a money maker for Ansible. I >>Couldn't agree more, John. I think being part of these public cloud marketplaces is gonna be so critical and having Ansible land and of course AWS largest public cloud by volume, largest marketplace today. And my opinion is that partnership will be extensible to the other public clouds over time. That just makes sense. And so you start, you know, I think we've learned this, John, you've done enough of these interviews that, you know, you start with the biggest, with the highest distribution and probability rates, which in this case right now is aws, but it'll land on in Azure, it'll land in Google and it'll continue to, to grow. And that kind of adoption, streamlining make it consumption more consumable. That's >>Always, I think, Red Hat and Ansible, you nailed it on that whole point about multicloud, because what happens then is why would I want to alienate a marketplace audience to use my product when it could span multiple environments, right? So you saw, you heard that Stephanie yesterday talk about they, they didn't say multiple clouds, multiple environments. And I think that is where I think I see this layer coming in because some companies just have to work on all clouds. That's the way it has to be. Why wouldn't you? >>Yeah. Well every, every company will probably end up with some workloads in every cloud. I just think that is the fate. Whether it's how we consume our SaaS, which a lot of people don't think about, but it always tends to be running on another hyperscale public cloud. Most companies tend to be consuming some workloads from every cloud. It's not always direct. So they might have a single control plane that they tend to lead the way with, but that is only gonna continue to change. And every public cloud company seems to be working on figuring out what their niche is. What is the one thing that sort of drives whether, you know, it is, you know, traditional, we know the commoditization of traditional storage network compute. So now you're seeing things like ai, things like automation, things like the edge collaboration tools, software being put into the, to the forefront because it's a different consumption model, it's a different margin and economic model. And then of course it gives competitive advantages. And we've seen that, you know, I came back from Google Cloud next and at Google Cloud next, you know, you can see they're leaning into the data AI cloud. I mean, that is their focus, like data ai. This is how we get people to come in and start using Google, who in most cases, they're probably using AWS or Microsoft today. >>It's a great specialty cloud right there. That's a big use case. I can run data on Google and run something on aws. >>And then of course you've got all kinds of, and this is a little off topic, but you got sovereignty, compliance, regulatory that tends to drive different clouds over, you know, global clouds like Tencent and Alibaba. You know, if your workloads are in China, >>Well, this comes back down at least to the whole complexity issue. I mean, it has to get complex before it gets easier. And I think that's what we're seeing companies opportunities like Ansible to be like, Okay, tame, tame the complexity. >>Yeah. Yeah, I totally agree with you. I mean, look, when I was watching the demonstrations today, my take is there's so many kind of simple, repeatable and mundane tasks in everyday life that enterprises need to, to automate. Do that first, you know? Then the second thing is working on how do you create self-healing, self-teaching, self-learning, You know, and, and I realize I'm a little broken of a broken record at this, but these are those first things to fix. You know, I know we want to jump to the future where we automate every task and we have multi-term conversational AI that is booking our calendars and driving our cars for us. But in the first place, we just need to say, Hey, the network's down. Like, let's make sure that we can quickly get access back to that network again. Let's make sure that we're able to reach our different zones and locations. Let's make sure that robotic arm is continually doing the thing it's supposed to be doing on the schedule that it's been committed to. That's first. And then we can get to some of these really intensive deep metaverse state of automation that we talk about. Self-learning, data replication, synthetic data. I'm just gonna throw terms around. So I sound super smart. >>In your customer conversations though, from an looking at the automation journey, are you finding most of them, or some percentage is, is wanting to go directly into those really complex projects rather than starting with the basics? >>I don't know that you're, you're finding that the customers want to do that? I think it's the architecture that often ends up being a problem is we as, as the vendor side, will tend to talk about the most complex problems that they're able to solve before companies have really started solving the, the immediate problems that are before them. You know, it's, we talk about, you know, the metaphor of the cloud is a great one, but we talk about the cloud, like it's ubiquitous. Yeah. But less than 30% of our workloads are in the public cloud. Automation is still in very early days and in many industries it's fairly nascent. And doing things like self-healing networks is still something that hasn't even been able to be deployed on an enterprise-wide basis, let alone at the industrial layer. Maybe at the company's on manufacturing PLAs or in oil fields. Like these are places that have difficult to reach infrastructure that needs to be running all the time. We need to build systems and leverage the power of automation to keep that stuff up and running. That's, that's just business value, which by the way is what makes the world go running. Yeah. Awesome. >>A lot of customers and users are struggling to find what's the value in automating certain process, What's the ROI in it? How do you help them get there so that they understand how to start, but truly to make it a journey that is a success. >>ROI tends to be a little bit nebulous. It's one of those things I think a lot of analysts do. Things like TCO analysis Yeah. Is an ROI analysis. I think the businesses actually tend to know what the ROI is gonna be because they can basically look at something like, you know, when you have an msa, here's the downtime, right? Business can typically tell you, you know, I guarantee you Amazon could say, Look for every second of downtime, this is how much commerce it costs us. Yeah. A company can generally say, if it was, you know, we had the energy, the windmills company, like they could say every minute that windmill isn't running, we're creating, you know, X amount less energy. So there's a, there's a time value proposition that companies can determine. Now the question is, is about the deployment. You know, we, I've seen it more nascent, like cybersecurity can tend to be nascent. >>Like what does a breach cost us? Well there's, you know, specific costs of actually getting the breach cured or paying for the cybersecurity services. And then there's the actual, you know, ephemeral costs of brand damage and of risks and customer, you know, negative customer sentiment that potentially comes out of it. With automation, I think it's actually pretty well understood. They can look at, hey, if we can do this many more cycles, if we can keep our uptime at this rate, if we can reduce specific workforce, and I'm always very careful about this because I don't believe automation is about replacement or displacement, but I do think it is about up-leveling and it is about helping people work on things that are complex problems that machines can't solve. I mean, said that if you don't need to put as many bodies on something that can be immediately returned to the organization's bottom line, or those resources can be used for something more innovative. So all those things are pretty well understood. Getting the automation to full deployment at scale, though, I think what often, it's not that roi, it's the timeline that gets misunderstood. Like all it projects, they tend to take longer. And even when things are made really easy, like with what Project Wisdom is trying to do, semantically enable through low code, no code and the ability to get more accuracy, it just never tends to happen quite as fast. So, but that's not an automation problem, That's just the crux of it. >>Okay. What are some of the, the next things on your plate? You're quite a, a busy guy. We, you, you were at Google, you were at Oracle, you're here today. What are some of the next things that we can expect from Daniel Newman? >>Oh boy, I moved Really, I do move really quickly and thank you for that. Well, I'm very excited. I'm taking a couple of work personal days. I don't know if you're a fan, but F1 is this weekend. I'm the US Grand Prix. Oh, you're gonna Austin. So I will be, I live in Austin. Oh. So I will be in Austin. I will be at the Grand Prix. It is work because it, you know, I'm going with a number of our clients that have, have sponsorships there. So I'll be spending time figuring out how the data that comes off of these really fun cars is meaningfully gonna change the world. I'll actually be talking to Splunk CEO at the, at the race on Saturday morning. But yeah, I got a lot of great things. I got a, a conversation coming up with the CEO of Twilio next week. We got a huge week of earnings ahead and so I do a lot of work on that. So I'll be on Bloomberg next week with Emily Chang talking about Microsoft and Google. Love talking to Emily, but just as much love being here on, on the queue with you >>Guys. Well we like to hear that. Who you're rooting for F one's your favorite driver. I, >>I, I like Lando. Do you? I'm Norris. I know it's not necessarily a fan favorite, but I'm a bit of a McLaren guy. I mean obviously I have clients with Oracle and Red Bull with Ball Common Ferrari. I've got Cly Splunk and so I have clients in all. So I'm cheering for all of 'em. And on Sunday I'm actually gonna be in the Williams Paddock. So I don't, I don't know if that's gonna gimme me a chance to really root for anything, but I'm always, always a big fan of the underdog. So maybe Latifi. >>There you go. And the data that comes off the how many central unbeliev, the car, it's crazy's. Such a scientific sport. Believable. >>We could have Christian, I was with Christian Horner yesterday, the team principal from Reside. Oh yeah, yeah. He was at the Oracle event and we did a q and a with him and with the CMO of, it's so much fun. F1 has been unbelievable to watch the momentum and what a great, you know, transitional conversation to to, to CX and automation of experiences for fans as the fan has grown by hundreds of percent. But just to circle back full way, I was very encouraged with what I saw today. Red Hat, Ansible, IBM Strong partnership. I like what they're doing in their expanded ecosystem. And automation, by the way, is gonna be one of the most robust investment areas over the next few years, even as other parts of tech continue to struggle that in cyber security. >>You heard it here. First guys, investment in automation and cyber security straight from two analysts. I got to sit between. For our guests and John Furrier, I'm Lisa Martin, you're watching The Cube Live from Chicago, Ansible Fest 22. John and I will be back after a short break. SO'S stick around.

(upbeat music) >> Hey everyone, welcome back to Chicago theCUBE is live on the floor at AnsibleFest 2022, the first in-person Ansible event that we've covered since 2019. Lisa Martin here with John Furrier. John, great to be here. There's about 1400 to 1500 people here in person, the partner ecosystem is growing and evolving, and that's going to be one of the themes of our next conversation. >> CloudScale is continuing to change the ecosystem, and this segment with AWS is going to be awesome. >> Exactly, we've got one of our alumni back with us, Stefanie Chiras joins us again, senior vice president, partner ecosystem success at Red Hat. and Manasi Jagannatha is also here Global Alliance Manager at AWS. Ladies, welcome to the program. >> Both: Thank you. >> Manasi: Nice to be here. >> Stefanie: Yeah. >> So some exciting news that came out. First of all was great to see you on stage. >> Thank you. >> In front of a live audience. The community is, you talked about this before we went live. The Ansible is nothing, if not the community. So I can only imagine how great that felt to be on stage in front of live bodies announcing the next step with Ansible and AWS. Tell us about that. >> I mean, you can't compete with the energy that comes from a live event. And I remember the first AnsibleFest I came to, it's just this electric feeling born out of the community, born out of collaboration and getting together feeds that collaboration in a way that like nothing else. >> Lisa: Can't do it by video alone. >> You cannot. And so it was so fun cuz today was big news. We announced that Ansible will be available through the AWS marketplace, the next step in our partnership journey. And we've been hearing like most of our announcements, we do these because customers ask for them. And that's really what is key. And the combination of what Red Hat brings to the table and what AWS brings to the table. That's what underpins this announcement this morning. >> Talk about it from a customer demand perspective and how you are not only meeting customers where they are, but you're speaking their language. >> Manasi: Yeah. >> Yeah, there's a couple of aspects and then I want to pass it to Manasi because nothing speaks better than a customer experience. But the specifics I think of what come together is this is where technology, procurement, experience, accessibility all come together. And it took both of us in order to do that. But we actually talked about a great example today, the TransUnion. >> So we have TransUnion, they are a credit reporting company and they're a giant customer. They use RHEL, they use AWS services. So while they were transitioning to the cloud, the first thing they wanted to know was compliance, right? Like, how do we have guardrails around compliance? That was a key feature for them. And then the other piece was how do we scale without increasing the complexity? And then the critical piece was being able to integrate with the depth of AWS services without having to do it over and over again. So what TransUnion did was they basically integrated Ansible automation platform with the AWS Cloud Control API that gave them the flexibility To basically integrate with what, 200 plus services? And it's amazing to see them grow over time. >> What's interesting is that Amazon, obviously cloud has been awesome. We've been covering it since the beginning. DevOps infrastructures code was the dream. Now it's app says code, you have configuration code before that. As cloud goes next level here, we're starting to see a lot more higher level services on AWS being adopted by customers. And so I want to get into how the marketplace deal works. So what's in it for the customer? Because as they bring Ansible across the enterprise and edge, now we're seeing that develop. If I'm the customer, am I buying it through the marketplace? What's the mechanics of the deal? Can I just tap into the bill, explain the marketplace workflow or how it works? >> Yeah, I'd love to do that. So customers come to the marketplace for three key benefits, right? Like one is the consumption based model, pay as you go, you can get hourly, annual, and spot instances. For some services you even get per second billing, right? Like, that's amazing, that's one. And then the other piece is John and Stefanie, as you know, customers would love to draw down on their EDPs, right? Like they want a single- >> EDPs, explain that with acronym. >> It's enterprise discount program. So they want a single bill where they can use third party services and AWS services and they don't have to go through the hustle of saying, "Hey, let me combine all these different pieces." So combining that, and of course the power of Ansible, right? Like customers love Ansible, they've built playbooks. The beauty of it is whatever you want to build on AWS, there is most likely a playbook or a module that already exists. So they can just tap into that and build into- >> Operationally it's a purchasing through marketplace. >> And you know, I mean, being an engineer myself, we always often get caught up in the technology aspect. Like what's the greatest technology? And everyone, as Manasi said, everyone loves the technology of Ansible, but the procurement aspect is also so important. And this is where I think this partnership really comes together. It is natively, Ansible is now, natively integrated into AWS billing. So one bill, you go and you log in. Now you have a Red Hat subscription, you get all the benefits from Red Hat that comes along with that subscription. But the like Ansible is all about simplicity. This brings simplicity to that procurement model and it allows you to scale within your AWS cloud environment that you have set up. And as Manasi mentioned, pull in those other native services from AWS. It's Great. >> It's interesting one of the things that buzzword Lisa and I were just talking as in the industry is the word multiplayer. I've heard people say that's multiplayer software, kind of a gaming analogy. But what you guys are doing is setting up, once they go with Ansible in the marketplace, they're just buying as things get more collaborative off the marketplace. So it kind of streamlines, if I get this right. >> Stefanie: Yep. >> The purchasing process. So they're already in, they just use it's on the bill. Is that kind of how it works? >> Yep. >> Absolutely done, yeah. >> So it the customer has a partnership with us more on the technology side and this particular case and with AWS and the procurement side, it brings that together. >> So multiplayer software, is it multiplayer software? >> We like to talk about multi-partner solutions and I think this provides a new grounding for other partners to come in and build upon that with their services capabilities, with their other technology capabilities. So well clearly in my world, we talk about multi-partner. (both laughs) >> Well, what you're doing is empowering the developers. I know that Red Hat is one of its goals is let's make things much more seamless, much smoother for the developers as the buyer's journey has changed. And John, you've talked about that quite a bit. You're empowering those buyers to actually have a much simpler, streamlined process and to be able to start seeing automation become democratized across organizations. >> Yeah, and one of the things I love about the announcement as well is it pulls in the other values of Ansible automation platform in that simplicity model that you mentioned with like things like certified collections, certified collections that have been built by partners. We have built certified collections, to go along with this offering as well as part of the AWS offering that pulls in these other partner engagements together. And as you said, democratizes not only what we've done together, but what we've done with other partners together. >> Lisa: Right. >> Yeah. >> Can you kind of talk kind of about the depths of the partnership, the co-engineering, and sort of the evolution and the customer involvement in the expansion of the partnership? >> Yeah, I'd love to walk you through that. So we've had a longstanding partnership coming up on 15 years now Stefanie, can you believe it? >> Stefanie: Yeah. (laughs) >> 15 years we've been building, to give you some historical context, right? In back in 2008 we launched RHEL and in 2015 we supported SAP workloads on RHEL. And then the list goes on, right? Like we've been launching Graviton instances, Arm instances, Nitro. The key to be noted here is that every new instance Launch, RHEL has always been supported on day one, right? Like that's been our motto. So that's one. And then in 2021, as you know, we launched Rosa Red Hat OpenShift service on AWS. And that's helped customers with their modernization journey to AWS. So that's been context historically around where we were and where we are today. And now with Ansible, it just gives customer another tool in their arsenal, right? And then the goal is to make sure we meet customers where they are, give them all the Red Hat products that they love using on their hybrid workloads. >> Sounds like a lot is coming maybe at re:Invent too, coming up. >> Yeah. >> What's next? >> This is the beginning, right? We'll continue to grow and based upon not only laying the building blocks for what customers can build with, and you mentioned Lisa, right? We follow this journey that Manasi talked about because of what customers ask for. So it's always a new adventure to determine what'll come next based upon what we hear from our joint customers. >> On that front though, Stefanie, talk about the impact of the broader ecosystem that this is just scratching the surface. >> One of the things, and we've been going through a whole transformation at Red Hat about how we engage with the ecosystem. We've done organizational shifts, we've done a complete revamp of how we engage with the ecosystem. One of our biggest focus is to make sure that the partnerships that we have with one partner bring value to the rest of our partners. No better example than something like this when we work with AWS to create accessibility and capability through a procurement model that we know is important to customers. But that then serves as a launch point for other partners to build certified collections around or now around validated content, which we talked about today at AnsibleFest, that allows other partners to engage. And we're seeing a huge amount in services partners, right? Automation is so pervasive now as customers want to go out and scale. We're seeing services partners really come in and help customers go from, it's always challenging when you have a broad set of IT. You have cloud native over here, you have bare metal over here, you have virtual, it's complex. >> John: Yeah. >> There's sometimes an energy activation barrier to get over that initial automation. We're seeing partners come in with really skilled services capabilities to help customers get over that hump to consolidate with an automation plan. It gets them better equipped to do day one automation and day two automation. And that's where Ansible automation platform is going. It's not just about configuration management, it's about day two management as well. >> Talk about those barriers a little bit more and how Ansible and AWS together are helping customers really knock those out of the park. Another baseball reference for you. We see that a lot of organizations, the skills gap, which we've talked about already on the conversation today, but Ansible as being a facilitator of helping organizations to attract talent, to retain talent, but also customers that maybe don't know where to start or don't know how to determine the ROI that automating processes will bring. How can this partnership help customers nock those out of the park? >> So I'll start and then I'll pass it to Manasi here. But I think one of the key things in this particular partnership is just plain old accessibility. Accessibility, which public cloud has taught the world a new way to get fast access that consumption based pricing. Right you can get your hands on it, you can test it out, you can have a team go in and test it out, and then you can see it's built for scale. So then you can scale it as far as you want to go forward. We clearly have an ecosystem of services partners, so does AWS to help people then sort of take it to the next level as they want to build upon it. But to me the first step is about accessibility, getting your hands dirty. You can build it into those committed spend programs that you may have with AWS as well to try new things. But it's a great test bed. >> Absolutely. And then to add to what Stefanie said, together Red Hat and AWS, we have about a hundred thousand partners combined, right? Like resellers, sis, GSI, distributors. So the reach the combined partnership has just amplifies. >> Yeah, it's huge news. I think it's a big deal because you operationalize the heavy lifting of procurement for all your joint customers and the scale piece is huge. So congratulations. I think it's going to make a lot of money for Ansible. So good call there. My question is, as we hear here, the next level's edge. So AWS has been doing a ton of hybrids since outpost announcement years ago. Now you got all kinds of regional expansions, you've got local zones, you've got all kinds of new edge activity. So are there dots connecting here with the edge with Red Hat Ansible? >> Do you want- >> Yeah, so I think we see two trends with our customers, right? Like mainly I'm specifically talking about our RHEL customer base on AWS. We have almost hundreds to thousands of customers using RHEL on AWS. These are 90% of fortune 500 companies use RHEL, right? So with that customer base, they are looking to expand your point into the edge. There's outposts, there are so many hybrid environments that they're trying to expand in. So just adding Ansible, RHEL, Rosa, OpenShift, that entire makes, just gives customers that the plethora of products they need to run their workloads everywhere, right? Like we have certifications outpost, we have certifications with OpenShift, right? So it just completes the puzzle, if you- >> So it's a nice fit. >> Yeah. >> It is a really nice fit. And I love Edge and Edge once you start going distributed, this automation aspect is key for all the reasons, for security reasons to make sure you do it the same way every single time. It's just pervasive in it. But things like the Cloud Control API allow it to bridge into things like Outpost. It allows a simple way, one clean way to do API and then you can expand it out and get the value. >> So this is why you are on stage and you said that Ansible's going to expand the scope to be more enterprise architecture. >> Stefanie: That's right. >> That's essentially what you're getting at. This is now a distributed computing fabric at cloud scale on AWS. >> Stefanie: That's right. >> Did I get that right? >> Yep, and it touches all the different deployments you may have, on-prem, virtual, cloud native, you name it. >> So how do the people turn into architects? Cuz this is, again, we had this earlier conversation with Tom, multi-tool players, a baseball analogy I used. It's like signifies the best player, your customers are becoming multiple tool players or operators. The new operator is now the top talent. They got to run Ansible, they got to automate, they got to provide services to the cloud native developers. So this new role is emerging, it's not a cloud architect but it's, if it's going to be system architecture wide, what's this new person look like that's going to run all this? >> I think it's an interesting question. We were talking yesterday, actually, Tom and I were talking with the partners. We had Partner Day, the first ever at AnsibleFest yesterday, which was great. We got a lot of insight. They talked a lot about this platform focus, right? Customers are looking to create that platform so that the developers can come in and build upon it without compromising what they want to do. So I do think there's a move in that direction to say how do you create these platforms at a company that no compromises, but it provides that consistency. I would say one thing in partnerships like this, I think customer expectations on the partner ecosystem to have it be trusted is increasing. They expect us as we've done to have our engineers roll up their sleeves together to come to the table together. That's going to show up in our curated content. It's going to show up in our validated content. Those are the places I think where we come up from the bottom through our partnership and we help bridge that gap. >> John: Awesome. >> And trust was brought up a number of times this morning during the keynote. We're almost out of time here, but I think it's one of those words that a lot of companies use. But I think what you're showing is really the value in it from Ansible's perspective from AWS's perspective and ultimately the value in it for the customer. >> Stefanie: Yes. >> So I got to ask you one final question. >> Stefanie: Absolutely. >> And maybe as as reinvent is around the corner, what's next for the partnership? Obviously big news today, Manasi, looking down down the pipe- >> Stefanie: Big news today. >> What are some of the things that you think are going to become next that you can share? >> I mean at this point, and I'll pass it to Manasi to close us out, but we are continuing to follow, to meet our customers where they want to be. We are looking across our portfolio for different ways that customers want to consume within AWS. We'll continue to look at the procurement models through the partner programs that Manasi and the team have had. And to me the next step is really bringing in the rest of the ecosystem. How do we use this as a grounding step? >> Yeah, absolutely. So we are always listening to customer feedback and they want more Red Hat products in the marketplace. So that's where we'll be. >> In the marketplace. >> Congratulations great deal. >> Yes great work there guys. And customers always want more. That's the thing. But that's what keeps us going. So we love it. >> Absolutely. >> Thank you so much for joining John and me on the program today. It's been great to have you. And congratulations again. >> It's a pleasure. >> Thank you. >> For our guests and for John Furrier, I'm Lisa Martin. You're watching theCUBE Live from Chicago at AnsibleFest 2022. This is only day one of our coverage. We'll be back after a short break for more. (upbeat music)

>>We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. >>Hey, good morning Davis. Nice to meet, Meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so a few years ago IT security and an enterprise was primarily putting a wrapper around the data center because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the one small enough control today with the distributed data, intelligent software, different systems, multi-cloud onement and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's, you know, data driven world, it operates everywhere. And that has created and accessed everywhere so far from, you know, the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a wrap around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the entire enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying, or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape, primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you're thinking about securing network infrastructure, when you are looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say, rules for that metal in a role based access control, whether you are security admin or a network admin or a storage admin. >>And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. We talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get und desired results in terms of, say validation of the images. It's, it needs to be done through in digital signature. So, so it's important that when you're talking about say, software integrity, A, you are ensuring that the platform is not compromised, you know, is not compromised, and B, that any upgrades, you know, that happens to the platform is happening through validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i, I think response, but please continue. >>Yeah, so you know, the third myth about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different. You know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And this are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It prides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like say segmentation isolated segments, I know via vrs or, or some micro segmentation via partners, this allows various level of security for each of those segments. >>So it's important, you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? You know, there are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. >>If you look at say that you know the different pillars of a zero touch architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trusted platform in a trusted platform models tpms on certain offer products and you know, the physical security know, plain, simple old one lab port enabled from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. If you look at say a transport and a session trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain or telenet or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority based certification. >>And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the VGP peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here in now, you know, it's, it's typical that if you don't have a contra plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. >>And I did talk about, say the digital signature and the cryptographic checks and that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about say multitenancy aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift a vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz sec op teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our portfolio, >>It enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the anti fabric and you know, from a deployment and you know, the management of the network infrastructure, there are simplicities, you know, using, you know, like Ansible s for Sonic for example, are, you know, for a better or settle and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and awareness and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NAS is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center. You now right up to the edge. Now if you look at our north from a smart traffic voice 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment day zero. I mean rather day one, day two deployment expansion plans and the life cycle management of our conversion infrastructure and hyper and hyperconverge infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature in know prior to any upgrade process. And if you are looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control that pretty do attacks and say access control from multifactor authentication. >>We do have various tech hacks for entry control to the network and things like CSAC and P IV support, you know, from a federal perspective, we do have, say logging wherein, you know, any event, any auditing capabilities can be possible by say, looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say networks, you know, say network separation and you know, these, you know, separation, you know, ensures that that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone. And you know, this can be implemented by a, the micro segmentation, you know, just a plain old wheel are using virtual route of framework vr, for example. >>A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in, in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the Cube, your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>Hello. Welcome back to our super cloud 22 event. I'm John F host the cue with my co-host Dave ante. Extracting the signal from noise. We're proud to have two amazing cube alumnis here. We got Sanja Putin. Who's now the CEO of cohesive the emo Aaron who's the CTO. Co-founder also former CEO Cub alumni. The father of hyper-converged welcome back to the cube I endorsed the >>Cloud. Absolutely. Is the father. Great >>To see you guys. Thank thanks for coming on and perfect timing. The new job taking over that. The helm Mo it at cohesive big news, but part of super cloud, we wanna dig into it. Thanks for coming on. >>Thank you for having >>Us here. So first of all, we'll get into super before we get into the Supercloud. I want to just get the thoughts on the move Sanjay. We've been following your career since 2010. You've been a cube alumni from that point, we followed that your career. Why cohesive? Why now? >>Yeah, John David, thank you first and all for having us here, and it's great to be at your event. You know, when I left VMware last year, I took some time off just really primarily. I hadn't had a sabbatical in probably 18 years. I joined two boards, Phillips and sneak, and then, you know, started just invest and help entrepreneurs. Most of them were, you know, Indian Americans like me who were had great tech, were looking for the kind of go to market connections. And it was just a wonderful year to just de to unwind a bit. And along the, the way came CEO calls. And I'd asked myself, the question is the tech the best in the industry? Could you see value creation that was signi significant and you know, three, four months ago, Mohit and Carl Eschenbach and a few of the board members of cohesive called me and walk me through Mo's decision, which he'll talk about in a second. And we spent the last few months getting to know him, and he's everything you describe. He's not just the father of hyperconverge. And he wrote the Google file system, wicked smart, built a tech platform better than that second time. But we had to really kind of walk through the chemistry between us, which we did in long walks in, in, you know, discrete places so that people wouldn't find us in a Starbucks and start gossiping. So >>Why Sanjay? There you go. >>Actually, I should say it's a combination of two different decisions. The first one was to, for me to take a different role and I run the company as a CEO for, for nine years. And, you know, as a, as a technologist, I always like, you know, going deep into technology at the same time, the CEO duties require a lot of breadth, right? You're talking to customers, you're talking to partners, you're doing so much. And with the way we've been growing the with, you know, we've been fortunate, it was becoming hard to balance both. It's really also not fair to the company. Yeah. So I opted to do the depth job, you know, be the visionary, be the technologist. And that was the first decision to bring a CEO, a great CEO from outside. >>And I saw your video on the site. You said it was your decision. Yes. Go ahead. I have to ask you, cuz this is a real big transition for founders and you know, I have founder artists cuz everyone, you know, calls me that. But being the founder of a company, it's always hard to let go. I mean nine years as CEO, it's not like you had a, you had a great run. So this was it timing for you? Was it, was it a structural shift, like at super cloud, we're talking about a major shift that's happening right now in the industry. Was it a balance issue? Was it more if you wanted to get back in and in the tech >>Look, I, I also wanna answer, you know, why Sanja, but, but I'll address your question first. I always put the company first what's right for the company. Is it for me to start get stuck the co seat and try to juggle this depth and Brad simultaneously. I mean, I can stroke my ego a little bit there, but it's not good for the company. What's best for the company. You know, I'm a technologist. How about I oversee the technology part in partnership with so many great people I have in the company and I bring someone kick ass to be the CEO. And so then that was the second decision. Why Sanja when Sanjay, you know, is a very well known figure. He's managed billions of dollars of business in VMware. You know, been there, done that has, you know, some of the biggest, you know, people in the industry on his speed dial, you know, we were really fortunate to have someone like that, come in and accept the role of the CEO of cohesive. I think we can take the company to new Heights and I'm looking forward to my partnership with, with Sanja on this. >>It it's we, we called it the splash brothers and >>The, >>In the vernacular. It doesn't matter who gets the ball, whether it's step clay, we shoot. And I think if you look at some of the great partnerships, whether it was gates bomber, there, plenty of history of this, where a founder and a someone who was, it has to be complimentary skills. If I was a technologist myself and wanted to code we'd clash. Yeah. But I think this was really a match me in heaven because he, he can, I want him to keep innovating and building the best platform for today in the future. And our customers tell one customer told me, this is the best tech they've seen since VMware, 20 years ago, AWS, 10 years ago. And most recently this was a global 100 big customers. So I feel like this combination, now we have to show that it works. It's, you know, it's been three, four months. My getting to know him, you know, I'm day eight on the job, but I'm loving it. >>Well, it's a sluman model too. It's more modern example. You saw, he did it with Fred Ludy at service now. Yes. And, and of course at, at snowflake, yeah. And his book, you read his book. I dunno if you've read his book, amp it up, but app it up. And he says, I always you'll love this. Give great deference to the founder. Always show great respect. Right. And for good reason. So >>In fact, I mean you could talk to him, you actually met to >>Frank. I actually, you know, a month or so back, I actually had dinner with him in his ranch in Moana. And I posed the question. There was a number of CEOs that went there and I posed him the question. So Frank, you know, many of us, we grow being deaf guys, you know? And eventually when we take on the home of our CEO, we have to do breadth. How do you do it? And he's like, well, let me tell you, I was never a death guy. I'm a breath guy. >>I'm like, >>That's my answer. Yeah. >>So, so I >>Want the short story. So the day I got the job, I, I got a text from Frank and I said, what's your advice the first time CEO, three words, amp it up, >>Amp it up. Right? Yeah. >>And so you're always on brand, man. >>So you're an amazing operator. You've proven that time and time again at SAP, VMware, et cetera, you feel like now you, you, you wanna do both of those skills. You got the board and you got the operations cuz you look, you know, look at sloop when he's got Scarelli wherever he goes, he brings Scarelli with him as sort of the operator. How, how do you, how are you thinking >>About that? I mean it's early days, but yeah. Yeah. Small. I mean I've, you know, when I was, you know, it was 35,000 people at VMware, 80, 90,000 people at SAP, a really good run. The SAP run was 10 to 20 billion innovative products, especially in analytics and VMware six to 12 end user computing cloud. So I learned a lot. I think the company, you know, being about 2000 employees plus not to mayor tomorrow, but over the course next year I can meet everybody. Right? So first off the executive team, 10 of us, we're, we're building more and more cohesiveness if I could use that word between us, which is great, the next, you know, layers of VPs and every manager, I think that's possible. So I I'm a people person and a customer person. So I think when you take that sort of extroverted mindset, we'll bring energy to the workforce to, to retain the best and then recruit the best. >>And you know, even just the week we, we were announced that this announcement happened. Our website traffic went through the roof, the highest it's ever been, lots of resumes coming in. So, and then lots of customer engagement. So I think we'll take this, but I, I feel very good about the possibilities, because see, for me, I didn't wanna walk into the company to a company where the technology risk was high. Okay. I feel like that I can go to bed at night and the technology risk is low. This guy's gonna run a machine at the current and the future. And I'm hearing that from customers. Now, what I gotta do is get the, the amp it up part on the go to market. I know a little thing or too about >>That. You've got that down. I think the partnership is really key here. And again, nine use the CEO and then Sanja points to our super cloud trend that we've been looking at, which is there's another wave happening. There's a structural change in real time happening now, cloud one was done. We saw that transition, AWS cloud native now cloud native with an kind of operating system kind of vibe going on with on-premise hybrid edge. People say multi-cloud, but we're looking at this as an opportunity for companies like cohesive to go to the next level. So I gotta ask you guys, what do you see as structural change right now in the industry? That's disruptive. People are using cloud and scale and data to refactor their business models, change modern cases with cloud native. How are you guys looking at this next structural change that's happening right now? Yeah, >>I'll take that. So, so I'll start by saying that. Number one, data is the new oil and number two data is exploding, right? Every year data just grows like crazy managing data is becoming harder and harder. You mentioned some of those, right? There's so many cloud options available. Cloud one different vendors have different clouds. There is still on-prem there's edge infrastructure. And the number one problem that happens is our data is getting fragmented all over the place and managing so many fragments of data is getting harder and harder even within a cloud or within on-prem or within edge data is fragmented. Right? Number two, I think the hackers out there have realized that, you know, to make money, it's no longer necessary to Rob banks. They can actually see steal the data. So ransomware attacks on the rise it's become a boardroom level discussion. They say there's a ransomware attack happening every 11 seconds or so. Right? So protecting your data has become very important security data. Security has become very important. Compliance is important, right? So people are looking for data management solutions, the next gen data management platform that can really provide all this stuff. And that's what cohesive is about. >>What's the difference between data management and backup. Explain that >>Backup is just an entry point. That's one use case. I wanna draw an analogy. Let's draw an analogy to my former company, Google right? Google started by doing Google search, but is Google really just a search engine. They've built a platform that can do multiple things. You know, they might have started with search, but then they went down to roll out Google maps and Gmail and YouTube and so many other things on that platform. So similarly backups might be just the first use case, but it's really about that platform on which you can do more with the data that's next gen data management. >>But, but you am, I correct. You don't consider yourself a security company. One of your competitors is actually pivoting and in positioning themselves as a security company, I've always felt like data management, backup and recovery data protection is an adjacency to security, but those two worlds are coming together. How do you see >>It? Yeah. The way I see it is that security is part of data management. You start maybe by backing with data, but then you secure it and then you do more with that data. If you're only doing security, then you're just securing the data. You, you gotta do more with the data. So data management is much bigger. So >>It's a security is a subset of data. I mean, there you go. Big TA Sanjay. >>Well, I mean I've, and I, I, I I'd agree. And I actually, we don't get into that debate. You know, I've told the company, listen, we'll figure that out. Cuz who cares about the positioning at the bottom? My email, I say we are data management and data security company. Okay. Now what's the best word that describes three nouns, which I think we're gonna do management security and analytics. Okay. He showed me a beautiful diagram, went to his home in the course of one of these, you know, discrete conversations. And this was, I mean, he's done this before. Many, if you watch on YouTube, he showed me a picture of an ice big iceberg. And he said, listen, you know, if you look at companies like snowflake and data bricks, they're doing the management security and mostly analytics of data. That's the top of the iceberg, the stuff you see. >>But a lot of the stuff that's get backed archive is the bottom of the iceberg that you don't see. And you try to, if you try to ask a question on age data, the it guy will say, get a ticket. I'll come back with three days. I'll UNIV the data rehydrate and then you'll put it into a database. And you can think now imagine that you could do live searches analytics on, on age data that's analytics. So I think the management, the security, the analytics of, you know, if you wanna call it secondary data or backed up data or data, that's not hot and live warm, colder is a huge opportunity. Now, what do you wanna call one phrase that describes all of it. Do you call that superpower management security? Okay, whatever you wanna call it. I view it as saying, listen, let's build a platform. >>Some people call Google, a search company. People, some people call Google and information company and we just have to go and pursue every CIO and every CSO that has a management and a security and do course analytics problem. And that's what we're doing. And when I talk to the, you know, I didn't talk to all the 3000 customers, but the biggest customers and I was doing diligence. They're like this thing has got enormous potential. Okay. And we just have to now go focus, get every fortune 1000 company to pick us because this problem, even the first use case you talk back up is a little bit like, you know, razor blades and soap you've needed. You needed it 30 years ago and you'll need it for 30 years. It's just that the tools that were built in the last generation that were companies formed in 1990s, one of them I worked for years ago are aids are not built for the cloud. So I think this is a tremendous opportunity where many of those, those, those nos management security analytics will become part of what we do. And we'll come up with the right phrase for what the companies and do course >>Sanjay. So ma and Sanja. So given that given that's this Google transition, I like that example search was a data problem. They got sequenced to a broader market opportunity. What super cloud we trying to tease out is what does that change over from a data standpoint, cuz now the operating environments change has become more complex and the enterprises are savvy. Developers are savvy. Now they want, they want SAS solutions. They want freemium and expanding. They're gonna drive the operations agenda with DevOps. So what is the complexity that needs to be abstracted away? How do you see that moment? Because this is what people are talking about. They're saying security's built in, driven by developers. Developers are driving operations behavior. So what is the shift? Where do you guys see this new? Yeah. Expansive for cohesive. How do you fit into super cloud? >>So let me build up from that entry point. Maybe back up to what you're saying is the super cloud, right? Let me draw that journey. So let's say the legacy players are just doing backups. How, how sad is it that you have one silo sitting there just for peace of mind as an insurance policy and you do nothing with the data. If you have to do something with the data, you have to build another silo, you have to build another copy. You have to manage it separately. Right. So clearly that's a little bit brain damaged. Right. So, okay. So now you take a little bit of, you know, newer vendors who may take that backup platform and do a little bit more with that. Maybe they provide security, but your problem still remains. How do you do more with the data? How do you do some analytics? >>Like he's saying, right. How do you test development on that? How do you migrate the data to the cloud? How do you manage it? The data at scale? How do you do you provide a unified experience across, across multiple cloud, which you're calling the super cloud. That's where cohesive goes. So what we do, we provide a platform, right? We have tentacles in on-prem in each of the clouds. And on top of that, it looks like one platform that you manage. We have a single control plane, a UI. If you may, a single pin of glass, if, if you may, that our customers can use to manage all of it. And now it looks, starts looking like one platform. You mentioned Google, do you, when you go to, you know, kind Google search or a URL, do you really care? What happens behind the scenes mean behind the scenes? Google's built a platform that spans the whole world. No, >>But it's interesting. What's behind the scenes. It's a beautiful now. And I would say, listen, one other thing to pull on Dave, on the security part, I saw a lot of vendors this day in this space, white washing a security message on top of backup. Okay. And CSO, see through that, they'll offer warranties and guarantees or whatever, have you of X million dollars with a lot of caveats, which will never paid because it's like escape clause here. We won't pay it. Yeah. And, and what people really want is a scalable solution that works. And you know, we can match every warranty that's easy. And what I heard was this was the most scalable solution at scale. And that's why you have to approach this with a Google type mindset. I love the fact that every time you listen to sun pitch, I would, what, what I like about him, the most common word to use is scale. >>We do things at scale. So I found that him and AUR and some of the early Google people who come into the company had thought about scale. And, and even me it's like day eight. I found even the non-tech pieces of it. The processes that, you know, these guys are built for simple things in some cases were better than some of the things I saw are bigger companies I'd been used to. So we just have to continue, you know, building a scale platform with the enterprise. And then our cloud product is gonna be the simple solution for the masses. And my view of the world is there's 5,000 big companies and 5 million small companies we'll push the 5 million small companies as the cloud. Okay. Amazon's an investor in the company. AWS is a big partner. We'll talk about I'm sure knowing John's interest in that area, but that's a cloud play and that's gonna go to the cloud really fast. You not build you're in the marketplace, you're in the marketplace. I mean, maybe talk about the history of the Amazon relationship investing and all that. >>Yeah, absolutely. So in two years back late 2020, we, you know, in collaboration with AWS who also by the way is an investor now. And in cohesive, we rolled out what we call data management as a service. It's our SaaS service where we run our software in the cloud. And literally all customers have to do is just go there and sign on, right? They don't have to manage any infrastructure and stuff. What's nice is they can then combine that with, you know, software that they might have bought from cohesive. And it still looks like one platform. So what I'm trying to say is that they get a choice of the, of the way they wanna consume our software. They can consume it as a SAS service in the cloud. They can buy our software, manage it themselves, offload it to a partner on premises or what have you. But it still looks like that one platform, what you're calling a Supercloud >>Yeah. And developers are saying, they want the bag of Legos to compose their solutions. That's the Nirvana they want to get there. So that's, it has to look the same. >>Well, what is it? What we're calling a Superlo can we, can we test that for a second? So data management and service could span AWS and on-prem with the identical experience. So I guess I would call that a Supercloud I presume it's not gonna through AWS span multiple clouds, but, but >>Why not? >>Well, well interesting cuz we had this, I mean, so, okay. So we could in the future, it doesn't today. Well, >>David enough kind of pause for a second. Everything that we do there, if we do it will be customer driven. So there might be some customers I'll give you one Walmart that may want to store the data in a non AWS cloud risk cuz they're competitors. Right. So, but the control plane could still be in, in, in the way we built it, but the data might be stored somewhere else. >>What about, what about a on-prem customer? Who says, Hey, I, I like cohesive. I've now got multiple clouds. I want the identical experience across clouds. Yeah. Okay. So, so can you do that today? How do you do that today? Can we talk >>About that? Yeah. So basically think roughly about the split between the data plane and the control plane, the data plane is, you know, our cohesive clusters that could be sitting on premises that could be sitting in multiple data centers or you can run an instance of that cluster in the cloud, whichever cloud you choose. Right. That's what he was referring to as the data plane. So collectively all these clusters from the data plane, right? They stored the data, but it can all be managed using the control plane. So you still get that single image, the single experience across all clouds. And by the way, the, the, the, the cloud vendor does actually benefit because here's a customer. He mentioned a customer that may not wanna go to AWS, but when they get the data plane on a different cloud, whether it's Azure, whether it's the Google cloud, they then get data management services. Maybe they're able to replicate the data over to AWS. So AWS also gains. >>And your deployment model is you instantiate the cohesive stack on each of the regions and clouds, is that correct? And you building essentially, >>It all happens behind the scenes. That's right. You know, just like Google probably has their tentacles all over the world. We will instantiate and then make it all look like one platform. >>I mean, you should really think it's like a human body, right? The control planes, the head. Okay. And that controls everything. The data plane is large because it's a lot of the data, right? It's the rest of the body, that data plane could be wherever you want it to be. Traditionally, the part the old days was tape. Then you got disk. Now you got multiple clouds. So that's the way we think about it. And there on that piece of it will be neutral, right? We should be multi-cloud to the data plane being every single place. Cause it's customer demand. Where do you want your store data? Air gapped. On-prem no problem. We'll work with Dell. Okay. You wanna be in a particular cloud, AWS we'll work then optimized with S3 and glacier. So this is where I think the, the path to a multi-cloud or Supercloud is to be customer driven, but the control plane sits in Amazon. So >>We're blessed to have a number of, you know, technical geniuses in here. So earlier we were speaking to Ben wa deja VI, and what they do is different. They don't instantiate an individual, you know, regions. What they do is of a single global. Is there a, is there an advantage of doing it the way the cohesive does it in terms of simplicity or how do you see that? Is that a future direction for you from a technology standpoint? What are the trade offs there? >>So you want to be where the data is when you said single global, I take it that they run somewhere and the data has to go there. And in this day age, correct >>Said that. He said, you gotta move that in this >>Day and >>Age query that's, you know, across regions, look >>In this day and age with the way the data is growing, the way it is, it's hard to move around the data. It's much easier to move around the competition. And in these instances, what have you, so let the data be where it is and you manage it right there. >>So that's the advantage of instantiating in multiple regions. As you don't have to move the >>Data cost, we have the philosophy we call it. Let's bring the, the computation to the data rather than the data to >>The competition and the same security model, same governance model, same. How do you, how do you federate that? >>So it's all based on policies. You know, this overarching platform controlled by, by the control plane, you just, our customers just put in the policies and then the underlying nuts and bolts just take care >>Of, you know, it's when I first heard and start, I started watching some of his old videos, ACE really like hyperconverged brought to secondary storage. In fact, he said, oh yeah, that's great. You got it. Because I first called this idea, hyperconverged secondary storage, because the idea of him inventing hyperconverge was bringing compute to storage. It had never been done. I mean, you had the kind of big VC stuff, but these guys were the first to bring that hyperconverge at, at Nutanix. So I think this is that same idea of bringing computer storage, but now applied not to the warm data, but to the rest of the data, including a >>Lot of, what about developers? What's, what's your relationship with developers? >>Maybe you talk about the marketplace and everything >>He's yeah. And I'm, I'm curious as to do you have a PAs layer, what we call super PAs layer to create an identical developer experience across your Supercloud. I'm gonna my >>Term. So we want our customers not just to benefit from the software that we write. We also want them to benefit from, you know, software that's written by developers by third party people and so on and so forth. So we also support a marketplace on the platform where you can download apps from third party developers and run them on this platform. There's a, a number of successful apps. There's one, you know, look like I said, our entry point might be backups, but even when backups, we don't do everything. Look, for instance, we don't backup mainframes. There is a, a company we partner with, you know, and their software can run in our marketplace. And it's actually used by many, many of our financial customers. So our customers don't get, just get the benefit of what we build, but they also get the benefit of what third parties build. Another analogy I like to draw. You can tell. And front of analogy is I drew an analogy to hyperscale is like Google. Yeah. The second analogy I like to draw is that to a simple smartphone, right? A smartphone starts off by being a great phone. But beyond that, it's also a GPS player. It's a, it's a, it's a music player. It's a camera, it's a flashlight. And it also has a marketplace from where you can download apps and extend the power of that platform. >>Is that a, can we think of that as a PAs layer or no? Is it really not? You can, okay. You can say, is it purpose built for what you're the problem that you're trying to solve? >>So we, we just built APIs. Yeah. Right. We have an SDK that developers can use. And through those APIs, they get to leverage the underlying services that exist on the platform. And now developers can use that to take advantage of all that stuff. >>And it was, that was a key factor for me too. Cause I, what I, you know, I've studied all the six, seven players that sort of so-called leaders. Nobody had a developer ecosystem, nobody. Right? The old folks were built for the hardware era, but anyones were built for the cloud to it didn't have any partners were building on their platform. So I felt for me listen, and that the example of, you know, model nine rights, the name of the company that does back up. So there's, there's companies that are built on and there's a number of others. So our goal is to have a big tent, David, to everybody in the ecosystem to partner with us, to build on this platform. And, and that may take over time, but that's the way we're build >>It. And you have a metadata layer too, that has the intelligence >>To correct. It's all abstract. That that's right. So it's a combination of data and metadata. We have lots of metadata that keeps track of where the data is. You know, it allows you to index the data you can do quick searches. You can actually, you, we talking about the control plan from that >>Tracing, >>You can inject a search that'll through search throughout your multi-cloud environment, right? The super cloud that you call it. We have all that, all that goodness sounds >>Like a Supercloud John. >>Yeah. I mean, data tracing involved can trace the data lineage. >>You, you can trace the data lineage. So we, you know, provide, you know, compliance and stuff. So you can, >>All right. So my final question to wrap up, we guys, first of all, thanks for coming on. I know you're super busy, San Jose. We, we know what you're gonna do. You're gonna amp it up and, you know, knock all your numbers out. Think you always do. But what I'm interested in, what you're gonna jump into, cuz now you're gonna have the creative license to jump in to the product, the platform there has to be the next level in your mind. Can you share your thoughts on where this goes next? Love the control plane, separate out from the data plane. I think that plays well for super. How >>Much time do you have John? This guy's got, he's got a wealth. Ditis keep >>Going. Mark. Give us the most important thing you're gonna focus on. That kind of brings the super cloud and vision together. >>Yeah. Right away. I'm gonna, perhaps I, I can ion into two things. The first one is I like to call it building the, the machine, the system, right. Just to draw an analogy. Look, I draw an analogy to the us traffic system. People from all walks of life, rich, poor Democrats, Republicans, you know, different states. They all work in the, the traffic system and we drive well, right. It's a system that just works. Whereas in some other countries, you know, the system doesn't work. >>We know, >>We know a few of those. >>It's not about works. It's not about the people. It's the same people who would go from here to those countries and, and not dry. Well, so it's all about the system. So the first thing I, I have my sights on is to really strengthen the system that we have in our research development to make it a machine. I mean, it functions quite well even today, but wanna take it to the next level. Right. So that I wanna get to a point where innovation just happens in the grassroots. And it just, just like >>We automations scale optic brings all, >>Just happens without anyone overseeing it. Anyone there's no single point of bottleneck. I don't have to go take any diving catches or have you, there are people just working, you know, in a decentralized fashion and innovation just happens. Yeah. The second thing I work on of course is, you know, my heart and soul is in, you know, driving the vision, you know, the next level. And that of course is part of it. So those are the two things >>We heard from all day in our super cloud event that there's a need for an, an operating system. Yeah. Whether that's defacto standard or open. Correct. Do you see a consortium around the corner potentially to bring people together so that things could work together? Cuz there really isn't no stand there. Isn't a standards bodies. Now we have great hyperscale growth. We have on-prem we got the super cloud thing happening >>And it's a, it's kind of like what is an operating system? Operating system exposes some APIs that the applications can then use. And if you think about what we've been trying to do with the marketplace, right, we've built a huge platform and that platform is exposed through APIs. That third party developers can use. Right? And even we, when we, you know, built more and more services on top, you know, we rolled our D as we rolled out, backup as a service and a ready for thing security as a service governance, as a service, they're using those APIs. So we are building a distributor, putting systems of sorts. >>Well, congratulations on a great journey. Sanja. Congratulations on taking the hem. Thank you've got ball control. Now you're gonna be calling the ball cohesive as they say, it's, >>It's a team. It's, you know, I think I like that African phrase. If you want to go fast, you go alone. If you wanna go far, you go together. So I've always operated with the best deal. I'm so fortunate. This is to me like a dream come true because I always thought I wanted to work with a technologist that frees me up to do what I like. I mean, I started as an engineer, but that's not what I am today. Right? Yeah. So I do understand the product and this category I think is right for disruption. So I feel excited, you know, it's changing growing. Yeah. No. And it's a, it requires innovation with a cloud scale mindset and you guys have been great friends through the years. >>We'll be, we'll be watching you. >>I think it's not only disruption. It's creation. Yeah. There's a lot of white space that just hasn't been created yet. >>You're gonna have to, and you know, the proof, isn't the pudding. Yeah. You already have five of the biggest 10 financial institutions in the us and our customers. 25% of the fortune 500 users, us two of the biggest five pharmaceutical companies in the world use us. Probably, you know, some of the biggest companies, you know, the cars you have, you know, out there probably are customers. So it's already happening. >>I know you got an IPO filed confidentially. I know you can't talk numbers, but I can tell by your confidence, you're feeling good right now we are >>Feeling >>Good. Yeah. One day, one week, one month at a time. I mean, you just, you know, I like the, you know, Jeff Bezos, Andy jazzy expression, which is, it's always day one, you know, just because you've had success, even, you know, if, if a and when an IPO O makes sense, you just have to stay humble and hungry because you realize, okay, we've had a lot of success in the fortune 1000, but there's a lot of white space that hasn't picked USS yet. So let's go, yeah, there's lots of midmarket account >>Product opportunities are still, >>You know, I just stay humble and hungry and if you've got the team and then, you know, I'm really gonna be working also in the ecosystem. I think there's a lot of very good partners. So lots of ideas brew through >>The head. Okay. Well, thank you so much for coming on our super cloud event and, and, and also doubling up on the news of the new appointment and congratulations on the success guys. Coverage super cloud 22, I'm sure. Dave ante, thanks for watching. Stay tuned for more segments after this break.

(gentle upbeat music) >> Okay, welcome back everyone to theCUBE's live coverage here in Boston, Massachusetts for AWS RE:INFORCE 22. I'm John Furrier, your host with Dave Vellante co-host of theCUBE, and Shreyans Metah, CTO and founder of Cequence Security. CUBE alumni, great to see you. Thanks for coming on theCUBE. >> Yeah. Thanks for having me here. >> So when we chatted you were part of the startup showcase. You guys are doing great. Congratulations on your business success. I mean, you guys got a good product in hot market. >> Yeah. >> You're here before we get into it. I want to get your perspective on the keynote and the talk tracks here and the show. But for the folks that don't know you guys, explain what you guys, take a minute to explain what you guys do and, and key product. >> Yeah, so we are the unified API protection place, but I mean a lot of people don't know what unified API protection is but before I get into that, just just talking about Cequence, we've been around since 2014. But we are protecting close to 6 billion API transactions every day. We are protecting close to 2 billion customer accounts, more than 2 trillion dollars in customer assets and a hundred million plus sort of, data points that we look at across customer base. That's that's who we are. >> I mean, of course we all know APIs is, is the basis of cloud computing and you got successful companies like Stripe, for instance, you know, you put API and you got a financial gateway, billions of transactions. What's the learnings. And now we're in a mode now where single point of failure is a problem. You got more automation you got more reasoning coming a lot more computer science next gen ML, AI there too. More connections, no perimeter. Right? More and more use cases, more in the cloud. >> Yeah. So what, what we are seeing today is, I mean from six years ago to now, when we started, right? Like the monolith apps are breaking down into microservices, right? What effectively, what that means is like every of the every such microservices talking APIs, right? So what used to be a few million web applications have now become billions of APIs that are communicating with each other. I mean, if you look at the, I mean, you spoke about IOT earlier, I call, I call like a Tesla is an application on four wheels that is communicating to its cloud over APIs. So everything is API yesterday. 80% traffic on internet is APIs. >> Now that's dated transit right there. (laughing) Couldn't resist. >> Yeah. >> Fully encrypted too. >> Yeah. >> Yeah, well hopefully. >> Maybe, maybe, maybe. (laughing) We dunno yet, but seriously everything is talking to an API. >> Yeah. >> Every application. >> Yeah. And, and there is no single choke point, right? Like you spoke about it. Like everybody is hosting their application in the cloud environments of their choice, AWS being one of them. But it's not the only one. Right? The, the, your APIs are hosted behind a CDN. Your APIs are hosted on behind an API gateway behind a load balancer in guest controllers. There is no single. >> So what's the problem? What's the problem now that you're solving? Because one was probably I can imagine connecting people, connecting the APIs. Now you've got more operational data. >> Yeah. >> Potential security hacks? More surface area? What's the what's what are you facing? >> Well, I can speak about some of the, our, some of the well known sort of exploits that have been well published, right. Everybody gets exploited, but I mean some of the well knowns. Now, if you, if you heard about Expedian last year there was a third party API that was exposing your your credit scores without proper authentication. Like Facebook had Ebola vulnerability sometime ago, where people could actually edit somebody else's videos online. Peloton again, a well known one. So like everybody is exposed, right. But that is the, the end results. All right? But it all starts with people don't even know where their APIs are and then you have to secure it all the way. So, I mean, ultimately APIs are prone to business logic attacks, fraud, and that's what, what you need to go ahead and protect. >> So is that the first question is, okay, what APIs do I need to protect? I got to take a API portfolio inventory. Is that? >> Yeah, so I think starting point is where. Where are my APIs? Right, so we spoke about there's no single choke point. Right, so APIs could be in, in your cloud environment APIs could be behind your cloud front, like we have here at RE:INFORCE today. So APIs could be behind your AKS, Ingrid controllers API gateways. And it's not limited to AWS alone, right. So, so knowing the unknown is, is the number one problem. >> So how do I find him? I asked Fred, Hey, where are our API? No, you must have some automated tooling to help me. >> Yeah, so, I, Cequence provides an option without any integration, what we call it, the API spider. Whereas like we give you visibility into your entire API attack surface without any integration into any of these services. Where are your APIs? What's your API attack surface about? And then sort of more details around that as well. But that is the number one. Is that agent list or is that an agent? >> There's no agent. So that means you can just sign up on our portal and then, then, then fire it away. And within a few minutes to an hour, we'll give you complete visibility into where your API is. >> So is it a full audit or is it more of a discovery? >> Or both? >> So, so number one, it's it's discovery, but we are also uncovering some of the potential vulnerabilities through zero knowledge. Right? So. (laughing) So, we've seen a ton of lock for J exposed server still. Like recently, there was an article that lock four J is going to be endemic. That is going to be here. >> Long time. >> (laughs) For, for a very long time. >> Where's your mask on that one? That's the Covid of security. >> Yeah. Absolutely absolutely. So, you need to know where your assets are what are they exposing? So, so that is the first step effectively discovering your attack surface. Yeah. >> I'm sure it's a efficiency issue too, with developers. The, having the spider allows you to at least see what's connecting out there versus having a meeting and going through code reviews. >> Yeah. Right? Is that's another big part of it? >> So, it is actually the last step, but you have, you actually go through a journey. So, so effectively, once you're discovering your assets you actually need to catalog it. Right. So, so I know where they're hosted but what are developers actually rolling out? Right. So they are updating your, the API endpoints on a daily basis, if not hourly basis. They have the CACD pipelines. >> It's DevOps. (laughing) >> Welcome to DevOps. It's actually why we'll do it. >> Yeah, and people have actually in the past created manual ways to catalog their APIs. And that doesn't really work in this new world. >> Humans are terrible at manual catalogization. >> Exactly. So, cataloging is really the next step for them. >> So you have tools for that that automate that using math, presumably. >> Exactly. And then we can, we can integrate with all these different choke points that we spoke about. There's no single choke points. So in any cloud or any on-prem environment where we actually integrate and give you that catalog of your APIs, that becomes your second step really. >> Yeah. >> Okay, so. >> What's the third step? There's the third step and then compliance. >> Compliance is the next one. So basically catalog >> There's four steps. >> Actually, six. So I'll go. >> Discovery, catalog, then compliance. >> Yeah. Compliance is the next one. So compliance is all about, okay, I've cataloged them but what are they really exposing? Right. So there could be PII information. There could be credit card, information, health information. So, I will treat every API differently based on the information that they're actually exposing. >> So that gives you a risk assessment essentially. >> Exactly. So you can, you can then start looking into, okay. I might have a few thousand API endpoints, like, where do I prioritize? So based on the risk exposure associated with it then I can start my journey of protecting so. >> That that's the remediation that's fixing it. >> Okay. Keep going. So that's, what's four. >> Four. That was that one, fixing. >> Yeah. >> Four is the risk assessment? >> So number four is detecting abuse. >> Okay. >> So now that I know my APIs and each API is exposing different business logic. So based on the business you are in, you might have login endpoints, you might have new account creation endpoint. You might have things around shopping, right? So pricing information, all exposed through APIs. So every business has a business logic that they end up exposing. And then the bad guys are abusing them. In terms of scraping pricing information it could be competitors scraping pricing. They will, we are doing account take. So detecting abuse is the first step, right? The fifth one is about preventing that because just getting visibility into abuse is not enough. I should be able to, to detect and prevent, natively on the platform. Because if you send signals to third party platforms like your labs, it's already too late and it's too course grain to be able to act on it. And the last step is around what you actually spoke about developers, right? Like, can I shift security towards the left, but it's not about shifting left. Just about shifting left. You obviously you want to bring in security to your CICD pipelines, to your developers, so that you have a full spectrum of API securities. >> Sure enough. Dave and I were talking earlier about like how cloud operations needs to look the same. >> Yeah. >> On cloud premise and edge. >> Yes. Absolutely. >> Edge is a wild card. Cause it's growing really fast. It's changing. How do you do that? Cuz this APIs will be everywhere. >> Yeah. >> How are you guys going to reign that in? What's the customers journey with you as they need to architect, not just deploy but how do you engage with the customer who says, "I have my environment. I'm not going to be to have somebody on premise and edge. I'll use some other clouds too. But I got to have an operating environment." >> Yeah. "That's pure cloud." >> So, we need, like you said, right, we live in a heterogeneous environment, right? Like effectively you have different, you have your edge in your CDN, your API gateways. So you need a unified view because every gateway will have a different protection place and you can't deal with 5 or 15 different tools across your various different environments. So you, what we provide is a unified view, number one and the unified way to protect those applications. So think of it like you have a data plane that is sprinkled around wherever your edges and gateways and risk controllers are and you have a central brains to actually manage it, in one place in a unified way. >> I have a computer science or computer architecture question for you guys. So Steven Schmidt again said single controls or binary states will fail. Obviously he's talking from a security standpoint but I remember the days where you wanted a single point of control for recovery, you talked about microservices. So what's the philosophy today from a recovery standpoint not necessarily security, but recovery like something goes wrong? >> Yeah. >> If I don't have a single point of control, how do I ensure consistency? So do I, do I recover at the microservice level? What's the philosophy today? >> Yeah. So the philosophy really is, and it's very much driven by your developers and how you want to roll out applications. So number one is applications will be more rapidly developed and rolled out than in the past. What that means is you have to empower your developers to use any cloud and serverless environments of their choice and it will be distributed. So there's not going to be a single choke point. What you want is an ability to integrate into that life cycle and centrally manage that. So there's not going to be a single choke point but there is going to be a single control plane to manage them off, right. >> Okay. >> So you want that unified, unified visibility and protection in place to be able to protect these. >> So there's your single point of control? What about the company? You're in series C you've raised, I think, over a hundred million dollars, right? So are you, where are you at? Are you scaling now? Are you hiring sales people or you still trying to sort of be careful about that? Can you help us understand where you're at? >> Yeah. So we are absolutely scaling. So, we've built a product that is getting, that is deployed already in all these different verticals like ranging from finance, to detail, to social, to telecom. Anybody who has exposure to the outside world, right. So product that can scale up to those demands, right? I mean, it's not easy to scale up to 6 billion requests a day. So we've built a solid platform. We've rolled out new products to complete the vision. In terms of the API spider, I spoke about earlier. >> The unified, >> The unified API protection covers three aspects or all aspects of API life cycle. We are scaling our teams from go to market motion. We brought in recently our chief marketing officer our chief revenue officer as well. >> So putting all the new, the new pieces in place. >> Yeah. >> So you guys are like API observability on steroids. In a way, right? >> Yeah, absolutely. >> Cause you're doing the observability. >> Yes. >> You're getting the data analysis for risk. You're having opportunities and recommendations around how to manage the stealthy attacks. >> From a full protection perspective. >> You're the API store. >> Yeah. >> So you guys are what we call best of breed. This is a trend we're seeing, pick something that you're best in breed in. >> Absolutely. >> And nail it. So you're not like an observability platform for everything. >> No. >> You guys pick the focus. >> Specifically, APS. And, so basically your, you can have your existing tools in place. You will have your CDN, you will have your graphs in place. So, but for API protection, you need something specialized and that stuff. >> Explain why I can't just rely on CDN infrastructure, for this. >> So, CDNs are, are good for content delivery. They do your basic TLS, and things like that. But APIs are all about your applications and business that you're exposing. >> Okay, so you, >> You have no context around that. >> So, yeah, cause this is, this is a super cloud vision that we're seeing of structural change in the industry, a new thing that's happening in real time. Companies like yours are be keeping a focus and nailing it. And now the customer's can assemble these services and company. >> Yeah. - Capabilities, that's happening. And it's happening like right now, structural change has happened. That's called the cloud. >> Yes. >> Cloud scale. Now this new change, best of brief, what are the gaps? Because I'm a customer. I got you for APIs, done. You take the complexity away at scale. I trust you. Where are the other gaps in my architecture? What's new? Cause I want to run cloud operations across all environments and across clouds when appropriate. >> Yeah. >> So I need to have a full op where are the other gaps? Where are the other best of breed components that need to be developed? >> So it's about layered, the layers that you built. Right? So, what's the thing is you're bringing in different cloud environments. That is your infrastructure, right? You, you, you either rely on the cloud provider for your security around that for roll outs and operations. Right? So then is going to be the next layer, which is about, is it serverless? Is it Kubernetes? What about it? So you'll think about like a service mesh type environment. Ultimately it's all about applications, right? That's, then you're going to roll out those applications. And that's where we actually come in. Wherever you're rolling out your applications. We come in baked into that environment, and for giving you that visibility and control, protection around that. >> Wow, great. First of all, APIs is the, is what cloud is based on. So can't go wrong there. It's not a, not a headwind for you guys. >> Absolutely. >> Great. What's a give a quick plug for the company. What are you guys looking to do hire? Get customers who's uh, when, what, what's the pitch? >> So like I started earlier, Cequence is around unified API protection, protecting around the full life cycle of your APIs, ranging from discovery all the way to, to testing. So, helping you throughout the, the life cycle of APIs, wherever those APIs are in any cloud environment. On-prem or in the cloud in your serverless environments. That's what Cequence is about. >> And you're doing billions of transactions. >> We're doing 6 billion requests every day. (laughing) >> Which is uh, which is, >> A lot. >> Unheard for a lot of companies here on the floor today. >> Sure is. Thanks for coming on theCUBE, sure appreciate it. >> Yeah. >> Good, congratulations to your success. >> Thank you. >> Cequence Security here on theCUBE at RE:INFORCE. I'm chatting with Dave Vellante, more coverage after this short break. (upbeat, gentle music)

>>The cube presents, Coon and cloud native con Europe 22 brought to you by the cloud native computing foundation. >>Welcome to Licia Spain in Coon cloud native con Europe, 2022. I'm your host, Keith Townson, along with Paul Gillon senior editor, enterprise architecture for Silicon angle. Paul, we're gonna talk to some amazing people this week. Coon, what the energy here, what, what, what would you say about >>It? I'd say it's reminiscent of, of early year, early stage conferences I've seen with other technologies. There is a lot of startup activity. Here's a lot of money in the market, despite the selloff in the stock market lately, a lot of anticipation that there are, there could be big exits. There could be big things ahead for these companies. You don't see that when you go to the big established conferences, you see just anticipation here that I don't think you see you you'll see maybe in a couple of years. So it's fun to be here right now. I'm sure it'll be a very different experience in two or three years. >>So welcome to our guest Q alum. BAAM Tobar the founder and CEO of Upbound. Welcome back. >>Thank you. Yeah, pleasure to be on, on the show again. >>So Paul, tell us the we're in this phase of migrations and, and moving to cloud native stacks. Are we another re-platforming generation? I mean, we've done, the enterprise has done this, you know, time and time again, and whether it's from Java to.net or net to Java or from bare metal to VMs, but are we in another age of replatforming? >>You know, it's interesting. Every company has now become a tech company and every tech company needs to build a very model, you know, modern digital platform for them to actually run their business. And if they don't do that, then they'll probably be out of business. And it is interesting to think about how companies are platforming and replatforming. Like, you know, as you said, just a, a few years back, you know, we were on people using cloud Foundry or using Heroku, you hear Heroku a lot, or, you know, now it's cloud native and Kubernetes and, and it, it begs the question, you know, is this the end that the tr point is this, you know, do we have a, you know, what, what makes us sure that this is the, you know, the last platform or the future proof platform that, that people are building, >>There's never a last platform, right? There's always something around the core. The question is, is Kubernetes Linux, or is it windows? >>That, that's a good question. It's more like more like Linux. I think, you know, the, you know, you've heard this before, but people talk about Kubernetes as a platform off platforms, you can use it to build other platforms. And if you know what you're doing, you can probably put, assemble a set of pieces around it and arrive at something that looks and can work for your business. But it requires a ton of talent. It requires a lot of people that actually can act, you know, know how to put the stick together to, to work for your business. It is, there's not a lot of guidance. I, we were, I think we were chatting earlier about the CSCF landscape and, and how there all these different projects and companies around it. But, but they don't come together in meaningful ways that you have, they act the enterprise itself has to figure out how to bring them together. Right. And that's the combination of what they do there organically or not is their platform. Right. And that changes. It can change over time. >>Do you think they really do. They really want to put these things together? I mean, there's, that's not what enterprise is like to do. They want to find someone who's gonna come in and turnkey do it all for >>Them. Yeah. And, and if there were, this is the, this is the things like EV every week now you hear about another platform that says, this is the new Heroku. This is the new cloud Foundry. This replaces every, you know, some vendor has, and you can see them all around here. You know, companies that are basically selling platform solutions that do put 'em together. And the problem with it is that you typically outgrow these, like you are, it might solve 80% of the use cases you care about, but the other 20% are not represented. And so you end up outgrowing the platform itself, right? And the, the choice has been mostly around, you know, do you buy something off the shelf that solves 80% of your use cases? Or do you build something on your own? And then you have to spend all your resources actually going through and building all of it. And that's been the dilemma, you know, people who talk about this as a platform dilemma, but it's been, it's been the way for a long time. Like you, every, we go through this cycle every few years and, you know, people end up essentially oscillating between buying something off the, you know, that's off the shelf or building it, building it themselves. >>So what's the payoff. If I'm a CIO and I'm looking at the landscape, I don't need to understand, you know, I don't know what a pod is to know that looking at 200 plus projects in co and at, in cloud native foundation and the bevy of, of co-located projects and, and conferences before the, even the start of this, what's the payoff >>Increasing the pace of innovation. I mean, that literally is when we talk to customers, they all say roughly the same thing. They want something that works for their business. They want something that helps them take their, you know, line of business applications to production in a much quicker way, lets them innovate, lets them create higher engineers that can, don't have to understand everything about every system, but can actually specialize and focus on the, the parts that they sh they care about. But it's all in the context of, you know, people want to be able to innovate at a very high pace. Otherwise they get disrupted. >>So I was at the, you know, my favorite part of coan in general is the hallway track and talking to people on the ground, doing cool things. I was talking to a engineer who was able to take their Java, stack their, their.net stack and start to create APIs between and break 'em into microservices. Now teams are working across from one another realizing that, that, that promise of innovation, but that was the end point. They they're there. Yeah. As companies are thinking about replatforming where like, where do we start? I mean, I'm looking at the, the C CNCF, the, the map and it's 200 plus projects. Where, where do I start? >>You typically today start with Kubernetes. And, and a lot of companies have now deployed Kubernetes to production as a container orchestrator, whether they're going through a vendor or not. But now you're seeing all the things around it, whether it's C I C D or GI ops that they're looking at, you know, or they're starting to build consoles around, you know, their, their platforms or looking at managing more than just containers. And that's a theme that, you know, we're seeing a lot now, people want, people want to actually bring this modern stack to manage, not just container workloads, but start looking at databases and cloud workloads and everything else that they're doing around it. Honestly, everybody's trying to do the same thing. They're trying to arrive at a single point of control, a single, you know, a platform that can do it all that they can centralize policies, centralized controls to compliance governance, cost controls, and then expose a self-service experience to the developers. Like they're all trying to build what we probably call an internal cloud platform. They don't know, they talk about it in different ways, but almost everyone is trying to build some internal platform that sits on top of, on premises. And on top of cloud, depending on their scenarios, >>You make an interesting point, which is that everyone here is to some extent trying to do the same thing. And there's fine points of granularity between now they're approaching it as you walk around this floor. Do you understand what all of these companies are doing? >>I'm not sure I understand all of them, but I, I do. I do recognize a lot of them. Yes. >>And in terms of your approach, you, you use the term control plane. What is distinctive about your approach? >>Very good question. So, you know, we, we end, Upbound take a, we we're trying to solve this problem as well. We're trying to help people build their own platforms, but let me, let me, you know, there's a lot to it. So let me actually step back and, and talk about the architecture of this. But if you were to look at any cloud platform, let's take the largest one. AWS, if you peek behind the scenes at AWS, you know, it's basically a set of independent services, EC two S three databases, et cetera, that are, you know, essentially working on different parts of, you know, like offer completely different pricing, different services, et cetera. They come together because they all integrate into a control plan. >>It's the thing that serves an API. It's the thing that gives it all a common feel. It's where you do access control. It's where you do billing metering, cost control policy, et cetera. Right? And so our realization was if the enterprises are platforming and replatforming, why shouldn't they build their platform in the same way that the cloud vendors build theirs? And so we started this project almost four years ago, now three and a half years called cross plain, which is a, essentially an open source control plane that can become the integration point for all services. And essentially gives you a universal control plane for cloud. >>So you mentioned the idea of if orchestrating or managing stuff other than containers, as I think about companies that built amazing platforms, enterprise companies, building amazing applications on AWS 10 years ago, and they're adopting the AWS control plane. And now I'm looking at Kubernetes is Kubernetes the way to multi-cloud to be able to control those discrete services in a AWS or Google cloud Azure or Oracle cloud, is that true? >>We kind have the tease it, the parts. So there are really two parts to Kubernetes and everybody thinks of Kubernetes as a container orchestration platform. Right? And you know, there is a sense that people say, if I was to run Kubernetes on everywhere and can build everything on top of containers, that I get some kind of portability across clouds, right. That I can put things in containers. And then they magically run, you know, in different environments. In reality, what we've seen is not everything fits in containers. It's not gonna be the world is not gonna look like containers on the bottom. Everything else is on top. Instead, what we're gonna see is essentially a set of services that people are using across the different vendors. So if you look at like, you could be at AWS shop primarily, but I bet you're using confluent or elastic or data breaks or snowflake or Mongo or other services. >>I bet you're using things that are on premises, right? And so when you look at that and you say to build my platform as an enterprise, I have to consume services from multiple vendors. Even if it's just one major cloud vendor, but I'm consuming services from others. How do I bring them together in meaningful ways so that I can, you know, build my platform on top of the collection of them and offer something that my developers can consume. And self-service on. That's not a, that's not just containers. What's interesting though, is if you look at Kubernetes and, you know, look inside it, Kubernetes built a control plane. That's actually quite useful and applicable outside of container scenarios. So this whole notion of CRDs and controllers, if you've heard that term, the ability, you know, like there are two parts to Kubernetes, there is a control plane, and then there's the container container workloads. >>And the control plane is generic. It could be used literally across, you know, you can use it to manage things that are completely outside of container workloads. And that's what we did with cross mind. We took the control plane of Kubernetes and then built bindings providers that connected to AWS, to Google, to Azure, to digital ocean, to all these different environments. So you can bring the way of managing, you know, the style of managing that Kubernetes invented to more than just containers. You can now manage cloud services, using the same approach that you are now using with Kubernetes and using the entire ecosystem of tooling around it. >>Enterprise has been under pressure to replatform for a long time. It was first go to Unix then to Linux and virtualize then to move to the cloud. Now, Kubernetes, do you think that this is the stack that enterprises can finally commit to? >>I think if you take the orientation of your deploying a control plane within your enterprise, that is extensible, that enables you to actually connect it to all the things that are under your domain, that that actually can be a Futureproof way of doing a platform. And, you know, if you look at the largest cloud platforms, AWS has been around for at least 15 years now, and they really haven't changed the architecture of AWS significantly. It's still a control plane, a set of control planes that are managing services. >>It's a legacy >>They've added a lot of services. They've have a ton of diversity. They've added so many different things, but the architecture is still a hub and spoke that they've built, right? And if the enterprise can take the same orientation, put a control plane, let it manage all the things that are, you know, about today, arrive at a single point of control, have a single point where you can enforce policy compliance, cost controls, et cetera, and then expose a self-service experience to your developers that actually can become future proof. >>So we've heard this promise before the cloud of clouds, basically, yes, the, the, to be able to manage everything, what we find is the devils in the details. The being able to say, you know, a load balancer issuing a, a command to, to deploy a load balancer in AWS is different than it is in Azure, which is different than it is in GCP. How do, how do enterprises know that we can talk to a single control plane to do that? I mean, that just seems extremely difficult to manage. >>Oh yeah. That the approach is not, you're not trying to create a lowest common denominator between clouds. That's a really, really hard problem. And in fact, you get relegated to just using this, you know, really shallow features of each, if you're, if you're gonna do that, like your, your example of load balancers, load balances look completely different between between cloud vendors, the approach that we kind of advocate for is that you shouldn't think of them as you shouldn't try to unify them in a way that makes them, you know, there's a, there's a global abstraction that says, oh, there's a load balancer. And it somehow magically works across the different cloud vendors. I think that's a really, really hard thing to say, to do as you pointed out. However, if you bring them all under a same control plane, as different as they are, you're able to now apply policies. You're able to set cost controls. You're able to expose a self-service experience on top of them, even, even if they are very different. And that's, that's something that I think is, you know, been hard to do in the past. >>So BAAM, we'll love to dig deeper into this in future segments. And I'm gonna take a look at the, the, the product and project and see where you folks land in this conversation from Valencia Spain, I'm Keith towns, along with Paul Gillon and you're watching the leader in high tech coverage.

(upbeat music) >> Okay, we're back. I'm John Furrier with theCUBE and we're going to go deeper into a deep dive into unified cloud networking solution from Pluribus and NVIDIA. And we'll examine some of the use cases with Alessandro Barbieri, VP of product management at Pluribus Networks and Pete Lumbis, the director of technical marketing and video remotely. Guys thanks for coming on, appreciate it. >> Yeah thanks a lot. >> I'm happy to be here. >> So a deep dive, let's get into the what and how. Alessandro, we heard earlier about the Pluribus and NVIDIA partnership and the solution you're working together in. What is it? >> Yeah, first let's talk about the what. What are we really integrating with the NVIDIA BlueField the DPU technology? Pluribus has been shipping in volume in multiple mission critical networks, this Netvisor ONE network operating systems. It runs today on merchant silicon switches and effectively it's standard based open network operating system for data center. And the novelty about this operating system is that it integrates distributed the control plane to automate effect with SDN overlay. This automation is completely open and interoperable and extensible to other type of clouds. It's not enclosed. And this is actually what we're now porting to the NVIDIA DPU. >> Awesome, so how does it integrate into NVIDIA hardware and specifically how is Pluribus integrating its software with the NVIDIA hardware? >> Yeah, I think we leverage some of the interesting properties of the BlueField DPU hardware which allows actually to integrate our network operating system in a manner which is completely isolated and independent from the guest operating system. So the first byproduct of this approach is that whatever we do at the network level on the DPU card is completely agnostic to the hypervisor layer or OS layer running on the host. Even more, we can also independently manage this network node this switch on a NIC effectively, managed completely independently from the host. You don't have to go through the network operating system running on X86 to control this network node. So you truly have the experience effectively top of rack for virtual machine or a top of rack for Kubernetes spots, where if you allow me with analogy, instead of connecting a server NIC directly to a switchboard, now we are connecting a VM virtual interface to a virtual interface on the switch on an niche. And also as part of this integration, we put a lot of effort, a lot of emphasis in accelerating the entire data plan for networking and security. So we are taking advantage of the NVIDIA DOCA API to program the accelerators. And these you accomplish two things with that. Number one, you have much better performance. They're running the same network services on an X86 CPU. And second, this gives you the ability to free up I would say around 20, 25% of the server capacity to be devoted either to additional workloads to run your cloud applications or perhaps you can actually shrink the power footprint and compute footprint of your data center by 20% if you want to run the same number of compute workloads. So great efficiencies in the overall approach. >> And this is completely independent of the server CPU, right? >> Absolutely, there is zero code from Pluribus running on the X86. And this is why we think this enables a very clean demarcation between compute and network. >> So Pete, I got to get you in here. We heard that the DPU enable cleaner separation of DevOps and NetOps. Can you explain why that's important because everyone's talking DevSecOps, right? Now, you've got NetSecOps. This separation, why is this clean separation important? >> Yeah, I think, it's a pragmatic solution in my opinion. We wish the world was all kind of rainbows and unicorns, but it's a little messier than that. I think a lot of the DevOps stuff and that mentality and philosophy. There's a natural fit there. You have applications running on servers. So you're talking about developers with those applications integrating with the operators of those servers. Well, the network has always been this other thing and the network operators have always had a very different approach to things than compute operators. And I think that we in the networking industry have gotten closer together but there's still a gap, there's still some distance. And I think that distance isn't going to be closed and so, again, it comes down to pragmatism. And I think one of my favorite phrases is look, good fences make good neighbors. And that's what this is. >> Yeah, and it's a great point 'cause DevOps has become kind of the calling car for cloud, right? But DevOps is a simply infrastructures code and infrastructure is networking, right? So if infrastructure is code you're talking about that part of the stack under the covers, under the hood if you will. This is super important distinction and this is where the innovation is. Can you elaborate on how you see that because this is really where the action is right now? >> Yeah, exactly. And I think that's where one from the policy, the security, the zero trust aspect of this, right? If you get it wrong on that network side, all of a sudden you can totally open up those capabilities. And so security's part of that. But the other part is thinking about this at scale, right? So we're taking one top of rack switch and adding up to 48 servers per rack. And so that ability to automate, orchestrate and manage its scale becomes absolutely critical. >> Alessandro, this is really the why we're talking about here and this is scale. And again, getting it right. If you don't get it right, you're going to be really kind of up you know what? So this is a huge deal. Networking matters, security matters, automation matters, DevOps, NetOps, all coming together clean separation. Help us understand how this joint solution with NVIDIA fits into the Pluribus unified cloud networking vision because this is what people are talking about and working on right now. >> Yeah, absolutely. So I think here with this solution we're attacking two major problems in cloud networking. One, is operation of cloud networking and the second, is distributing security services in the cloud infrastructure. First, let me talk about first what are we really unifying? If we're unifying something, something must be at least fragmented or disjointed. And what is disjointed is actually the network in the cloud. If you look wholistically how networking is deployed in the cloud, you have your physical fabric infrastructure, right? Your switches and routers. You build your IP clause, fabric leaf and spine topologies. This is actually a well understood problem I would say. There are multiple vendors with let's say similar technologies, very well standardized, very well understood and almost a commodity I would say building an IP fabric these days, but this is not the place where you deploy most of your services in the cloud particularly from a security standpoint. Those services are actually now moved into the compute layer where cloud builders have to instrument a separate network virtualization layer where they deploy segmentation and security closer to the workloads. And this is where the complication arise. This high value part of the cloud network is where you have a plethora of options that they don't talk to each other and they're very dependent on the kind of hypervisor or compute solution you choose. For example, the networking API between an ESXi environment or an Hyper-V or a Zen are completely disjointed. You have multiple orchestration layers. And then when you throw in also Kubernetes in this type of architecture, you are introducing yet another level of networking. And when Kubernetes runs on top of VMs which is a prevalent approach, you actually are stuck in multiple networks on the compute layer that they eventually ran on the physical fabric infrastructure. Those are all ships in the knights effectively, right? They operate as completely disjointed and we're trying to tackle this problem first with the notion of a unified fabric which is independent from any workloads whether this fabric spans on a switch which can be connected to bare metal workload or can span all the way inside the DPU where you have your multi hypervisor compute environment. It's one API, one common network control plane and one common set of segmentation services for the network. That's problem number one. >> It's interesting I hear you talking and I hear one network among different operating models. Reminds me of the old serverless days. There's still servers but they call it serverless. Is there going to be a term network-less because at the end of the day it should be one network, not multiple operating models. This is a problem that you guys are working on, is that right? I'm just joking serverless and network-less, but the idea is it should be one thing. >> Yeah, effectively what we're trying to do is we're trying to recompose this fragmentation in terms of network cooperation across physical networking and server networking. Server networking is where the majority of the problems are because as much as you have standardized the ways of building physical networks and cloud fabrics with IP protocols and internet, you don't have that sort of operational efficiency at the server layer. And this is what we're trying to attack first with this technology. The second aspect we're trying to attack is how we distribute security services throughout the infrastructure more efficiently whether it's micro-segmentation is a stateful firewall services or even encryption. Those are all capabilities enabled by the BlueField DPU technology. And we can actually integrate those capabilities directly into the network fabric limiting dramatically at least for east west traffic the sprawl of security appliances whether virtual or physical. That is typically the way people today segment and secure the traffic in the cloud. >> Awesome. Pete, all kidding aside about network-less and serverless kind of fun play on words there, the network is one thing it's basically distributed computing, right? So I'd love to get your thoughts about this distributed security with zero trust as the driver for this architecture you guys are doing. Can you share in more detail the depth of why DPU based approach is better than alternatives? >> Yeah, I think what's beautiful and kind of what the DPU brings that's new to this model is completely isolated compute environment inside. So it's the, yo dog, I heard you like a server so I put a server inside your server. And so we provide ARM CPUs, memory and network accelerators inside and that is completely isolated from the host. The actual X86 host just thinks it has a regular niche in there, but you actually have this full control plane thing. It's just like taking your top of rack switch and shoving it inside of your compute node. And so you have not only this separation within the data plane, but you have this complete control plane separation so you have this element that the network team can now control and manage, but we're taking all of the functions we used to do at the top of rack switch and we're distributing them now. And as time has gone on we've struggled to put more and more and more into that network edge. And the reality is the network edge is the compute layer, not the top of rack switch layer. And so that provides this phenomenal enforcement point for security and policy. And I think outside of today's solutions around virtual firewalls, the other option is centralized appliances. And even if you can get one that can scale large enough, the question is, can you afford it? And so what we end up doing is we kind of hope that NVIDIA's good enough or we hope that the VXLAN tunnel's good enough. And we can't actually apply more advanced techniques there because we can't financially afford that appliance to see all of the traffic. And now that we have a distributed model with this accelerator, we could do it. >> So what's in it for the customer real quick and I think this is an interesting point you mentioned policy. Everyone in networking knows policy is just a great thing. And as you hear it being talked about up the stack as well when you start getting to orchestrating microservices and whatnot all that good stuff going on there, containers and whatnot and modern applications. What's the benefit to the customers with this approach because what I heard was more scale, more edge, deployment flexibility relative to security policies and application enablement? What's the customer get out of this architecture? What's the enablement? >> It comes down to taking again the capabilities that we're in that top of rack switch and distributing them down. So that makes simplicity smaller, blast radius' for failures smaller failure domains, maintenance on the networks and the systems become easier. Your ability to integrate across workloads becomes infinitely easier. And again, we always want to kind of separate each one of those layers so just as in say a VXLAN network, my leaf in spine don't have to be tightly coupled together. I can now do this at a different layer and so you can run a DPU with any networking in the core there. And so you get this extreme flexibility. You can start small, you can scale large. To me the possibilities are endless. >> It's a great security control plan. Really flexibility is key and also being situationally aware of any kind of threats or new vectors or whatever's happening in the network. Alessandro, this is huge upside, right? You've already identified some successes with some customers on your early field trials. What are they doing and why are they attracted to the solution? >> Yeah, I think the response from customer has been the most encouraging and exciting for us to sort of continue and work and develop this product. And we have actually learned a lot in the process. We talked to tier two, tier three cloud providers. We talked to SP, Soft Telco type of networks as well as inter large enterprise customers. In one particular case one, let me call out a couple of examples here just to give you a flavor. There is a cloud provider in Asia who is actually managing a cloud where they're offering services based on multiple hypervisors. They are native services based on Zen, but they also on ramp into the cloud workloads based on ESXi and KVM depending on what the customer picks from the menu. And they have the problem of now orchestrating through their orchestrate or integrating with Zen center, with vSphere, with OpenStack to coordinate this multiple environments. And in the process to provide security, they actually deploy virtual appliances everywhere which has a lot of cost complication and eats up into the server CPU. The promise that they saw in this technology, they call it actually game changing is actually to remove all this complexity, having a single network and distribute the micro segmentation service directly into the fabric. And overall they're hoping to get out it tremendous OPEX benefit and overall operational simplification for the cloud infrastructure. That's one important use case. Another global enterprise customer is running both ESXi and Hyper-V environment and they don't have a solution to do micro segmentation consistently across hypervisors. So again, micro segmentation is a huge driver security. Looks like it's a recurring theme talking to most of these customers. And in the Telco space, we're working with few Telco customers on the CFT program where the main goal is actually to harmonize network cooperation. They typically handle all the VNFs with their own homegrown DPDK stack. This is overly complex. It is frankly also slow and inefficient. And then they have a physical network to manage. The idea of having again one network to coordinate the provisioning of cloud services between the Telco VNFs and the rest of the infrastructure is extremely powerful on top of the offloading capability opted by the BlueField DPUs. Those are just some examples. >> That was a great use case. A lot more potential I see that with the unified cloud networking, great stuff, Pete, shout out to you 'cause at NVIDIA we've been following your success us for a long time and continuing to innovate as cloud scales and Pluribus with unified networking kind of bring it to the next level. Great stuff, great to have you guys on and again, software keeps driving the innovation and again, networking is just a part of it and it's the key solution. So I got to ask both of you to wrap this up. How can cloud operators who are interested in this new architecture and solution learn more because this is an architectural shift? People are working on this problem, they're try to think about multiple clouds, they're try to think about unification around the network and giving more security, more flexibility to their teams. How can people learn more? >> Yeah, so Alessandro and I have a talk at the upcoming NVIDIA GTC conference. So it's the week of March 21st through 24th. You can go and register for free nvidia.com/gtc. You can also watch recorded sessions if you end up watching this on YouTube a little bit after the fact. And we're going to dive a little bit more into the specifics and the details and what we're providing in the solution. >> Alessandro, how can we people learn more? >> Yeah, absolutely. People can go to the Pluribus website, www.pluribusnetworks.com/eft and they can fill up the form and they will contact Pluribus to either know more or to know more and actually to sign up for the actual early field trial program which starts at the end of April. >> Okay, well, we'll leave it there. Thank you both for joining, appreciate it. Up next you're going to hear an independent analyst perspective and review some of the research from the enterprise strategy group ESG. I'm John Furrier with theCUBE, thanks for watching. (upbeat music)

>>Hello, and welcome to the cube unstoppable Doneen showcase. I'm John furrier, host of the cube. We got a great discussion here called the influencers around what's going on in web three and also this new sea change cultural change around this next generation, internet web cloud, all happening, Jeremiah yang industry analyst, and founding part of the cleaner insights. Share my great to see you. Thanks for coming on. Appreciate it. Uh, registered vice-president of marketing at unstoppable domains in the middle of all the actions. Gentlemen, thanks for coming on on the cube for this showcase. >>My pleasure. So I think it was done >>At Jeremy. I want to start with you. You've seen many ways, but fallen all of your work for over a decade now. Um, you've seen the web 2.0 wave. Now the web three's here. Um, and it's not, I wouldn't say hyped up. It's really just ramping up and you're seeing real practical examples. Uh, you're in the middle of all the action. What is this web three? Can you frame for us that mean you've seen many waves? What is web three mean? What is it? What is it all about? >>Well, John, you and I worked in the web to space and essentially that enabled peer to peer media where people could, could upload their thoughts and ideas and videos, um, without having to rely on centralized media. And unfortunately that distributed and decentralized movement actually became centralized on the platforms or the big social networks and big tech companies. And this has caused an uproar because the people who are creating the content did not have control, could not control their identities and could not really monetize or make decisions. So web three is what is, which is a moniker of a lot of different trends, including crypto blockchain. And sometimes the metaverse is to undo the controlling that has become centralized. And the power is now shifting back into the hands of the participants again, and then this movement, they want to have more control over their identities, their governance, the content that they're creating, how they're actually building it and then how they're monetizing it. So in many ways, it's, it's changing the power and it's a new economic model. So that's web three without really even mentioning the technologies. Is that helpful? >>Yeah, that's great. And ran. We were talking about, on the cute many times and one notable stat, I don't think it's been reported, but it's been more kind of a rumor. I hear that 30% of the, um, Berkeley computer science students are dropping out and going into crypto or blockchain or decentralized startups, which means that this there's a big wave coming in of talent. You seeing startups, you're seeing a lot more formation. You're seeing a lot more, I would say, kind of ramping up of real people, not just, you know, people with a dream it's actual builders out here doing stuff. What's your take on the web three, moving with all this kind of change happening, uh, from people and also the new ideas being refactored. >>I think that the competition for talent is extremely real. And we start looking at the stats. We see that there is an draft of people that are moving into this space. People that are fascinated by technology and are embracing the ethos of web three. And at this stage, I think it's not only engineers and developers, but we have moved into a second phase where we see that a lot of supporting functions know marketing, being one of them, sales, business development, uh, are being built up quite rapidly. It's not without actually reminding me of the mid two thousands. You know, when I started, uh, working with Google at that point in time, the walled gardens rightly absorbing vast, vast cohorts of young graduates and more experienced professionals that are passionate and moving into the web environment. And I think we are seeing a movement right now, which is not entirely dissimilar, except >>Yeah, Jeremiah. You've seen the conversations over the cloud. I call the cloud kind of revolution. You had mobile in 2007, but then you got Amazon web services changed the application space on how people developed in the cloud. And again, that created a lot of value. Now you're seeing the role of data as a huge part of how people are scaling and the decentralized movement. So you've got cloud, which is kind of classic today. State-of-the-art, you know, enterprise and or app developers and you've got now decentralized wave coming. Okay. You're seeing apps being developed on that, that architecture data is central in all of this, right. So how do you view this? As, as someone who's watching the landscape, you know, these walled gardens are hoarding all the data. I mean, LinkedIn Facebook, they're not sharing that data with anyone they're using it for themselves. So as they can control back, comes to the forefront, how do you see this market with the applications and what comes out of that? >>So the thing that we've seen and out of the five things that I had mentioned that are decentralizing, the ones that have been easier to move across have been the ability to monetize and to build. But the data aspect has actually stayed pretty much central. Frankly. What has decentralized is that the contracts to block blockchain ledgers to those of decentralized. But the funny thing is often a big portion of these blockchain networks are on Amazon 63 to 70%, same thing with Stelara. So they're still using the web 2.0 architectures. However, we're also seeing other farms like IPFS, where the data could be to spread it across a wider range of folks. But right now we're still dependent on what we're to point out. So the vision and the problem with 3.0, when it comes to full de-centralization is not here by any means. I'd say we're at a web 2.2, five, >>Pre-web 3m, no actions there. What do you guys, how do you guys see the, um, the dangers? Cause there's a lot of negative press, but also is a lot of positive press. You seeing, you know, a lot of fraud, we've seen a lot of the crypto fraud over the past years. You've seen a lot of now positives, it's almost a self-governance thing and environment, the way the culture is, but what are the dangers? How do you guys educate people? What should people pay attention to? What should people look for to understand, you know, where to position themselves? >>Yes. So we've learned a lot from web one, we to the sharing economy and we are walking into two and three with eyes wide open. So people have rightfully put forth a number of challenges, the sustainability issues with excess using of computing and mining, the, um, the excessive amount of scams that are happening in part due to unknown identities. Um, also the architecture breaks down in certain periods and there's a lack of regulation. Um, this, this is something different though in the last, uh, uh, periods that we've gone through, we didn't really know what was gonna happen. And we walked in big, this is going to be great. The sharing economy, the gig economy, the social media is going to change the world. Hurrah is very different. Now people are a little bit jaded. So I think that's the big change. And so I think we're going to see that, uh, you know, soar it out and suss out just like we've seen with other prints. It's still very much in the early years, >>Right. I got to get your take on this whole, uh, should influencers and should people be anonymous or should they be doxed out there? You saw the board eight guys that did, that were kind of docs a little bit there and that went, went viral. Um, this is an issue, right? Because we, we just had a problem of fake news, uh, fake people, fake information, and now you have a much more secure environment. Immutability is a wonderful thing. It's, it's a feature, not a bug, right. So how is this all coming down? And I know you guys are in the middle of it with, uh, NFTs as, as authentication tickets. What's your take on this because this is a big issue. >>Look, I think first I am extremely optimistic about technology in general. Uh, so I'm super, super bullish about this. And yet, you know, I think that while crypto has so many upsides, it's important to be super conscious and aware of the downsides that come with it too. You know, if you think about every fortune 500 company, there is always training required by all employees on internet safety reporting of potential attacks. And so on in web three, we don't have that kind of standard reporting mechanisms yet, uh, for bad actors in that space. And so when you think about influencers in particular, they do have a responsibility to educate people about, uh, the potential, but also the dangers of the technology of web three, uh, of crypto basically, uh, whether you're talking about hacks online safety, the need for hardware impersonators on discord, uh, security, uh, storing your, your seed phrase. >>So every actor in France or ELs has got a role to play. I think that, uh, in that context, to your point, it's very hard to tell whether influencers should be, uh, anonymous, opposite inverse or footy dogs. The decentralized nature of web three will probably lead us to see a combination of those anonymity levels, um, so to speak, um, and the, uh, movements that we've seen around some influencers, identities becoming public are particularly interesting. I think there's probably a convergence of web two and web three at play here. You know, maybe a on the notion of 2.5 for, I think in way to all business founders and employees are known and they're held accountable for their public comments and actions. Um, if web three enables us to be anonymous, if dials have 14 control, you know, what happens if people make comments and there is no way to know who they are basically, uh, what if the dowel doesn't take appropriate action? I think eventually there will be an element of community self-regulation where influencers will be, uh, acting in the best interest of their reputation. And I believe that the communities will self regulate themselves and we'll create natural boundaries around what can be said or not. >>I think that's a really good point about, um, influencers and reputation because Jeremiah doesn't matter that you're anonymous. I have an icon that could be a NFT or a picture, but if I have an ongoing reputation, I have trust there's trust there. It's not like a, you know, just a bot that was created just to spam someone. It was just, you know what I'm saying? They getting into you getting into this new way. >>You're right. And that, that word you said, trust, that's what really, this is about. But we've seen that public docks people with their full identities have made mistakes. They have pulled the hood over people's faces in and really scammed them out of a lot of money. We've seen that in it that doesn't change anything in human behavior. So I think over time that we will see a new form of a reputation system emerged even for pseudonyms and perhaps for people that are just anonymous that only show their a potential, a wallet address, a series of numbers and letters. Um, that form might take a new form of a web 3.0 FICO score, and you can look at their behaviors. Did they transact? You know, how do they behave? Do they, were they involved in projects that were not healthy? And because all of that information is public on the chain and you can go back in time and see that we might see a new form of, of, of a scoring emerge. >>Of course, who controls that scoring that's a whole nother topic, gong on control and trust. So right now, John, we do see that there's a number of projects, new NFG projects, where the founders will claim and use this as a point of differentiation that they are fully docs. So you know who they are and their names. Secondly, we're seeing a number of, um, uh, products or platforms that require KYC, know your customer so that self-identification often with a government ID or a credit card in order to bridge out your, your coins and turn that into a Fiat. In some cases that's required in some of these marketplaces. So we're seeing a coalition here between, uh, full names and pseudonyms and being anonymous. >>That's awesome. And that, and I think this is the new, again, a whole new form of governance ran. You mentioned some comments about Dow. So I want to get your thoughts again, you know, Jeremiah, we become historians over the years. We're getting old, I'm a little bit older than you, but we've seen the movie war. You know, I remember breaking in the business when the computer standards bodies were built to be more organic, and then they became much more of a kind of an anti-innovation environment where people, the companies would get involved the standards organization just to slow things down and muck things up a little bit. Um, so you know, you look at Dallas like, Hmm, is a Dal, a good thing, or a bad thing that the answer is from people I talked to, is it depends. So I'd love to get your thoughts on getting momentum and becoming defacto with value, a value proposition. Vis-a-vis just adapt for the sake of having a doubt. This has been a conversation that's been kind of in the inside the baseball here, inside the ropes of the industry, but there's trade-offs, can you guys share your thoughts on when to do a Dow and when not to do a Dow and the benefits and trade-offs of that? >>Sure. Maybe I'll start off with a definition and then we'll go to rent. So a Dao, a decentralized autonomous organization, the best way to think about this. It's a digital cooperative and we've heard of worker cooperatives before the differences that they're using blockchain technologies in order to do the three things, identity governance, and rewards and mechanisms. They're relying on web 2.0 tools and technologies like discord and telegram and social networks to communicate. And there's a cooperative they're trying to come up with a common goal, um, Ren, but what's your take, that's the setup? >>So, you know, for me, when I started my journey into crypto and web tree, I had no idea about, you know, what that actually meant and, uh, an easy way for me to think of it and to grasp the nature of it was about the comparison between a dowel and perhaps a more traditional company structure. Um, you know, in a traditional company structure, you have a Yorkie, the company is led by a CEO and other executives, uh, that that was a flat structure. And it's very much led by a group of core contributors. So, uh, to Jeremiah's point, you know, you get that notion of a co-operative, uh, type of structure. The decision-making is very different. You know, we're talking about a hot, super high level of transparency proposals getting submitted and, and voting systems, using applications, as opposed to, you know, management, making decisions behind closed doors. >>I think that speaks to a totally new form of governance. And I think we have hardly, hardly scratched the surface. We have seen recently, uh, very interesting moments in web tree culture. And we have seen how that was suddenly have to make certain decisions and then come to moments of claiming responsibility, uh, in order to, uh, put his behavior, uh, of some of the members. I think that's important. I think it's going to redefine how we're thinking about that, particularly new governance models. And I think he's going to pave the way for a lot of super interesting structure in the near future. >>That's a great point, ran around the transparency for governance. So John, you posed the question, does this make things faster or slower? And right now most dowels are actually pretty slow because they're set up as a flat organization. So as a response to that, they're actually shifting to become representative democracies. Does that sound familiar where you can appoint a delegates and use tokens to vote for them? And they have a decision power, almost like a committee and they can function. And so we've seen actually there are some times our hierarchies, except the person at the top is voted by those that have the tokens. In some cases, the people at the top had the most tokens, but that's a whole nother topic. So we're seeing a wide variety of governance structures, >>You know, rent. I was talking with Matt G the founder of, and I was telling him about the domain name system. And one little trivia note that many people don't know about is that the U S government cause unit it was started by the U S the department of commerce kept that on tight leash because the international telecommunications union wanted to get their hands on it because of ccTLDs and other things. So at that time, because the innovation yet wasn't yet baked out. It was organically growing the governance, the rules of the road, keeping it very stable versus meddling with it. So there's certain technologies that require Jeremiah that let's keep an eye on as a community. Let's not formalize anything like the government did with the domain name system. Let's keep it tight. And then finally released it, I think multiple years after 2004, I think it went over to the, to the ITU, but this is a big point. I mean, if you get too structured, organic innovation, can't go, what you guys' reaction to that. >>So I think to take a stab at it, um, we have as a business, you know, thinking of unstoppable domains, a strong incentive to innovate, uh, and this is what is going to be determining longterm value growth for the organization for, uh, partners, for users, for customers. So, you know, that degree of formalization actually gives us a sense of purpose and a sense of action. And if you compare that to Dows, for instance, you can see how some of the upsides and downsides can pan out either way. It's not to say that there is a perfect solution. I think one of the advantages of the Dow is that you can let more people contribute. You can probably remove bias quite effectively, and you can have a high level of participation and involvement in decisions and all the upside in many ways. Um, you know, as a company, it's a slightly different setup. We have the opportunity to coordinate a very, uh, diverse and part-time workforce in a very, uh, you know, different way. Um, and we do not have to deal with the inefficiencies that might be, you never run to some form of extreme decentralization so that those are balanced from an organizational structure, uh, that comes, uh, either side >>Sharon. I want to get your thoughts on, on, on a trend that you've been involved in. We both been involved in, and you're seeing it now with the kind of social media world, the world of a role of an influencer it's kind of moved from what was open source and influencer was a connect to someone who shared graded content, um, enabled things to much more of a vanity that the photo on Instagram and having a large audience. Um, so is there a new influencer model with web three or is it, is it the, I control the audience I'm making money that way. Is there a shift in the influencer role or, or ideas that you see that should be in place for what is the role of an influencer? Because as web three comes, you're going to see that role become instrumental. We've seen it in open source projects, influences, you know, the people who write code or ship code. So what's your take on that because there's been a conversation with people who have been having the word influencer and redefining and reframing it. >>Sure. The influence model really hasn't changed that much, but the way that they're behaving has when it comes to at three, this market, I mean, there's a couple of things. Some of the influencers are in investors. And so when you see their name on a project or a new startup, that's an indicator, there's a higher level of success. You might want to pay more attention to it or not. Secondly, influencers themselves are launching their own NFC projects. Gary Vaynerchuk, a number of celebrities, Paris Hilton is involved and they are also doing this as well. Steve Aoki, a famous DJ launched his as well. So they're going head first and participating in building in this model. And there are communities are coming around them and they're building economies. Now the difference is it's not, I speak as an influencer to the fans. The difference is that the fans are now part of the community and they hold, they literally holding own some of the economic value, whether it's tokens or the NFTs. So it's a collaborative economy, if you will, where they're all benefiting together. And that's a, that's a big difference as well. Lastly, there's, there's one little tactic we're seeing where marketers are airdropping in FTS, branded NFTs influencers with wallet. So you can see it in there. So there's new tactics that are forming as well. Yes. >>Super exciting. Ren, what's your reaction to that? Because he just hit on a whole new way of, of how engagement's happening, how people are closed, looping their, their votes, their, their votes of confidence or votes with their wallet. Um, and some brands which are artists now, influencers. I mean, this is a whole game-changing instrumentation level. >>I think that's what we are seeing right now is super re invigorating as a marketeer who has been around for a few years, basically. Um, I think that the shift in the web brands are going to communicate and engage with our audiences is profound. It's probably as revolutionary and even more revolutionary than the movement for, uh, brands in getting into digital. And you have that sentiment of a gold rush right now with a lot of brands that are trying to understand NFTs and, and how to actually engage with those communities and those audiences, um, dominate levels in which brands and influencers are going to engage. There are many influencers that actually advanced the message and the mission because the explosion of content on web tree has been crazy. Part of that is due to the network effect nature of crypto, because as Jeremiah mentioned, people are incentivized to promote projects, holders of an NFTA, also incentivized to promote it. So you end up with a flywheel, which is pretty unique of people that are hyping the project, and that are educating other people about it and commenting on the ecosystem, uh, with IP rights, being given to NFT holders, you're going to see people pull a brand since then of the brands actually having to. And so the notion of brands, again, judging and delivering, you know, elements of the value to their fans is something that's super attractive, extremely interesting. And I think, again, we've hardly scratched the surface of all that is possible in that. >>It's interesting. You guys are bringing some great insight here, Jeremiah, the old days, the word authentic was a kind of a cliche and brands like tried to be authentic and they didn't really know what to do. They called it organic, right? And now you have the trust concept with aura authenticity and environment like web three, where you can actually measure it and monetize it and capture it if you're actually authentic and trustworthy. >>That's right. And because it's on blockchain, you can see how somebody is behave with their economic behavior. In the past, of course, big corporations. Aren't going to have that type of trail on blockchain just yet. But the individuals and executives who participate in this market might be, and we'll also see a new types of affinity. Do you executives, do they participate in these NFT communities? Do they purchase them? We're seeing numerous brands like Adidas to acquire, uh, you know, different MTV projects to participate. And of course the big brands are grabbing their domains. Of course, you can talk to rant about that because it's owning your own name as a part of this trust and being >>That's awesome. Great insight guys. Closing comments, takeaways for the audience here. Each of you take a minute to give, share your thoughts on what you think is happening now, where it goes. All right, where's it going to go, Jeremy, we'll start with you. >>Sure. Um, I think the vision of web three, where full decentralization happens, where the power is completely shifted to the edges. I don't think it's going to happen. I think we will reach web 2.5 and I've been through so many tech trends where we said that the power is going to shift completely to the end. It just doesn't, there's two reasons. One is the venture capital are the ones who tend to own the pro programs in the first place. And secondly, the, the startups themselves end up becoming the one percenters. We see Airbnb and Uber are one-percenters now. So that trend happens over and over and over. Now with that said, the world will be in a better place. We will have more transparency. We will see economic power shifted to the people, the participants. And so they will have more control over the internet that they are building. >>Right. And final, final comments, >>Um, fully aligned with Jeremiah on the notions of control, being returned to users, the notion of ownership and the notion of redistribution of the economic value that is created across all the different chains, uh, uh, that we are going to see. And, and all those ecosystems. I believe that we are going to witness to palliate movements of expansion, one that is going to be very lateral. When you think of crypto and web three, essentially you think of a few hundred tribes. Uh, and I think that more projects are going to appear more, uh, coalitions of individuals and entities, and those are going to exist around those projects. So you're going to see an increase in the number of tribes that one might join. And I also think that we're going to progress rapidly from the low hundred millions of people and an FTE holders into the billions perfectly. Uh, and that's going to be extremely interesting. I think that the next wave of crypto users and Ft fans are going to look very different from the early adopters that we had witnessed in the very early days. So it's not going to be your traditional model of technology, adoption curves. I think the demographics going to shift and the motivations are going to be different as well, which is going to be a wonderful time to educate and engage with new community members. >>All right, Ron, Jeremy, thank you both for that great insight, great segment, uh, breaking down web three or web 2.5 as Jeremiah says, but we're in a better place. This is a segment with the influencers as part of the cubes and the unstoppable domain showcase. Um, John for your hosts. Thanks for watching.

(bright music) >> Hi, everyone. Welcome to the CUBE's presentation of the AWS Startup Showcase around open cloud innovations. It's the season two episode one of the ongoing series covering exciting startups from the AWS ecosystem and talking about open source and innovation. I'm John Furrier, your host. Today, we're joined by two great guests. Dan Garfield, chief open source officer and co-founder of Codefresh IO, and Raziel Tabib, CEO and co-founder. Two co-founders in the middle of all the innovation. Gentlemen thanks for coming on. >> Thank you. >> So you guys have a great platform and as cloud native goes mainstream in the enterprise and for developers, the big topic is unification, end-to-end, horizontally scalable, leveraging data. All these things around agile that I call agile cloud next level. This is kind of what we're seeing. The CNCF is growing. You've seen KubeCon every year is more about these kinds of things. Words like orchestration, Kubernetes, container, security. All of those complexities are now at the center of making things easier for developers. This is a key value proposition and you guys at Codefresh are offering really the first enterprise delivery solution powered by Argo, which is an open source project. Again, open source driving really big changes. So let's get into it. And first of all, congratulations, and thanks for working on this project. What's so special about- >> Thank you for that. >> Argo the project, and why have you guys decided to build a platform on it, and where is this coming together? Take us through why this is so important. >> I think Argo has been a very fast growing open source project for multiple reasons. A, it has been built for the new way of building and deploying an application. It's cloud native. You mentioned Kubernetes becoming kind of the de facto way of running application. It's the de facto way to run automation and pipeline. But also Argo has been built from the ground up to the latest practices of how we deploy software. We deploy software now differently. We deploy it using a GitOps practice. We're deploying it using canary blue-green progressive deployment. And Argo has been built around these practices, around these technologies, and has been very much widely adopted by the community. In the past, the KubeCon you've mentioned, Argo was all over the place. And we were very glad to be working with the community to talk about what the next steps with Argo. >> Yeah, it's a really good point. I would like to just follow up on that because you see this being talked about. It always comes up, where is open source really outside of a pure contributors matter? And when you have corporations contributing, you seeing this has been the trend. You saw it with Lyft, with Envoy, companies doing more and more open source. This is part of a big collaboration. And again, this comes back down to this whole why it's relevant and why it's so special with Argo. Continue to talk about relationship because it's not just you guys, it's now community. >> Yeah, I can speak to that. The Argo project is something that we maintain in partnership with several other companies and really our relationship with it is that this is something that we're actively contributing to. This is something that we're helping build the roadmap on and planning the events around and all those kinds of things. And we're doing that because we really believe in this technology and we've built our platform on it. So when you deploy Codefresh, you're deploying technology that's built directly on Argo and is designed specifically to solve that problem that you spoke to at the top of the hour. We all want to deliver software faster. We all want to have fewer regressions. We want to have fewer breaking changes. We want software to be super reliable. We want to be comfortable with what we're doing. That's really why we picked Argo because that technology that we have it is to Raziel's point delivered in this new way. It's delivered using GitOps. And that's a whole revolution and change in the way that people build and deploy software. And bringing cohesion into that experience is so critical to building the confidence that lets you actually deploy often and frequently and more. >> Dan, if you don't mind just expanding on that one point about the problem you solve, because to me, this has been kind of that evolution. It's almost like, yeah, there's been problems, plural, and opportunities that you saw with those in growing markets like this with DevOps and DevSecOps and now cloud native. What is the catalyst behind all of this? What was the epiphany behind it? How did it get so much momentum? What was it really doing under the covers? >> Well, it's a very simple and easy to use set of tools. And that's one of the big things is that if you look at the ideas of GitOps and there's actually a foundation around this that were part of called open GitOps to GitOps working group under the CNCF. And those principles of, I want to, yes, do my software defined as code. I want to do my infrastructure defined as code and I need something monitoring by production run times and making sure that the declared desired state is always matching the actual state. Those principles have actually been around for a number of years. And with Kubernetes, we really unlocked an API that allowed us to start doing GitOps and this is why we bring in Argo and you see the rise of Argo CD and other workflows and what we've been doing is really because that technology has been unlocked now. So the ability to define how your software is supposed to run and now your entire software delivery stack should run, all defined and then monitored and then kept in check using the GitOps operator. That critical unlock is what's really driving the massive adoption. And like Raziel said, Argo is the fastest growing and most popular open source project for delivering software. And it's not even close. >> Yeah, this is really great point. And I want to get into that 'cause I want to know why, what you guys do on your platform versus the open source and get that relationship settled? Before we get there, though, I want to get your reaction to some of the commentary in the industry 'cause GitOps trend has been exploding into new directions. I mean, it used to be a term about 10 years ago called big data. And at the beginning where data was all big data. Now it was DevOps revolution around data as well. But now you're hearing people talk about big code. Like, I mean, the code bases are becoming so huge. So as a developer, you're leveraging large open source code. This idea of the software delivery with existing code and new code just adds to more code. There's more code being developed every day. >> There is more code delivered every day. And I think that organization realize today, almost in every industry that they have to pace up how fast and how frequent they update their software delivery. We're living in a world in which every aspect of our life has been disrupted by software and organization realize that they have to keep up and figure out how to deploy software more frequent and more lively. And I think, you mentioned that really Kubernetes, the cloud native became the de facto way of running application. I think most of organization has made that decision to move into cloud native. The second question is after, is okay, now we have all applications running, how fast and how more frequent we can deploy applications to the cloud native? And that's the stage in which we're super excited about Argo and our up platform because that's basically streamline the building application for these cloud native, deploying applications for the cloud native, and so on. >> Yeah, and I think that highlights the business value. You getting a lot of the conversations with businesses that say they want the modern application on the cloud scale. And at the end of the day, it comes down to speed and security. So how fast can I get the app out? How well does it work? Does it run performance? And does it have security? And I don't want a slow. >> Exactly. Exactly. It kind of oversimplifies it, but that's kind of the net net. So when you look at Argo open source, what's that's done and kind of where you guys are taking it. Can you talk about the differences between your enterprise version and the open source version and the interplay there, the relationship, the business model health customers can play on both sides or understand the difference? >> Sure. >> Go ahead. >> Go ahead, Raziel. Okay, so I think Argo, as you mentioned, is probably the most advanced technology today to both run pipelines. They're like events to trigger pipelines and Argo work for the one that pipelines, the Argo CD for GitOps and Rollout, for Canary blue-green strategies. And the adoption is really exploding. Just as an Advocate that we had in December, we have worked with the community and organized ArgoCon events in which we had initially kind of thought about 500 attendees. And so we have more than 4,000 registrants and majority of them are coming from enterprise. Now as we have talked to the community during this conference and figure out, okay, so what are the things that you're still missing? And that will help you take the benefit that you get from Argo to the next level. The few things that came up. One is Argo is a great technology. However, Argo now is fragmented into four projects. There is an advance. There is workflow. There is Argo CD. And there is Argo Rollout. And there is a need to bring them all together into a solid platform, solid one run time that can be easily installed, monitor all of these in a single UI, in a single control plane. That's one aspect. The second is the scalability. Really being able to manage it centrally across multiple clusters, not in one cluster. And what we bring in with the new one, we're so excited about this platform, is we're bringing that big. The first to get all of these four projects in one runtime, and one control plane, but also allow the community to run it across multiple cluster from one place getting into the solution, not just as a technology. >> If I may add to that, the value of bringing these projects together, it provides so many insights. So when you're trying to figure out, there's some breaking change that has been made, but you don't necessarily know where it is because you have a lot of microservices that are out there. You have a lot of teams working on it. By bringing all of these things together, we're able to look at all of the commits, all of the deployments, all of the Jira issues. All of these components combined together, so you really get a single view where you can see everything that's going on. And this is another element where when you're trying to deploy software at scale, you're trying to deliver it faster. People are getting a little bit overwhelmed because there are so many updates and so many different services and so many teams working that they're starting to miss that visibility. So this is what we want to bring into the ecosystem is we really want them that visibility to be super clear. And by bringing all of the Argo components, the Argo tools together, we're able to do that in a single dashboard. >> Yeah, so if I get this right, let me just double click on that because it sounds like, yeah, Argo's great. It's been organically growing, a lot of different components to it, but when you start getting into pushing code in an organization, you have, I call the old-school version control kind of vibe going on where it's like you don't know what's out there and how that affects the system as it's a distributed system, which cloud is. There are consequences when stuff breaks. So we all know that. Is that kind of where you guys are getting at? The challenge is actually the opportunity at the same time where it's all goodness, but then when you start looking at scale and the system impact, is that kind of where the open source and you guys pick up, is that right? >> This is one aspect. I think the second one is that again, when you look at each individual component of Argo, each provide a lot of value by itself. But when you sum it, the value of the sum is greater than the value of the individual. So when you're taking, really the events and workflow, Argo CD and Argo Rollout, and you bring them all together into single runtime. The value of its time is really automation all the way from code to cloud. It's not breaking into, there is like an automation for CI, there's an automation for CD, there's information for progressive delivery. It's actually automated all the way from the Git commit through the GitOps through the deployment strategy, and so on. And being able to monitor it and scale it in the enterprise scale. So, of course, it's helping enterprise and make Argo to some level more crucial for enterprise, if I may say, but second is really bringing all of these components together and get the outcome be greater than the individual parts. >> Yeah, that's a good point. Yeah, make it make a commercial grade, if you will, for enterprise who wants to have support and consistency and whatnot. What other problems are you solving? Dan, can you chime in on the whole, how you guys resolve some of these challenges for the enterprise? Because, again, some stability is key as well, but also the business benefit has got to be there for the development teams. >> Yeah. So there's several. One aspect is that the way that most people operate today is they essentially do a bunch of commands and engage with systems. And then hopefully at the end, they write those things to Git. And this is a little bit backwards if you think about it because there's a situation where you can end up with things in production that were never checked in, or maybe somebody is operating and they're making a change. If we look at most of the downtime that's occurred over the last two years, it's because people have flubbed a key when they were typing in a command or something like that. The way that this system works is that we provide an interface, both the CLI and the GUI, where those operations interactions actually end with a Git commit. So rather than doing an operation and then hopefully committing to Git, most of the operations are actually done first in Git, or if there is something that can't be done first in Git, it's maybe bootstrapped and then committed to Git as part of a single command. So this means you have end-to-end traceability. It also means your auditability is way better. And then the second, the other component that we're adding is that security and scale layer. So we are securing these things, we're building in single sign-on, and all those robust security things you would expect to have across all these instances. So many organizations, when they're building their software delivery tools, they have to deploy instances in many locations. And so this is how you end up with companies that have 5,000 instances that are all out of date and insecure. Well with Codefresh, if you need to deploy a component onto this end cluster or something like that, you may have thousands of them. All of those are monitored and taken care of in a centralized way, so I can do all of my updates at once. I can make sure they're all up to date. I'm not running with a bunch of known CVEs or something like that and it's clear. The components are also designed in an architectural way. So that only the information that is needed is ever passed out. So I can have a cluster that is remotely managed, that checks out code, that the control plane never has access to. So this hybrid model has been really popular with our customers. We have customers in healthcare, we have customers in defense and in financial services, all these regulated industries. The flow of information is really critical. So this hybrid model allows you to deploy something that has the ease of a SaaS solution, but has the security of an on-prem solution while being centrally managed and easy to take care of. >> Yeah, it's a platform. It's what it is. It's not a tool. It's not a tool anymore. It's a platform. >> Exactly. >> I think the foundational aspect of this is critical. And you mentioned automation before. If you're going to go end-to-end automation, you have some stuff in the system that whether it hasn't been checked in yet. I mean, we know what this leads to. Disaster or a lot of troubleshooting and disruption. That's what it seems to solve. Am I getting that right? Is that right? >> Yeah. >> Go ahead. >> Yeah, it helps automate the whole process. But as you say, it's really like identify what needs not to be going all the way to production and really kind of avoid vulnerabilities or any flaws in the software. So it automates everything, but in a way that the automation can identify issues and avoid them from coming into the production. >> Well, great stuff here. I've got to ask you guys now that you've got that settled. It's really, I see the value there, how you guys are letting it grow organically and with Argo and then building that platform for businesses and developers. It's really cool. And I see the foundational value there. It just only gets better. How you guys contributing back to open source and helping the wider GitOps and Argo communities? Because this is, again, the rising tide that's bringing all the boats into the harbor, so to speak. So this is a good trend and people will acknowledge that. So how's this going to work as you guys work back into the open source community? >> So we work closely with both myself and the other maintainers worked closely with the community on the roadmap and making sure that we're addressing issues. I think if you look in the last quarter, we probably have upwards of 40 or 50 different issues that we've solved in terms of fixing a bug or adding features or things like that. So making sure that these tools, which are really the undergirding components of our platform, they have to be really robust. They have to be really strong. And so we're contributing those things back. And then when it comes to the scalability side, these are things that we can build into the platform. So the value should be really clear. I can deploy this, I can manage it myself, I can build tools on top of it. And if I want to start doing it at scale, maybe I want support. That's when I really am going to go to Codefresh and start saying, let's get the enterprise little platform. >> Awesome. GitOps, a lot of people like some naysayers may say, Hey, it's the latest fad. Is it here to stay? We were talking about big code earlier. GitOps, obviously seeing open source. Just every year, just get better and better and growth. I mean, I remember when I was breaking into the business, you have to sell under the table. Now it's all free and open and getting better every year. Just the growth of code. Is GitOps a fad? How do you talk to people who say that? I mean, besides slapping around saying wake up. I mean, how do you guys address that when people say it's just the latest fad? >> So if I may comment here and Dan feel free to chime in, I think that the GitOps is a continuation of a trend that everything is a source code. As a developer, many years ago myself and still writing code, always both code and code was the source of tool that's where we write the code. But now code actually is also describing how our application is running in production. And we've already seen kind of where it's get next. We also hear about infrastructure as a code. So now actually we storing the code the way the infrastructure should be. And I think that the benefit of storing all this configuration in a source code, which has been built to track changes, to be enabled to roll back, that is just going to be here to stay. And I think that's the new way of doing things. >> All right, gentlemen, great. Closing statements. Please share an update on the company. What it's all about? What event you got coming? I know you got a big launch. Can you take us through? Take us home. >> Join on February 1st, we're going to be launching the Codefresh software delivery platform. Raziel and I will be hosting the event. We've got a number of customers, a number of members of the community who are going to be joining us to show off that platform. So you're going to be able to see it in action, see how the features work, and understand the value of it. And you'll see how it works with GitOps. You'll see how it helps you deliver software at scale. That's February 1st. You can get information at codefresh.io. >> Raziel, Dan, thanks for coming on. >> Thank you. >> Pretty good showcase. Thanks for sharing. Congratulations. Great venture. Loved the approach. Love the growth in cloud native and you guys sure on the cutting edge. Fresh code, people love fresh code, codefresh.io. Thanks for coming on. >> Thank you. Thank you. >> Okay, this is the AWS Startup Showcase Open Cloud Innovations. Cloud scale, software, data. That's the future of modern applications being developed, changing the game to the next level. This is the CUBE's coverage season two episode one of the ongoing AWS Startup series here in theCUBE.