(upbeat music) >> Okay, welcome back everyone. I'm John Furrier here in theCUBE, in Palo Alto for "CUBE Conversation" with Chris Jones, Director of Product Management at Platform9. I've got a series of questions, had a great conversation earlier. Chris, I have a couple questions for you, what do you think? >> Let's do it, John. >> Okay, how does Platform9 Solution, you- can it be used on any infrastructure anywhere, cloud, edge, on-premise? >> It can, that's the beauty of our control plane, right? It was born in the cloud, and we primarily deliver that SaaS, which allows it to work in your data center, on bare metal, on VMs, or with public cloud infrastructure. We now give you the ability to take that control plane, install it in your data center, and then use it with anything, or even in air gap. And that includes capabilities with bare metal orchestration as well. >> Second question. How does Platform9 ensure maximum uptime, and proactive issue resolution? >> Oh, that's a good question. So if you come to Platform nine we're going to talk about always on assurance. What is driving that is a system of three components around self-healing, monitoring, and proactive assistance. So our software will heal broken things on nodes, right? If something stops running that should be running, it will attempt to restart that. We also have monitoring that's deployed with everything. So you build a cluster in AWS, well, we put open source monitoring agents, that are actually Prometheus, on every single node. That means it's resilient, right? So if you lose a node, you don't lose monitoring. But that data importantly comes back to our control plane, and that's the control plane that you can put in your data center as well. That data is what alerts us, and you as a user, anytime of the day that something's going wrong. Let's say etcd latency, good example, etcd is going slow. We'll find out, we might not be able to take restorative action immediately, but we're definitely going to reach out and say,, "You have a problem, let's get ahead of this and let's prevent that from becoming a bigger problem." And that's what we're delivering. When we say always on assurance, we're talking about self-healing, we're talking about remote monitoring, we're talking about being proactive with our customers, not waiting for the phone call or the support desk ticket saying, "Oh we think something's not working." Or worse, the customer has an outage. >> Awesome. Thanks for sharing. Can you explain the process for implementing Platform9 within a company's existing infrastructure. >> Are we doing air gap, or on-prem or SaaS approached? SaaS approach I think is by far the easiest, right? We can build a dedicated Platform9 control plane instance in a manner of minutes, for any customer. So when we do a proof of concept or onboarding, we just literally put in an email address, put in the name you want for your fully qualified domain name, and your instance is up. From that point onwards, the user can just log in, and using our CLI, talk to any number of, say, virtual machines, or physical servers in their environment for, you know, doing this in a data center or colo, and say, "I want these to be my Kubernetes control plane nodes. Here's the five of them. Here's the VIP for the load balancing, the API server and here are all of my compute nodes." And that CLI will work with the SaaS control plane, and go and build the cluster. That's as simple as it, CentOS, Ubuntu, just plain old operating system. Our software takes care of all the prerequisites, installing all the pieces, putting down MetalLB, CoreDNS, Metrics Server, Kubernetes dashboard, etcd backups. You built some servers. That's essentially what you've done, and the rest is being handled by Platform9. It's as simple as that. >> Great, thanks for that. What are the two traditional paths for companies considering the cloud native journey? The two paths. >> The traditional paths. I think that's your engineering team running so fast that before you even realize that you've got, you know, 10 EKS clusters. Or, hey, we can do this. You know, I've got the I can build it mentality. Let's go DIY completely open source Kubernetes on our infrastructure, and we're going to piecemeal build it all up together. They're, I think the pathways that people traditionally look at this journey, as opposed to having that third alternative saying can I just consume it on my infrastructure, be it cloud or on-premise or at the edge. >> Third is the new way, you guys do that. >> That's been our focus since the company was, you know, brought together back in the open OpenStack days. >> Awesome, what's the makeup of your customer base? Is there a certain pattern to the size or environments that you guys work with? Is there a pattern or consistency to your customer base? >> It's a spread, right? We've got large enterprises like Juniper, and we go all the way down to people with 20, 30, 50 nodes in total. We've got people in banking and finance, we've got things all the way through to telecommunications and storage infrastructure. >> What's your favorite feature of Platform9? >> My favorite feature? You know, if I ask, should I say this as a pre-sales engineer, let me show you a favorite thing. My immediate response is, I should never do this. (John laughs) To me it's just being able to define my cluster and say, go. And in five minutes I have that environment, I can see everything that's running, right? It's all unified, it's one spot, right? I'm a cluster admin. I said I wanted three control plane, 25 workers. Here's the infrastructure, it creates it, and once it's built, I can see everything that's running, right? All the applications that are there. One UI, I don't have to go click around. I'm not trying to solve things or download things. It's the fact that it's unified and just delivered in one hit. >> What is the one thing that people should know about Platform9 that they might not know about it? >> I think it's that we help developers and engineers as much as we can help our operations teams. I think, for a long time we've sort of targeted that user and said, hey, we, we really help you. It's like, but why are they doing this? Why are they building any infrastructure or any cloud platform? Well, it's to run applications and services, to help their customers, but how do they get there? There's people building and writing those things, and we're helping them, right? For the last two years, we've been really focused on making it simple, and I think that's an important thing to know. >> Chris, thanks so much, appreciate it. >> Yeah, thank you, John. >> Okay, that's theCUBE Q&A session here with Platform9. I'm John Furrier, thanks for watching. (light music)

(upbeat music) >> Hello, everyone, from Palo Alto, Lisa Martin here. This is The Cube's coverage of CloudNativeSecurityCon, the inaugural event. I'm here with John Furrier in studio. In Boston, Dave Vellante joins us, and our guest, Liz Rice, one of our alumni, is joining us from Seattle. Great to have everyone here. Liz is the Chief Open Source officer at Isovalent. She's also the Emeritus Chair Technical Oversight Committee at CNCF, and a co-chair of this new event. Everyone, welcome Liz. Great to have you back on theCUBE. Thanks so much for joining us today. >> Thanks so much for having me, pleasure. >> So CloudNativeSecurityCon. This is the inaugural event, Liz, this used to be part of KubeCon, it's now its own event in its first year. Talk to us about the importance of having it as its own event from a security perspective, what's going on? Give us your opinions there. >> Yeah, I think security was becoming so- at such an important part of the conversation at KubeCon, CloudNativeCon, and the TAG security, who were organizing the co-located Cloud Native Security Day which then turned into a two day event. They were doing this amazing job, and there was so much content and so much activity and so much interest that it made sense to say "Actually this could stand alone as a dedicated event and really dedicate, you know, all the time and resources of running a full conference, just thinking about cloud native security." And I think that's proven to be true. There's plenty of really interesting talks that we're going to see. Things like a capture the flag. There's all sorts of really good things going on this week. >> Liz, great to see you, and Dave, great to see you in Boston Lisa, great intro. Liz, you've been a CUBE alumni. You've been a great contributor to our program, and being part of our team, kind of extracting that signal from the CNCF cloud native world KubeCon. This event really kind of to me is a watershed moment, because it highlights not only security as a standalone discussion event, but it's also synergistic with KubeCon. And, as co-chair, take us through the thought process on the sessions, the experts, it's got a practitioner vibe there. So we heard from Priyanka early on, bottoms up, developer first. You know KubeCon's shift left was big momentum. This seems to be a breakout of very focused security. Can you share the rationale and the thoughts behind how this is emerging, and how you see this developing? I know it's kind of a small event, kind of testing the waters it seems, but this is really a directional shift. Can you share your thoughts? >> Yeah I'm just, there's just so many different angles that you can consider security. You know, we are seeing a lot of conversations about supply chain security, but there's also runtime security. I'm really excited about eBPF tooling. There's also this opportunity to talk about how do we educate people about security, and how do security practitioners get involved in cloud native, and how do cloud native folks learn about the security concepts that they need to keep their deployments secure. So there's lots of different groups of people who I think maybe at a KubeCon, KubeCon is so wide, it's such a diverse range of topics. If you really just want to focus in, drill down on what do I need to do to run Kubernetes and cloud native applications securely, let's have a really focused event, and just drill down into all the different aspects of that. And I think that's great. It brings the right people together, the practitioners, the experts, the vendors to, you know, everyone can be here, and we can find each other at a smaller event. We are not spread out amongst the thousands of people that would attend a KubeCon. >> It's interesting, Dave, you know, when we were talking, you know, we're going to bring you in real quick, because AWS, which I think is the bellweather for, you know, cloud computing, has now two main shows, AWS re:Invent and re:Inforce. Security, again, broken out there. you see the classic security events, RSA, Black Hat, you know, those are the, kind of, the industry kind of mainstream security, very wide. But you're starting to see the cloud native developer first with both security and cloud native, kind of, really growing so fast. This is a major trend for a lot of the ecosystem >> You know, and you hear, when you mention those other conferences, John you hear a lot about, you know, shift left. There's a little bit of lip service there, and you, we heard today way more than lip service. I mean deep practitioner level conversations, and of course the runtime as well. Liz, you spent a lot of time obviously in your keynote on eBPF, and I wonder if you could share with the audience, you know, why you're so excited about that. What makes it a more effective tool compared to other traditional methods? I mean, it sounds like it simplifies things. You talked about instrumenting nodes versus workloads. Can you explain that a little bit more detail? >> Yeah, so with eBPF programs, we can load programs dynamically into the kernel, and we can attach them to all kinds of different events that could be happening anywhere on that virtual machine. And if you have the right knowledge about where to hook into, you can observe network events, you can observe file access events, you can observe pretty much anything that's interesting from a security perspective. And because eBPF programs are living in the kernel, there's only one kernel shared amongst all of the applications that are running on that particular machine. So you don't- you no longer have to instrument each individual application, or each individual pod. There's no more need to inject sidecars. We can apply eBPF based tooling on a per node basis, which just makes things operationally more straightforward, but it's also extremely performant. We can hook these programs into events that typically very lightweight, small programs, kind of, emitting an event, making a decision about whether to drop a packet, making a decision about whether to allow file access, things of that nature. There's super fast, there's no need to transition between kernel space and user space, which is usually quite a costly operation from performance perspective. So eBPF makes it really, you know, it's taking the security tooling, and other forms of tooling, networking and observability. We can take these tools into the kernel, and it's really efficient there. >> So Liz- >> So, if I may, one, just one quick follow up. You gave kind of a space age example (laughs) in your keynote. When, do you think a year from now we'll be able to see, sort of, real world examples in in action? How far away are we? >> Well, some of that is already pretty widely deployed. I mean, in my keynote I was talking about Cilium. Cilium is adopted by hundreds of really big scale deployments. You know, the users file is full of household names who've been using cilium. And as part of that they will be using network policies. And I showed some visualizations this morning of network policy, but again, network policy has been around, pretty much since the early days of Kubernetes. It can be quite fiddly to get it right, but there are plenty of people who are using it at scale today. And then we were also looking at some runtime security detections, seeing things like, in my example, exfiltrating the plans to the Death Star, you know, looking for suspicious executables. And again, that's a little bit, it's a bit newer, but we do have people running that in production today, proving that it really does work, and that eBPF is a scalable technology. It's, I've been fascinated by eBPF for years, and it's really amazing to see it being used in the real world now. >> So Liz, you're a maintainer on the Cilium project. Talk about the use of eBPF in the Cilium project. How is it contributing to cloud native security, and really helping to change the dials on that from an efficiency, from a performance perspective, as well as a, what's in it for me as a business perspective? >> So Cilium is probably best known as a networking plugin for Kubernetes. It, when you are running Kubernetes, you have to make a decision about some networking plugin that you're going to use. And Cilium is, it's an incubating project in the CNCF. It's the most mature of the different CNIs that's in the CNCF at the moment. As I say, very widely deployed. And right from day one, it was based on eBPF. And in fact some of the people who contribute to the eBPF platform within the kernel, are also working on the Cilium project. They've been kind of developed hand in hand for the last six, seven years. So really being able to bring some of that networking capability, it required changes in the kernel that have been put in place several years ago, so that now we can build these amazing tools for Kubernetes operators. So we are using eBPF to make the networking stack for Kubernetes and cloud native really efficient. We can bypass some of the parts of the network stack that aren't necessarily required in a cloud native deployment. We can use it to make these incredibly fast decisions about network policy. And we also have a sub-project called Tetragon, which is a newer part of the Cilium family which uses eBPF to observe these runtime events. The things like people opening a file, or changing the permissions on a file, or making a socket connection. All of these things that as a security engineer you are interested in. Who is running executables who is making network connections, who's accessing files, all of these operations are things that we can observe with Cilium Tetragon. >> I mean it's exciting. We've chatted in the past about that eBPF extended Berkeley Packet Filter, which is about the Linux kernel. And I bring that up Liz, because I think this is the trend I'm trying to understand with this event. It's, I hear bottoms up developer, developer first. It feels like it's an under the hood, infrastructure, security geek fest for practitioners, because Brian, in his keynote, mentioned BIND in reference the late Dan Kaminsky, who was, obviously found that error in BIND at the, in DNS. He mentioned DNS. There's a lot of things that's evolving at the silicone, kernel, kind of root levels of our infrastructure. This seems to be a major shift in focus and rightfully so. Is that something that you guys talk about, or is that coincidence, or am I just overthinking this point in terms of how nerdy it's getting in terms of the importance of, you know, getting down to the low level aspects of protecting everything. And as we heard also the quote was no software secure. (Liz chuckles) So that's up and down the stack of the, kind of the old model. What's your thoughts and reaction to that? >> Yeah, I mean I think a lot of folks who get into security really are interested in these kind of details. You know, you see write-ups of exploits and they, you know, they're quite often really involved, and really require understanding these very deep detailed technical levels. So a lot of us can really geek out about the details of that. The flip side of that is that as an application developer, you know, as- if you are working for a bank, working for a media company, you're writing applications, you shouldn't have to be worried about what's happening at the kernel level. This might be kind of geeky interesting stuff, but really, operationally, it should be taken care of for you. You've got your work cut out building business value in applications. So I think there's this interesting, kind of dual track going on almost, if you like, of the people who really want to get involved in those nitty gritty details, and understand how the underlying, you know, kernel level exploits maybe working. But then how do we make that really easy for people who are running clusters to, I mean like you said, nothing is ever secure, but trying to make things as secure as they can be easily, and make things visual, make things accessible, make things, make it easy to check whether or not you are compliant with whatever regulations you need to be compliant with. That kind of focus on making things usable for the platform team, for the application developers who deliver apps on the platform, that's the important (indistinct)- >> I noticed that the word expert was mentioned, I mentioned earlier with Priyanka. Was there a rationale on the 72 sessions, was there thinking around it or was it kind of like, these are urgent areas, they're obvious low hanging fruit. Was there, take us through the selection process of, or was it just, let's get 72 sessions going to get this (Liz laughs) thing moving? >> No, we did think quite carefully about how we wanted to, what the different focus areas we wanted to include. So we wanted to make sure that we were including things like governance and compliance, and that we talk about not just supply chain, which is clearly a very hot topic at the moment, but also to talk about, you know, threat detection, runtime security. And also really importantly, we wanted to have space to talk about education, to talk about how people can get involved. Because maybe when we talk about all these details, and we get really technical, maybe that's, you know, a bit scary for people who are new into the cloud native security space. We want to make sure that there are tracks and content that are accessible for newcomers to get involved. 'Cause, you know, given time they'll be just as excited about diving into those kind of kernel level details. But everybody needs a place to start, and we wanted to make sure there were conversations about how to get started in security, how to educate other members of your team in your organization about security. So hopefully there's something for everyone. >> That education piece- >> Liz, what's the- >> Oh sorry, Dave. >> What the buzz on on AI? We heard Dan talk about, you know, chatGPT, using it to automate spear phishing. There's always been this tension between security and speed to market, but CISOs are saying, "Hey we're going to a zero trust architecture and that's helping us move faster." Will, in your, is the talk on the floor, AI is going to slow us down a little bit until we figure it out? Or is it actually going to be used as an offensive defensive tool if I can use that angle? >> Yeah, I think all of the above. I actually had an interesting chat this morning. I was talking with Andy Martin from Control Plane, and we were talking about the risk of AI generated code that attempts to replicate what open source libraries already do. So rather than using an existing open source package, an organization might think, "Well, I'll just have my own version, and I'll have an AI write it for me." And I don't, you know, I'm not a lawyer so I dunno what the intellectual property implications of this will be, but imagine companies are just going, "Well you know, write me an SSL library." And that seems terrifying from a security perspective, 'cause there could be all sorts of very slightly different AI generated libraries that pick up the same vulnerabilities that exist in open source code. So, I think we're going to go through a pretty interesting period of vulnerabilities being found in AI generated code that look familiar, and we'll be thinking "Haven't we seen these vulnerabilities before? Yeah, we did, but they were previously in handcrafted code and now we'll see the same things being generated by AI." I mean, in the same way that if you look at an AI generated picture and it's got I don't know, extra fingers, or, you know, extra ears or something that, (Dave laughs) AI does make mistakes. >> So Liz, you talked about the education, the enablement, the 72 sessions, the importance of CloudNativeSecurityCon being its own event this year. What are your hopes and dreams for the practitioners to be able to learn from this event? How do you see the event as really supporting the growth, the development of the cloud native security community as a whole? >> Yeah, I think it's really important that we think of it as a Cloud Native Security community. You know, there are lots of interesting sort of hacker community security related community. Cloud native has been very community focused for a long time, and we really saw, particularly through the tag, the security tag, that there was this growing group of people who were, really wanted to work at that intersection between security and cloud native. And yeah, I think things are going really well this week so far, So I hope this is, you know, the first of many additions of this conference. I think it will also be interesting to see how the balance between a smaller, more focused event, compared to the giant KubeCon and cloud native cons. I, you know, I think there's space for both things, but whether or not there will be other smaller focus areas that want to stand alone and justify being able to stand alone as their own separate conferences, it speaks to the growth of cloud native in general that this is worthwhile doing. >> Yeah. >> It is, and what also speaks to, it reminds me of our tagline here at theCUBE, being able to extract the signal from the noise. Having this event as a standalone, being able to extract the value in it from a security perspective, that those practitioners and the community at large is going to be able to glean from these conversations is something that will be important, that we'll be keeping our eyes on. >> Absolutely. Makes sense for me, yes. >> Yeah, and I think, you know, one of the things, Lisa, that I want to get in, and if you don't mind asking Dave his thoughts, because he just did a breaking analysis on the security landscape. And Dave, you know, as Liz talking about some of these root level things, we talk about silicon advances, powering machine learning, we've been covering a lot of that. You've been covering the general security industry. We got RSA coming up reinforced with AWS, and as you see the cloud native developer first, really driving the standards of the super cloud, the multicloud, you're starting to see a lot more application focus around latency and kind of controlling that, These abstraction layer's starting to see a lot more growth. What's your take, Dave, on what Liz and- is talking about because, you know, you're analyzing the horses on the track, and there's sometimes the old guard security folks, and you got open source continuing to kick butt. And even on the ML side, we've been covering some of these foundation models, you're seeing a real technical growth in open source at all levels and, you know, you still got some proprietary machine learning stuff going on, but security's integrating all that. What's your take and your- what's your breaking analysis on the security piece here? >> I mean, to me the two biggest problems in cyber are just the lack of talent. I mean, it's just really hard to find super, you know, deep expertise and get it quickly. And I think the second is it's just, it's so many tools to deal with. And so the architecture of security is just this mosaic and a mess. That's why I'm excited about initiatives like eBPF because it does simplify things, and developers are being asked to do a lot. And I think one of the other things that's emerging is when you- when we talk about Industry 4.0, and IIoT, you- I'm seeing a lot of tools that are dedicated just to that, you know, slice of the world. And I don't think that's the right approach. I think that there needs to be a more comprehensive view. We're seeing, you know, zero trust architectures come together, and it's going to take some time, but I think that you're going to definitely see, you know, some rethinking of how to architect security. It's a game of whack-a-mole, but I think the industry is just- the technology industry is doing a really really good job of, you know, working hard to solve these problems. And I think the answer is not just another bespoke tool, it's a broader thinking around architectures and consolidating some of those tools, you know, with an end game of really addressing the problem in a more comprehensive fashion. >> Liz, in the last minute or so we have your thoughts on how automation and scale are driving some of these forcing functions around, you know, taking away the toil and the muck around developers, who just want stuff to be code, right? So infrastructure as code. Is that the dynamic here? Is this kind of like new, or is it kind of the same game, different kind of thing? (chuckles) 'Cause you're seeing a lot more machine learning, a lot more automation going on. What's, is that having an impact? What's your thoughts? >> Automation is one of the kind of fundamental underpinnings of cloud native. You know, we're expecting infrastructure to be written as code, We're expecting the platform to be defined in yaml essentially. You know, we are expecting the Kubernetes and surrounding tools to self-heal and to automatically scale and to do things like automated security. If we think about supply chain, you know, automated dependency scanning, think about runtime. Network policy is automated firewalling, if you like, for a cloud native era. So, I think it's all about making that platform predictable. Automation gives us some level of predictability, even if the underlying hardware changes or the scale changes, so that the application developers have something consistent and standardized that they can write to. And you know, at the end of the day, it's all about the business applications that run on top of this infrastructure >> Business applications and the business outcomes. Liz, we so appreciate your time talking to us about this inaugural event, CloudNativeSecurityCon 23. The value in it for those practitioners, all of the content that's going to be discussed and learned, and the growth of the community. Thank you so much, Liz, for sharing your insights with us today. >> Thanks for having me. >> For Liz Rice, John Furrier and Dave Vellante, I'm Lisa Martin. You're watching the Cube's coverage of CloudNativeSecurityCon 23. (electronic music)

>>Hello everyone and welcome back to Motor City, Michigan. We're live from the Cube and my name is Savannah Peterson. Joined this afternoon with my co-host John Ferer. John, how you doing? Doing >>Great. This next segment's gonna be awesome about application modernization, scaling pluses. This is what's gonna, how are the next generation software revolution? It's gonna be >>Fun. You know, it's kind of been a theme of our day today is scale. And when we think about the complex orchestration platform that is Kubernetes, everyone wants to scale faster, quicker, more efficiently, and our guests are here to tell us all about that. Please welcome to Char and Andy, thank you so much for being here with us. You were on the Red Hat OpenShift team. Yeah. I suspect most of our audience is familiar, but just in case, let's give 'em a quick one-liner pitch so everyone's on the same page. Tell us about OpenShift. >>I, I'll take that one. OpenShift is our ES platform is our ES distribution. You can consume it as a self-managed platform or you can consume it as a managed service on on public clouds. And so we just call it all OpenShift. So it's basically Kubernetes, but you know, with a CNCF ecosystem around it to make things more easier. So maybe there's two >>Lights. So what does being at coupon mean for you? How does it feel to be here? What's your initial takes? >>Exciting. I'm having a fantastic time. I haven't been to coupon since San Diego, so it's great to be back in person and see old friends, make new friends, have hallway conversations. It's, it's great as an engineer trying to work in this ecosystem, just being able to, to be in the same place with these folks. >>And you gotta ask, before we came on camera, you're like, this is like my sixth co con. We were like, we're seven, you know, But that's a lot of co coupons. It >>Is, yes. I mean, so what, >>Yes. >>Take us status >>For sure. Where we are now. Compare and contrast co. Your first co con, just scope it out. What's the magnitude of change? If you had to put a pin on that, because there's a lot of new people coming in, they might not have seen where it's come from and how we got here is maybe not how we're gonna get to the next >>Level. I've seen it grow tremendously since the first one I went to, which I think was Austin several years ago. And what's great is seeing lots of new people interested in contributing and also seeing end users who are trying to figure out the best way to take advantage of this great ecosystem that we have. >>Awesome. And the project management side, you get the keys to the Kingdom with Red Hat OpenShift, which has been successful. Congratulations by the way. Thank you. We watched that grow and really position right on the wave. It's going great. What's the update on on the product? Kind of, you're in a good, good position right now. Yeah, >>No, we we're feeling good about it. It's all about our customers. Obviously the fact that, you know, we have thousands of customers using OpenShift as the cloud native platform, the container platform. We're very excited. The great thing about them is that, I mean you can go to like OpenShift Commons is kind of a user group that we run on the first day, like on Tuesday we ran. I mean you should see the number of just case studies that our customers went through there, you know? And it is fantastic to see that. I mean it's across so many different industries, across so many different use cases, which is very exciting. >>One of the things we've been reporting here in the Qla scene before, but here more important is just that if you take digital transformation to the, to its conclusion, the IT department and developers, they're not a department to serve the business. They are the business. Yes. That means that the developers are deciding things. Yeah. And running the business. Prove their code. Yeah. Okay. If that's, if that takes place, you gonna have scale. And we also said on many cubes, certainly at Red Hat Summit and other ones, the clouds are distributed computer, it's distributed computing. So you guys are focusing on this project, Andy, that you're working on kcp. >>Yes. >>Which is, I won't platform Kubernetes platform for >>Control >>Planes. Control planes. Yes. Take us through, what's the focus on why is that important and why is that relate to the mission of developers being in charge and large scale? >>Sure. So a lot of times when people are interested in developing on Kubernetes and running workloads, they need a cluster of course. And those are not cheap. It takes time, it takes money, it takes resources to get them. And so we're trying to make that faster and easier for, for end users and everybody involved. So with kcp, we've been able to take what looks like one normal Kubernetes and partition it. And so everybody gets a slice of it. You're an administrator in your little slice and you don't have to ask for permission to install new APIs and they don't conflict with anybody else's APIs. So we're really just trying to make it super fast and make it super flexible. So everybody is their own admin. >>So the developer basically looks at it as a resource blob. They can do whatever they want, but it's shared and provisioned. >>Yes. One option. It's like, it's like they have their own cluster, but you don't have to go through the process of actually provisioning a full >>Cluster. And what's the alternative? What's the what's, what's the, what's the benefit and what was the alternative to >>This? So the alternative, you spin up a full cluster, which you know, maybe that's three control plane nodes, you've got multiple workers, you've got a bunch of virtual machines or bare metal, or maybe you take, >>How much time does that take? Just ballpark. >>Anywhere from five minutes to an hour you can use cloud services. Yeah. Gke, E Ks and so on. >>Keep banging away. You're configuring. Yeah. >>Those are faster. Yeah. But it's still like, you still have to wait for that to happen and it costs money to do all of that too. >>Absolutely. And it's complex. Why do something that's been done, if there's a tool that can get you a couple steps down the path, which makes a ton of sense. Something that we think a lot when we're talking about scale. You mentioned earlier, Tohar, when we were chatting before the cams were alive, scale means a lot of different things. Can you dig in there a little bit? >>Yeah, I >>Mean, so when, when >>We talk about scale, >>We are talking about from a user perspective, we are talking about, you know, there are more users, there are more applications, there are more workloads, there are more services being run on Kubernetes now, right? So, and OpenShift. So, so that's one dimension of this scale. The other dimension of the scale is how do you manage all the underlying infrastructure, the clusters, the name spaces, and all the observability data, et cetera. So that's at least two levels of scale. And then obviously there's a third level of scale, which is, you know, there is scale across not just different clouds, but also from cloud to the edge. So there is that dimension of scale. So there are several dimensions of this scale. And the one that again, we are focused on here really is about, you know, this, the first one that I talk about is a user. And when I say user, it could be a developer, it could be an application architect, or it could be an application owner who wants to develop Kubernetes applications for Kubernetes and wants to publish those APIs, if you will, and make it discoverable and then somebody consumes it. So that's the scale we are talking about >>Here. What are some of the enterprise, you guys have a lot of customers, we've talked to you guys before many, many times and other subjects, Red Hat, I mean you guys have all the customers. Yeah. Enterprise, they've been there, done that. And you know, they're, they're savvy. Yeah. But the cloud is a whole nother ballgame. What are they thinking about? What's the psychology of the customer right now? Because now they have a lot of choices. Okay, we get it, we're gonna re-platform refactor apps, we'll keep some legacy on premises for whatever reasons. But cloud pretty much is gonna be the game. What's the mindset right now of the customer base? Where are they in their, in their psych? Not the executive, but more of the the operators or the developers? >>Yeah, so I mean, first of all, different customers are at different levels of maturity, I would say in this. They're all on a journey how I like to describe it. And in this journey, I mean, I see a customers who are really tip of the sphere. You know, they have containerized everything. They're cloud native, you know, they use best of tools, I mean automation, you know, complete automation, you know, quick deployment of applications and all, and life cycle of applications, et cetera. So that, that's kind of one end of this spectrum >>Advanced. Then >>The advances, you know, and, and I, you know, I don't, I don't have any specific numbers here, but I'd say there are quite a few of them. And we see that. And then there is kind of the middle who are, I would say, who are familiar with containers. They know what app modernization, what a cloud application means. They might have tried a few. So they are in the journey. They are kind of, they want to get there. They have some other kind of other issues, organizational or talent and so, so on and so forth. Kinds of issues to get there. And then there are definitely the quota, what I would call the lag arts still. And there's lots of them. But I think, you know, Covid has certainly accelerated a lot of that. I hear that. And there is definitely, you know, more, the psychology is definitely more towards what I would say public cloud. But I think where we are early also in the other trend that I see is kind of okay, public cloud great, right? So people are going there, but then there is the so-called edge also. Yeah. That is for various regions. You, you gotta have a kind of a regional presence, a edge presence. And that's kind of the next kind of thing taking off here. And we can talk more >>About it. Yeah, let's talk about that a little bit because I, as you know, as we know, we're very excited about Edge here at the Cube. Yeah. What types of trends are you seeing? Is that space emerges a little bit more firmly? >>Yeah, so I mean it's, I mean, so we, when we talk about Edge, you're talking about, you could talk about Edge as a, as a retail, I mean locations, right? >>Could be so many things edges everywhere. Everywhere, right? It's all around us. Quite literally. Even on the >>Scale. Exactly. In space too. You could, I mean, in fact you mentioned space. I was, I was going to >>Kinda, it's this world, >>My space actually Kubernetes and OpenShift running in space, believe it or not, you know, So, so that's the edge, right? So we have Industrial Edge, we have Telco Edge, we have a 5g, then we have, you know, automotive edge now and, and, and retail edge and, and more, right? So, and space, you know, So it's very exciting there. So the reason I tag back to that question that you asked earlier is that that's where customers are. So cloud is one thing, but now they gotta also think about how do I, whatever I do in the cloud, how do I bring it to the edge? Because that's where my end users are, my customers are, and my data is, right? So that's the, >>And I think Kubernetes has brought that attention to the laggards. We had the Laed Martin on yesterday, which is an incredible real example of Kubernetes at the edge. It's just incredible story. We covered it also wrote a story about it. So compelling. Cuz it makes it real. Yes. And Kubernetes is real. So then the question is developer productivity, okay, Things are starting to settle in. We've got KCP scaling clusters, things are happening. What about the tool chains? And how do I develop now I got scale of development, more code coming in. I mean, we are speculating that in the future there's so much code in open source that no one has to write code anymore. Yeah. At some point it's like this gluing things together. So the developers need to be productive. How are we gonna scale the developer equation and eliminate the, the complexity of tool chains and environments. Web assembly is super hyped up at this show. I don't know why, but sounds good. No one, no one can tell me why, but I can kind of connect the dots. But this is a big thing. >>Yeah. And it's fitting that you ask about like no code. So we've been working with our friends at Cross Plain and have integrated with kcp the ability to no code, take a whole bunch of configuration and say, I want a database. I want to be a, a provider of databases. I'm in an IT department, there's a bunch of developers, they don't wanna have to write code to create databases. So I can just take, take my configuration and make it available to them. And through some super cool new easy to use tools that we have as a developer, you can just say, please give me a database and you don't have to write any code. I don't have to write any code to maintain that database. I'm actually using community tooling out there to get that spun up. So there's a lot of opportunities out there. So >>That's ease of use check. What about a large enterprise that's got multiple tool chains and you start having security issues. Does that disrupt the tool chain capability? Like there's all those now weird examples emerging, not weird, but like real plumbing challenges. How do you guys see that evolving with Red >>Hat and Yeah, I mean, I mean, talking about that, right? The software, secure software supply chain is a huge concern for everyone after, especially some of the things that have happened in the past few >>Years. Massive team here at the show. Yeah. And just within the community, we're all a little more aware, I think, even than we were before. >>Before. Yeah. Yeah. And, and I think the, so to step back, I mean from, so, so it's not just even about, you know, run time vulnerability scanning, Oh, that's important, but that's not enough, right? So we are talking about, okay, how did that container, or how did that workload get there? What is that workload? What's the prominence of this workload? How did it get created? What is in it? You know, and what, what are, how do I make, make sure that there are no unsafe attack s there. And so that's the software supply chain. And where Red Hat is very heavily invested. And as you know, with re we kind of have roots in secure operating system. And rel one of the reasons why Rel, which is the foundation of everything we do at Red Hat, is because of security. So an OpenShift has always been secure out of the box with things like scc, rollbacks access control, we, which we added very early in the product. >>And now if you kind of bring that forward, you know, now we are talking about the complete software supply chain security. And this is really about right how from the moment the, the, the developer rights code and checks it into a gateway repository from there on, how do you build it? How do you secure it at each step of the process, how do you sign it? And we are investing and contributing to the community with things like cosign and six store, which is six store project. And so that secures the supply chain. And then you can use things like algo cd and then finally we can do it, deploy it onto the cluster itself. And then we have things like acs, which can do vulnerability scanning, which is a container security platform. >>I wanna thank you guys for coming on. I know Savannah's probably got a last question, but my last question is, could you guys each take a minute to answer why has Kubernetes been so successful today? What, what was the magic of Kubernetes that made it successful? Was it because no one forced it? Yes. Was it lightweight? Was it good timing, right place at the right time community? What's the main reason that Kubernetes is enabling all this, all this shift and goodness that's coming together, kind of defacto unifies people, the stacks, almost middleware markets coming around. Again, not to use that term middleware, but it feels like it's just about to explode. Yeah. Why is this so successful? I, >>I think, I mean, the shortest answer that I can give there really is, you know, as you heard the term, I think Satya Nala from Microsoft has used it. I don't know if he was the original person who pointed, but every company wants to be a software company or is a software company now. And that means that they want to develop stuff fast. They want to develop stuff at scale and develop at, in a cloud native way, right? You know, with the cloud. So that's, and, and Kubernetes came at the right time to address the cloud problem, especially across not just one public cloud or two public clouds, but across a whole bunch of public clouds and infrastructure as, and what we call the hybrid clouds. I think the ES is really exploded because of hybrid cloud, the need for hybrid cloud. >>And what's your take on the, the magic Kubernetes? What made it, what's making it so successful? >>I would agree also that it came about at the right time, but I would add that it has great extensibility and as developers we take it advantage of that every single day. And I think that the, the patterns that we use for developing are very consistent. And I think that consistency that came with Kubernetes, just, you have so many people who are familiar with it and so they can follow the same patterns, implement things similarly, and it's just a good fit for the way that we want to get our software out there and have, and have things operate. >>Keep it simple, stupid almost is that acronym, but the consistency and the de facto alignment Yes. Behind it just created a community. So, so then the question is, are the developers now setting the standards? That seems like that's the new way, right? I mean, >>I'd like to think so. >>So I mean hybrid, you, you're touching everything at scale and you also have mini shift as well, right? Which is taking a super macro micro shift. You ma micro shift. Oh yeah, yeah, exactly. It is a micro shift. That is, that is fantastic. There isn't a base you don't cover. You've spoken a lot about community and both of you have, and serving the community as well as your engagement with them from a, I mean, it's given that you're both leaders stepping back, how, how Community First is Red Hat and OpenShift as an organization when it comes to building the next products and, and developing. >>I'll take and, and I'm sure Andy is actually the community, so I'm sure he'll want to a lot of it. But I mean, right from the start, we have roots in open source. I'll keep it, you know, and, and, and certainly with es we were one of the original contributors to Kubernetes other than Google. So in some ways we think about as co-creators of es, they love that. And then, yeah, then we have added a lot of things in conjunction with the, I I talk about like SCC for Secure, which has become part security right now, which the community, we added things like our back and other what we thought were enterprise features needed because we actually wanted to build a product out of it and sell it to customers where our customers are enterprises. So we have worked with the community. Sometimes we have been ahead of the community and we have convinced the community. Sometimes the community has been ahead of us for other reasons. So it's been a great collaboration, which is I think the right thing to do. But Andy, as I said, >>Is the community well set too? Are well said. >>Yes, I agree with all of that. I spend most of my days thinking about how to interact with the community and engage with them. So the work that we're doing on kcp, we want it to be a community project and we want to involve as many people as we can. So it is a heavy focus for me and my team. And yeah, we we do >>It all the time. How's it going? How's the project going? You feel good >>About it? I do. It is, it started as an experiment or set of prototypes and has grown leaps and bounds from it's roots and it's, it's fantastic. Yeah. >>Controlled planes are hot data planes control planes. >>I >>Know, I love it. Making things work together horizontally scalable. Yeah. Sounds like cloud cloud native. >>Yeah. I mean, just to add to it, there are a couple of talks that on KCP at Con that our colleagues s Stephan Schemanski has, and I, I, I would urge people who have listening, if they have, just Google it, if you will, and you'll get them. And those are really awesome talks to get more about >>It. Oh yeah, no, and you can tell on GitHub that KCP really is a community project and how many people are participating. It's always fun to watch the action live to. Sure. Andy, thank you so much for being here with us, John. Wonderful questions this afternoon. And thank all of you for tuning in and listening to us here on the Cube Live from Detroit. I'm Savannah Peterson. Look forward to seeing you again very soon.

>>Hey guys. Welcome back to the Cubes coverage of Ansible Fast 2022. This is day two of our wall to wall coverage. Lisa Martin here with John Ferer. John, we're seeing this world where companies are saying if we can't automate it, we need to, The automation market is transforming. There's been a lot of buzz about that. A lot of technical chops here at Ansible Fest. >>Yeah, I mean, we've got a great guest here coming on Cuba alumni, Dean Newman, future room. He travels every event he's got. He's got his nose to the grindstone ear to the ground. Great analysis. I mean, we're gonna get into why it's important. How does Ansible fit into the big picture? It's really gonna be a great segment. The >>Board do it well, John just did my job for me about, I'll introduce him again. Daniel Newman, one of our alumni is Back Principal Analyst at Future and Research. Great to have you back on the cube. >>Yeah, it's good to join you. Excited to be back in Chicago. I don't know if you guys knew this, but for 40 years, this was my hometown. Now I don't necessarily brag about that anymore. I'm, I live in Austin now. I'm a proud Texan, but I did grow up here actually out in the west suburbs. I got off the plane, I felt the cold air, and I almost turned around and said, Does this thing go back? Yeah. Cause I'm, I've, I've grown thin skin. It did not take me long. I, I like the warm, Come on, >>I'm the saying, I'm from California and I got off the plane Monday. I went, Whoa, I need a coat. And I was in Miami a week ago and it was 85. >>Oh goodness. >>Crazy. So you just flew in. Talk about what's going on, your take on, on Ansible. We've talked a lot with the community, with partners, with customers, a lot of momentum. The flywheel of the community is going around and round and round. What are some of your perspectives that you see? >>Yeah, absolutely. Well, let's you know, I'm gonna take a quick step back. We're entering an era where companies are gonna have to figure out how to do more with less. Okay? We've got exponential data growth, we've got more architectural complexity than ever before. Companies are trying to discern how to deal with many different environments. And just at a macro level, Red Hat is one of the companies that is almost certainly gonna be part of this multi-cloud hybrid cloud era. So that should initially give a lot of confidence to the buying group that are looking at how to automate their environments. You're automating workflows, but really with, with Ansible, we're focused on automating it, automating the network. So as companies are kind of dig out, we're entering this recessionary period, Okay, we're gonna call it what it is. The first thing that they're gonna look at is how do we tech our way out of it? >>I had a wonderful one-on-one conversation with ServiceNow ceo, Bill McDermott, and we saw ServiceNow was in focus this morning in the initial opening session. This is the integration, right? Ansible integrating with ServiceNow. What we need to see is infrastructure automation, layers and applications working in concert to basically enable enterprises to be up and running all the time. Let's first fix the problems that are most common. Let's, let's automate 'em, let's script them. And then at some point, let's have them self resolving, which we saw at the end with Project Wisdom. So as I see it, automation is that layer that enterprises, boards, technologists, all can agree upon are basically here's something that can make our business more efficient, more profitable, and it's gonna deal with this short term downturn in a way that tech is actually gonna be the answer. Just like Bill and I said, let's tech our way out of it. >>If you look at the Red Hat being bought by ibm, you see Project Wisdom Project, not a product, it's a project. Project Wisdom is the confluence of research and practitioners kind of coming together with ai. So bringing AI power to the Ansible is interesting. Red Hat, Linux, Rel OpenShift, I mean, Red Hat's kind of position, isn't it? Kind of be in that right spot where a puck might be coming maybe. I mean, what do you think? >>Yeah, as analysts, we're really good at predicting the, the recent past. It's a joke I always like to make, but Red Hat's been building toward the future. I think for some time. Project Wisdom, first of all, I was very encouraged with it. One of the things that many people in the market probably have commented on is how close is IBM in Red Hat? Now, again, it's a $34 billion acquisition that was made, but boy, the cultures of these two companies couldn't be more different. And of course, Red Hat kind of carries this, this sort of middle ground layer where they provide a lot of value in services to companies that maybe don't use IBM at, at, for the public cloud especially. This was a great indication of how you can take the power of IBM's research, which of course has some of the world's most prolific data scientists, engineers, building things for the future. >>You know, you see things like yesterday they launched a, you know, an AI solution. You know, they're building chips, semiconductors, and technologies that are gonna power the future. They're building quantum. Long story short, they have these really brilliant technologists here that could be adding value to Red Hat. And I don't know that the, the world has fully been able to appreciate that. So when, when they got on stage and they kind of say, Here's how IBM is gonna help power the next generation, I was immediately very encouraged by the fact that the two companies are starting to show signs of how they can collaborate to offer value to their customers. Because of course, as John kind of started off with, his question is, they've kind of been where the puck is going. Open source, Linux hybrid cloud, This is the future. In the future. Every company's multi-cloud. And I said in a one-on-one meeting this morning, every company is going to probably have workloads on every cloud, especially large enterprises. >>Yeah. And I think that the secret's gonna be how do you make that evolve? And one of the things that's coming out of the industry over the years, and looking back as historians, we would say, gotta have standards. Well, with cloud, now people standards might slow things down. So you're gonna start to figure out how does the community and the developers are thinking it'll be the canary in the coal mine. And I'd love to get your reaction on that, because we got Cuban next week. You're seeing people kind of align and try to win the developers, which, you know, I always laugh cuz like, you don't wanna win, you want, you want them on your team, but you don't wanna win them. It's like a, it's like, so developers will decide, >>Well, I, I think what's happening is there are multiple forces that are driving product adoption. And John, getting the developers to support the utilization and adoption of any sort of stack goes a long way. We've seen how sticky it can be, how sticky it is with many of the public cloud pro providers, how sticky it is with certain applications. And it's gonna be sticky here in these interim layers like open source automation. And Red Hat does have a very compelling developer ecosystem. I mean, if you sat in the keynote this morning, I said, you know, if you're not a developer, some of this stuff would've been fairly difficult to understand. But as a developer you saw them laughing at jokes because, you know, what was it the whole part about, you know, it didn't actually, the ping wasn't a success, right? And everybody started laughing and you know, I, I was sitting next to someone who wasn't technical and, and you know, she kinda goes, What, what was so funny? >>I'm like, well, he said it worked. Do you see that? It said zero data trans or whatever that was. So, but if I may just really quickly, one, one other thing I did wanna say about Project Wisdom, John, that the low code and no code to the full stack developer is a continuum that every technology company is gonna have to think deeply about as we go to the future. Because the people that tend to know the process that needs to be automated tend to not be able to code it. And so we've seen every automation company on the planet sort of figuring out and how to address this low code, no code environment. I think the power of this partnership between IBM Research and Red Hat is that they have an incredibly deep bench of capabilities to do things like, like self-training. Okay, you've got so much data, such significant size models and accuracy is a problem, but we need systems that can self teach. They need to be able self-teach, self learn, self-heal so that we can actually get to the crux of what automation is supposed to do for us. And that's supposed to take the mundane out and enable those humans that know how to code to work on the really difficult and hard stuff because the automation's not gonna replace any of that stuff anytime soon. >>So where do you think looking at, at the partnership and the evolution of it between IBM research and Red Hat, and you're saying, you know, they're, they're, they're finally getting this synergy together. How is it gonna affect the future of automation and how is it poised to give them a competitive advantage in the market? >>Yeah, I think the future or the, the competitive space is that, that is, is ecosystems and integration. So yesterday you heard, you know, Red Hat Ansible focusing on a partnership with aws. You know, this week I was at Oracle Cloud world and they're talking about running their database in aws. And, and so I'm kind of going around to get to the answer to your question, but I think collaboration is sort of the future of growth and innovation. You need multiple companies working towards the same goal to put gobs of resources, that's the technical term, gobs of resources towards doing really hard things. And so Ansible has been very successful in automating and securing and focusing on very certain specific workloads that need to be automated, but we need more and there's gonna be more data created. The proliferation, especially the edge. So you saw all this stuff about Rockwell, How do you really automate the edge at scale? You need large models that are able to look and consume a ton of data that are gonna be continuously learning, and then eventually they're gonna be able to deliver value to these companies at scale. IBM plus Red Hat have really great resources to drive this kind of automation. Having said that, I see those partnerships with aws, with Microsoft, with ibm, with ServiceNow. It's not one player coming to the table. It's a lot of players. They >>Gotta be Switzerland. I mean they have the Switzerland. I mean, but the thing about the Amazon deal is like that marketplace integration essentially puts Ansible once a client's in on, on marketplace and you get the central on the same bill. I mean, that's gonna be a money maker for Ansible. I >>Couldn't agree more, John. I think being part of these public cloud marketplaces is gonna be so critical and having Ansible land and of course AWS largest public cloud by volume, largest marketplace today. And my opinion is that partnership will be extensible to the other public clouds over time. That just makes sense. And so you start, you know, I think we've learned this, John, you've done enough of these interviews that, you know, you start with the biggest, with the highest distribution and probability rates, which in this case right now is aws, but it'll land on in Azure, it'll land in Google and it'll continue to, to grow. And that kind of adoption, streamlining make it consumption more consumable. That's >>Always, I think, Red Hat and Ansible, you nailed it on that whole point about multicloud, because what happens then is why would I want to alienate a marketplace audience to use my product when it could span multiple environments, right? So you saw, you heard that Stephanie yesterday talk about they, they didn't say multiple clouds, multiple environments. And I think that is where I think I see this layer coming in because some companies just have to work on all clouds. That's the way it has to be. Why wouldn't you? >>Yeah. Well every, every company will probably end up with some workloads in every cloud. I just think that is the fate. Whether it's how we consume our SaaS, which a lot of people don't think about, but it always tends to be running on another hyperscale public cloud. Most companies tend to be consuming some workloads from every cloud. It's not always direct. So they might have a single control plane that they tend to lead the way with, but that is only gonna continue to change. And every public cloud company seems to be working on figuring out what their niche is. What is the one thing that sort of drives whether, you know, it is, you know, traditional, we know the commoditization of traditional storage network compute. So now you're seeing things like ai, things like automation, things like the edge collaboration tools, software being put into the, to the forefront because it's a different consumption model, it's a different margin and economic model. And then of course it gives competitive advantages. And we've seen that, you know, I came back from Google Cloud next and at Google Cloud next, you know, you can see they're leaning into the data AI cloud. I mean, that is their focus, like data ai. This is how we get people to come in and start using Google, who in most cases, they're probably using AWS or Microsoft today. >>It's a great specialty cloud right there. That's a big use case. I can run data on Google and run something on aws. >>And then of course you've got all kinds of, and this is a little off topic, but you got sovereignty, compliance, regulatory that tends to drive different clouds over, you know, global clouds like Tencent and Alibaba. You know, if your workloads are in China, >>Well, this comes back down at least to the whole complexity issue. I mean, it has to get complex before it gets easier. And I think that's what we're seeing companies opportunities like Ansible to be like, Okay, tame, tame the complexity. >>Yeah. Yeah, I totally agree with you. I mean, look, when I was watching the demonstrations today, my take is there's so many kind of simple, repeatable and mundane tasks in everyday life that enterprises need to, to automate. Do that first, you know? Then the second thing is working on how do you create self-healing, self-teaching, self-learning, You know, and, and I realize I'm a little broken of a broken record at this, but these are those first things to fix. You know, I know we want to jump to the future where we automate every task and we have multi-term conversational AI that is booking our calendars and driving our cars for us. But in the first place, we just need to say, Hey, the network's down. Like, let's make sure that we can quickly get access back to that network again. Let's make sure that we're able to reach our different zones and locations. Let's make sure that robotic arm is continually doing the thing it's supposed to be doing on the schedule that it's been committed to. That's first. And then we can get to some of these really intensive deep metaverse state of automation that we talk about. Self-learning, data replication, synthetic data. I'm just gonna throw terms around. So I sound super smart. >>In your customer conversations though, from an looking at the automation journey, are you finding most of them, or some percentage is, is wanting to go directly into those really complex projects rather than starting with the basics? >>I don't know that you're, you're finding that the customers want to do that? I think it's the architecture that often ends up being a problem is we as, as the vendor side, will tend to talk about the most complex problems that they're able to solve before companies have really started solving the, the immediate problems that are before them. You know, it's, we talk about, you know, the metaphor of the cloud is a great one, but we talk about the cloud, like it's ubiquitous. Yeah. But less than 30% of our workloads are in the public cloud. Automation is still in very early days and in many industries it's fairly nascent. And doing things like self-healing networks is still something that hasn't even been able to be deployed on an enterprise-wide basis, let alone at the industrial layer. Maybe at the company's on manufacturing PLAs or in oil fields. Like these are places that have difficult to reach infrastructure that needs to be running all the time. We need to build systems and leverage the power of automation to keep that stuff up and running. That's, that's just business value, which by the way is what makes the world go running. Yeah. Awesome. >>A lot of customers and users are struggling to find what's the value in automating certain process, What's the ROI in it? How do you help them get there so that they understand how to start, but truly to make it a journey that is a success. >>ROI tends to be a little bit nebulous. It's one of those things I think a lot of analysts do. Things like TCO analysis Yeah. Is an ROI analysis. I think the businesses actually tend to know what the ROI is gonna be because they can basically look at something like, you know, when you have an msa, here's the downtime, right? Business can typically tell you, you know, I guarantee you Amazon could say, Look for every second of downtime, this is how much commerce it costs us. Yeah. A company can generally say, if it was, you know, we had the energy, the windmills company, like they could say every minute that windmill isn't running, we're creating, you know, X amount less energy. So there's a, there's a time value proposition that companies can determine. Now the question is, is about the deployment. You know, we, I've seen it more nascent, like cybersecurity can tend to be nascent. >>Like what does a breach cost us? Well there's, you know, specific costs of actually getting the breach cured or paying for the cybersecurity services. And then there's the actual, you know, ephemeral costs of brand damage and of risks and customer, you know, negative customer sentiment that potentially comes out of it. With automation, I think it's actually pretty well understood. They can look at, hey, if we can do this many more cycles, if we can keep our uptime at this rate, if we can reduce specific workforce, and I'm always very careful about this because I don't believe automation is about replacement or displacement, but I do think it is about up-leveling and it is about helping people work on things that are complex problems that machines can't solve. I mean, said that if you don't need to put as many bodies on something that can be immediately returned to the organization's bottom line, or those resources can be used for something more innovative. So all those things are pretty well understood. Getting the automation to full deployment at scale, though, I think what often, it's not that roi, it's the timeline that gets misunderstood. Like all it projects, they tend to take longer. And even when things are made really easy, like with what Project Wisdom is trying to do, semantically enable through low code, no code and the ability to get more accuracy, it just never tends to happen quite as fast. So, but that's not an automation problem, That's just the crux of it. >>Okay. What are some of the, the next things on your plate? You're quite a, a busy guy. We, you, you were at Google, you were at Oracle, you're here today. What are some of the next things that we can expect from Daniel Newman? >>Oh boy, I moved Really, I do move really quickly and thank you for that. Well, I'm very excited. I'm taking a couple of work personal days. I don't know if you're a fan, but F1 is this weekend. I'm the US Grand Prix. Oh, you're gonna Austin. So I will be, I live in Austin. Oh. So I will be in Austin. I will be at the Grand Prix. It is work because it, you know, I'm going with a number of our clients that have, have sponsorships there. So I'll be spending time figuring out how the data that comes off of these really fun cars is meaningfully gonna change the world. I'll actually be talking to Splunk CEO at the, at the race on Saturday morning. But yeah, I got a lot of great things. I got a, a conversation coming up with the CEO of Twilio next week. We got a huge week of earnings ahead and so I do a lot of work on that. So I'll be on Bloomberg next week with Emily Chang talking about Microsoft and Google. Love talking to Emily, but just as much love being here on, on the queue with you >>Guys. Well we like to hear that. Who you're rooting for F one's your favorite driver. I, >>I, I like Lando. Do you? I'm Norris. I know it's not necessarily a fan favorite, but I'm a bit of a McLaren guy. I mean obviously I have clients with Oracle and Red Bull with Ball Common Ferrari. I've got Cly Splunk and so I have clients in all. So I'm cheering for all of 'em. And on Sunday I'm actually gonna be in the Williams Paddock. So I don't, I don't know if that's gonna gimme me a chance to really root for anything, but I'm always, always a big fan of the underdog. So maybe Latifi. >>There you go. And the data that comes off the how many central unbeliev, the car, it's crazy's. Such a scientific sport. Believable. >>We could have Christian, I was with Christian Horner yesterday, the team principal from Reside. Oh yeah, yeah. He was at the Oracle event and we did a q and a with him and with the CMO of, it's so much fun. F1 has been unbelievable to watch the momentum and what a great, you know, transitional conversation to to, to CX and automation of experiences for fans as the fan has grown by hundreds of percent. But just to circle back full way, I was very encouraged with what I saw today. Red Hat, Ansible, IBM Strong partnership. I like what they're doing in their expanded ecosystem. And automation, by the way, is gonna be one of the most robust investment areas over the next few years, even as other parts of tech continue to struggle that in cyber security. >>You heard it here. First guys, investment in automation and cyber security straight from two analysts. I got to sit between. For our guests and John Furrier, I'm Lisa Martin, you're watching The Cube Live from Chicago, Ansible Fest 22. John and I will be back after a short break. SO'S stick around.

>>We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. >>Hey, good morning Davis. Nice to meet, Meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so a few years ago IT security and an enterprise was primarily putting a wrapper around the data center because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the one small enough control today with the distributed data, intelligent software, different systems, multi-cloud onement and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's, you know, data driven world, it operates everywhere. And that has created and accessed everywhere so far from, you know, the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a wrap around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the entire enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying, or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape, primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you're thinking about securing network infrastructure, when you are looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say, rules for that metal in a role based access control, whether you are security admin or a network admin or a storage admin. >>And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. We talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get und desired results in terms of, say validation of the images. It's, it needs to be done through in digital signature. So, so it's important that when you're talking about say, software integrity, A, you are ensuring that the platform is not compromised, you know, is not compromised, and B, that any upgrades, you know, that happens to the platform is happening through validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i, I think response, but please continue. >>Yeah, so you know, the third myth about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different. You know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And this are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It prides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like say segmentation isolated segments, I know via vrs or, or some micro segmentation via partners, this allows various level of security for each of those segments. >>So it's important, you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? You know, there are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. >>If you look at say that you know the different pillars of a zero touch architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trusted platform in a trusted platform models tpms on certain offer products and you know, the physical security know, plain, simple old one lab port enabled from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. If you look at say a transport and a session trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain or telenet or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority based certification. >>And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the VGP peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here in now, you know, it's, it's typical that if you don't have a contra plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. >>And I did talk about, say the digital signature and the cryptographic checks and that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about say multitenancy aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift a vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz sec op teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our portfolio, >>It enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the anti fabric and you know, from a deployment and you know, the management of the network infrastructure, there are simplicities, you know, using, you know, like Ansible s for Sonic for example, are, you know, for a better or settle and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and awareness and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NAS is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center. You now right up to the edge. Now if you look at our north from a smart traffic voice 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment day zero. I mean rather day one, day two deployment expansion plans and the life cycle management of our conversion infrastructure and hyper and hyperconverge infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature in know prior to any upgrade process. And if you are looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control that pretty do attacks and say access control from multifactor authentication. >>We do have various tech hacks for entry control to the network and things like CSAC and P IV support, you know, from a federal perspective, we do have, say logging wherein, you know, any event, any auditing capabilities can be possible by say, looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say networks, you know, say network separation and you know, these, you know, separation, you know, ensures that that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone. And you know, this can be implemented by a, the micro segmentation, you know, just a plain old wheel are using virtual route of framework vr, for example. >>A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in, in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the Cube, your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>Hello. Welcome back to our super cloud 22 event. I'm John F host the cue with my co-host Dave ante. Extracting the signal from noise. We're proud to have two amazing cube alumnis here. We got Sanja Putin. Who's now the CEO of cohesive the emo Aaron who's the CTO. Co-founder also former CEO Cub alumni. The father of hyper-converged welcome back to the cube I endorsed the >>Cloud. Absolutely. Is the father. Great >>To see you guys. Thank thanks for coming on and perfect timing. The new job taking over that. The helm Mo it at cohesive big news, but part of super cloud, we wanna dig into it. Thanks for coming on. >>Thank you for having >>Us here. So first of all, we'll get into super before we get into the Supercloud. I want to just get the thoughts on the move Sanjay. We've been following your career since 2010. You've been a cube alumni from that point, we followed that your career. Why cohesive? Why now? >>Yeah, John David, thank you first and all for having us here, and it's great to be at your event. You know, when I left VMware last year, I took some time off just really primarily. I hadn't had a sabbatical in probably 18 years. I joined two boards, Phillips and sneak, and then, you know, started just invest and help entrepreneurs. Most of them were, you know, Indian Americans like me who were had great tech, were looking for the kind of go to market connections. And it was just a wonderful year to just de to unwind a bit. And along the, the way came CEO calls. And I'd asked myself, the question is the tech the best in the industry? Could you see value creation that was signi significant and you know, three, four months ago, Mohit and Carl Eschenbach and a few of the board members of cohesive called me and walk me through Mo's decision, which he'll talk about in a second. And we spent the last few months getting to know him, and he's everything you describe. He's not just the father of hyperconverge. And he wrote the Google file system, wicked smart, built a tech platform better than that second time. But we had to really kind of walk through the chemistry between us, which we did in long walks in, in, you know, discrete places so that people wouldn't find us in a Starbucks and start gossiping. So >>Why Sanjay? There you go. >>Actually, I should say it's a combination of two different decisions. The first one was to, for me to take a different role and I run the company as a CEO for, for nine years. And, you know, as a, as a technologist, I always like, you know, going deep into technology at the same time, the CEO duties require a lot of breadth, right? You're talking to customers, you're talking to partners, you're doing so much. And with the way we've been growing the with, you know, we've been fortunate, it was becoming hard to balance both. It's really also not fair to the company. Yeah. So I opted to do the depth job, you know, be the visionary, be the technologist. And that was the first decision to bring a CEO, a great CEO from outside. >>And I saw your video on the site. You said it was your decision. Yes. Go ahead. I have to ask you, cuz this is a real big transition for founders and you know, I have founder artists cuz everyone, you know, calls me that. But being the founder of a company, it's always hard to let go. I mean nine years as CEO, it's not like you had a, you had a great run. So this was it timing for you? Was it, was it a structural shift, like at super cloud, we're talking about a major shift that's happening right now in the industry. Was it a balance issue? Was it more if you wanted to get back in and in the tech >>Look, I, I also wanna answer, you know, why Sanja, but, but I'll address your question first. I always put the company first what's right for the company. Is it for me to start get stuck the co seat and try to juggle this depth and Brad simultaneously. I mean, I can stroke my ego a little bit there, but it's not good for the company. What's best for the company. You know, I'm a technologist. How about I oversee the technology part in partnership with so many great people I have in the company and I bring someone kick ass to be the CEO. And so then that was the second decision. Why Sanja when Sanjay, you know, is a very well known figure. He's managed billions of dollars of business in VMware. You know, been there, done that has, you know, some of the biggest, you know, people in the industry on his speed dial, you know, we were really fortunate to have someone like that, come in and accept the role of the CEO of cohesive. I think we can take the company to new Heights and I'm looking forward to my partnership with, with Sanja on this. >>It it's we, we called it the splash brothers and >>The, >>In the vernacular. It doesn't matter who gets the ball, whether it's step clay, we shoot. And I think if you look at some of the great partnerships, whether it was gates bomber, there, plenty of history of this, where a founder and a someone who was, it has to be complimentary skills. If I was a technologist myself and wanted to code we'd clash. Yeah. But I think this was really a match me in heaven because he, he can, I want him to keep innovating and building the best platform for today in the future. And our customers tell one customer told me, this is the best tech they've seen since VMware, 20 years ago, AWS, 10 years ago. And most recently this was a global 100 big customers. So I feel like this combination, now we have to show that it works. It's, you know, it's been three, four months. My getting to know him, you know, I'm day eight on the job, but I'm loving it. >>Well, it's a sluman model too. It's more modern example. You saw, he did it with Fred Ludy at service now. Yes. And, and of course at, at snowflake, yeah. And his book, you read his book. I dunno if you've read his book, amp it up, but app it up. And he says, I always you'll love this. Give great deference to the founder. Always show great respect. Right. And for good reason. So >>In fact, I mean you could talk to him, you actually met to >>Frank. I actually, you know, a month or so back, I actually had dinner with him in his ranch in Moana. And I posed the question. There was a number of CEOs that went there and I posed him the question. So Frank, you know, many of us, we grow being deaf guys, you know? And eventually when we take on the home of our CEO, we have to do breadth. How do you do it? And he's like, well, let me tell you, I was never a death guy. I'm a breath guy. >>I'm like, >>That's my answer. Yeah. >>So, so I >>Want the short story. So the day I got the job, I, I got a text from Frank and I said, what's your advice the first time CEO, three words, amp it up, >>Amp it up. Right? Yeah. >>And so you're always on brand, man. >>So you're an amazing operator. You've proven that time and time again at SAP, VMware, et cetera, you feel like now you, you, you wanna do both of those skills. You got the board and you got the operations cuz you look, you know, look at sloop when he's got Scarelli wherever he goes, he brings Scarelli with him as sort of the operator. How, how do you, how are you thinking >>About that? I mean it's early days, but yeah. Yeah. Small. I mean I've, you know, when I was, you know, it was 35,000 people at VMware, 80, 90,000 people at SAP, a really good run. The SAP run was 10 to 20 billion innovative products, especially in analytics and VMware six to 12 end user computing cloud. So I learned a lot. I think the company, you know, being about 2000 employees plus not to mayor tomorrow, but over the course next year I can meet everybody. Right? So first off the executive team, 10 of us, we're, we're building more and more cohesiveness if I could use that word between us, which is great, the next, you know, layers of VPs and every manager, I think that's possible. So I I'm a people person and a customer person. So I think when you take that sort of extroverted mindset, we'll bring energy to the workforce to, to retain the best and then recruit the best. >>And you know, even just the week we, we were announced that this announcement happened. Our website traffic went through the roof, the highest it's ever been, lots of resumes coming in. So, and then lots of customer engagement. So I think we'll take this, but I, I feel very good about the possibilities, because see, for me, I didn't wanna walk into the company to a company where the technology risk was high. Okay. I feel like that I can go to bed at night and the technology risk is low. This guy's gonna run a machine at the current and the future. And I'm hearing that from customers. Now, what I gotta do is get the, the amp it up part on the go to market. I know a little thing or too about >>That. You've got that down. I think the partnership is really key here. And again, nine use the CEO and then Sanja points to our super cloud trend that we've been looking at, which is there's another wave happening. There's a structural change in real time happening now, cloud one was done. We saw that transition, AWS cloud native now cloud native with an kind of operating system kind of vibe going on with on-premise hybrid edge. People say multi-cloud, but we're looking at this as an opportunity for companies like cohesive to go to the next level. So I gotta ask you guys, what do you see as structural change right now in the industry? That's disruptive. People are using cloud and scale and data to refactor their business models, change modern cases with cloud native. How are you guys looking at this next structural change that's happening right now? Yeah, >>I'll take that. So, so I'll start by saying that. Number one, data is the new oil and number two data is exploding, right? Every year data just grows like crazy managing data is becoming harder and harder. You mentioned some of those, right? There's so many cloud options available. Cloud one different vendors have different clouds. There is still on-prem there's edge infrastructure. And the number one problem that happens is our data is getting fragmented all over the place and managing so many fragments of data is getting harder and harder even within a cloud or within on-prem or within edge data is fragmented. Right? Number two, I think the hackers out there have realized that, you know, to make money, it's no longer necessary to Rob banks. They can actually see steal the data. So ransomware attacks on the rise it's become a boardroom level discussion. They say there's a ransomware attack happening every 11 seconds or so. Right? So protecting your data has become very important security data. Security has become very important. Compliance is important, right? So people are looking for data management solutions, the next gen data management platform that can really provide all this stuff. And that's what cohesive is about. >>What's the difference between data management and backup. Explain that >>Backup is just an entry point. That's one use case. I wanna draw an analogy. Let's draw an analogy to my former company, Google right? Google started by doing Google search, but is Google really just a search engine. They've built a platform that can do multiple things. You know, they might have started with search, but then they went down to roll out Google maps and Gmail and YouTube and so many other things on that platform. So similarly backups might be just the first use case, but it's really about that platform on which you can do more with the data that's next gen data management. >>But, but you am, I correct. You don't consider yourself a security company. One of your competitors is actually pivoting and in positioning themselves as a security company, I've always felt like data management, backup and recovery data protection is an adjacency to security, but those two worlds are coming together. How do you see >>It? Yeah. The way I see it is that security is part of data management. You start maybe by backing with data, but then you secure it and then you do more with that data. If you're only doing security, then you're just securing the data. You, you gotta do more with the data. So data management is much bigger. So >>It's a security is a subset of data. I mean, there you go. Big TA Sanjay. >>Well, I mean I've, and I, I, I I'd agree. And I actually, we don't get into that debate. You know, I've told the company, listen, we'll figure that out. Cuz who cares about the positioning at the bottom? My email, I say we are data management and data security company. Okay. Now what's the best word that describes three nouns, which I think we're gonna do management security and analytics. Okay. He showed me a beautiful diagram, went to his home in the course of one of these, you know, discrete conversations. And this was, I mean, he's done this before. Many, if you watch on YouTube, he showed me a picture of an ice big iceberg. And he said, listen, you know, if you look at companies like snowflake and data bricks, they're doing the management security and mostly analytics of data. That's the top of the iceberg, the stuff you see. >>But a lot of the stuff that's get backed archive is the bottom of the iceberg that you don't see. And you try to, if you try to ask a question on age data, the it guy will say, get a ticket. I'll come back with three days. I'll UNIV the data rehydrate and then you'll put it into a database. And you can think now imagine that you could do live searches analytics on, on age data that's analytics. So I think the management, the security, the analytics of, you know, if you wanna call it secondary data or backed up data or data, that's not hot and live warm, colder is a huge opportunity. Now, what do you wanna call one phrase that describes all of it. Do you call that superpower management security? Okay, whatever you wanna call it. I view it as saying, listen, let's build a platform. >>Some people call Google, a search company. People, some people call Google and information company and we just have to go and pursue every CIO and every CSO that has a management and a security and do course analytics problem. And that's what we're doing. And when I talk to the, you know, I didn't talk to all the 3000 customers, but the biggest customers and I was doing diligence. They're like this thing has got enormous potential. Okay. And we just have to now go focus, get every fortune 1000 company to pick us because this problem, even the first use case you talk back up is a little bit like, you know, razor blades and soap you've needed. You needed it 30 years ago and you'll need it for 30 years. It's just that the tools that were built in the last generation that were companies formed in 1990s, one of them I worked for years ago are aids are not built for the cloud. So I think this is a tremendous opportunity where many of those, those, those nos management security analytics will become part of what we do. And we'll come up with the right phrase for what the companies and do course >>Sanjay. So ma and Sanja. So given that given that's this Google transition, I like that example search was a data problem. They got sequenced to a broader market opportunity. What super cloud we trying to tease out is what does that change over from a data standpoint, cuz now the operating environments change has become more complex and the enterprises are savvy. Developers are savvy. Now they want, they want SAS solutions. They want freemium and expanding. They're gonna drive the operations agenda with DevOps. So what is the complexity that needs to be abstracted away? How do you see that moment? Because this is what people are talking about. They're saying security's built in, driven by developers. Developers are driving operations behavior. So what is the shift? Where do you guys see this new? Yeah. Expansive for cohesive. How do you fit into super cloud? >>So let me build up from that entry point. Maybe back up to what you're saying is the super cloud, right? Let me draw that journey. So let's say the legacy players are just doing backups. How, how sad is it that you have one silo sitting there just for peace of mind as an insurance policy and you do nothing with the data. If you have to do something with the data, you have to build another silo, you have to build another copy. You have to manage it separately. Right. So clearly that's a little bit brain damaged. Right. So, okay. So now you take a little bit of, you know, newer vendors who may take that backup platform and do a little bit more with that. Maybe they provide security, but your problem still remains. How do you do more with the data? How do you do some analytics? >>Like he's saying, right. How do you test development on that? How do you migrate the data to the cloud? How do you manage it? The data at scale? How do you do you provide a unified experience across, across multiple cloud, which you're calling the super cloud. That's where cohesive goes. So what we do, we provide a platform, right? We have tentacles in on-prem in each of the clouds. And on top of that, it looks like one platform that you manage. We have a single control plane, a UI. If you may, a single pin of glass, if, if you may, that our customers can use to manage all of it. And now it looks, starts looking like one platform. You mentioned Google, do you, when you go to, you know, kind Google search or a URL, do you really care? What happens behind the scenes mean behind the scenes? Google's built a platform that spans the whole world. No, >>But it's interesting. What's behind the scenes. It's a beautiful now. And I would say, listen, one other thing to pull on Dave, on the security part, I saw a lot of vendors this day in this space, white washing a security message on top of backup. Okay. And CSO, see through that, they'll offer warranties and guarantees or whatever, have you of X million dollars with a lot of caveats, which will never paid because it's like escape clause here. We won't pay it. Yeah. And, and what people really want is a scalable solution that works. And you know, we can match every warranty that's easy. And what I heard was this was the most scalable solution at scale. And that's why you have to approach this with a Google type mindset. I love the fact that every time you listen to sun pitch, I would, what, what I like about him, the most common word to use is scale. >>We do things at scale. So I found that him and AUR and some of the early Google people who come into the company had thought about scale. And, and even me it's like day eight. I found even the non-tech pieces of it. The processes that, you know, these guys are built for simple things in some cases were better than some of the things I saw are bigger companies I'd been used to. So we just have to continue, you know, building a scale platform with the enterprise. And then our cloud product is gonna be the simple solution for the masses. And my view of the world is there's 5,000 big companies and 5 million small companies we'll push the 5 million small companies as the cloud. Okay. Amazon's an investor in the company. AWS is a big partner. We'll talk about I'm sure knowing John's interest in that area, but that's a cloud play and that's gonna go to the cloud really fast. You not build you're in the marketplace, you're in the marketplace. I mean, maybe talk about the history of the Amazon relationship investing and all that. >>Yeah, absolutely. So in two years back late 2020, we, you know, in collaboration with AWS who also by the way is an investor now. And in cohesive, we rolled out what we call data management as a service. It's our SaaS service where we run our software in the cloud. And literally all customers have to do is just go there and sign on, right? They don't have to manage any infrastructure and stuff. What's nice is they can then combine that with, you know, software that they might have bought from cohesive. And it still looks like one platform. So what I'm trying to say is that they get a choice of the, of the way they wanna consume our software. They can consume it as a SAS service in the cloud. They can buy our software, manage it themselves, offload it to a partner on premises or what have you. But it still looks like that one platform, what you're calling a Supercloud >>Yeah. And developers are saying, they want the bag of Legos to compose their solutions. That's the Nirvana they want to get there. So that's, it has to look the same. >>Well, what is it? What we're calling a Superlo can we, can we test that for a second? So data management and service could span AWS and on-prem with the identical experience. So I guess I would call that a Supercloud I presume it's not gonna through AWS span multiple clouds, but, but >>Why not? >>Well, well interesting cuz we had this, I mean, so, okay. So we could in the future, it doesn't today. Well, >>David enough kind of pause for a second. Everything that we do there, if we do it will be customer driven. So there might be some customers I'll give you one Walmart that may want to store the data in a non AWS cloud risk cuz they're competitors. Right. So, but the control plane could still be in, in, in the way we built it, but the data might be stored somewhere else. >>What about, what about a on-prem customer? Who says, Hey, I, I like cohesive. I've now got multiple clouds. I want the identical experience across clouds. Yeah. Okay. So, so can you do that today? How do you do that today? Can we talk >>About that? Yeah. So basically think roughly about the split between the data plane and the control plane, the data plane is, you know, our cohesive clusters that could be sitting on premises that could be sitting in multiple data centers or you can run an instance of that cluster in the cloud, whichever cloud you choose. Right. That's what he was referring to as the data plane. So collectively all these clusters from the data plane, right? They stored the data, but it can all be managed using the control plane. So you still get that single image, the single experience across all clouds. And by the way, the, the, the, the cloud vendor does actually benefit because here's a customer. He mentioned a customer that may not wanna go to AWS, but when they get the data plane on a different cloud, whether it's Azure, whether it's the Google cloud, they then get data management services. Maybe they're able to replicate the data over to AWS. So AWS also gains. >>And your deployment model is you instantiate the cohesive stack on each of the regions and clouds, is that correct? And you building essentially, >>It all happens behind the scenes. That's right. You know, just like Google probably has their tentacles all over the world. We will instantiate and then make it all look like one platform. >>I mean, you should really think it's like a human body, right? The control planes, the head. Okay. And that controls everything. The data plane is large because it's a lot of the data, right? It's the rest of the body, that data plane could be wherever you want it to be. Traditionally, the part the old days was tape. Then you got disk. Now you got multiple clouds. So that's the way we think about it. And there on that piece of it will be neutral, right? We should be multi-cloud to the data plane being every single place. Cause it's customer demand. Where do you want your store data? Air gapped. On-prem no problem. We'll work with Dell. Okay. You wanna be in a particular cloud, AWS we'll work then optimized with S3 and glacier. So this is where I think the, the path to a multi-cloud or Supercloud is to be customer driven, but the control plane sits in Amazon. So >>We're blessed to have a number of, you know, technical geniuses in here. So earlier we were speaking to Ben wa deja VI, and what they do is different. They don't instantiate an individual, you know, regions. What they do is of a single global. Is there a, is there an advantage of doing it the way the cohesive does it in terms of simplicity or how do you see that? Is that a future direction for you from a technology standpoint? What are the trade offs there? >>So you want to be where the data is when you said single global, I take it that they run somewhere and the data has to go there. And in this day age, correct >>Said that. He said, you gotta move that in this >>Day and >>Age query that's, you know, across regions, look >>In this day and age with the way the data is growing, the way it is, it's hard to move around the data. It's much easier to move around the competition. And in these instances, what have you, so let the data be where it is and you manage it right there. >>So that's the advantage of instantiating in multiple regions. As you don't have to move the >>Data cost, we have the philosophy we call it. Let's bring the, the computation to the data rather than the data to >>The competition and the same security model, same governance model, same. How do you, how do you federate that? >>So it's all based on policies. You know, this overarching platform controlled by, by the control plane, you just, our customers just put in the policies and then the underlying nuts and bolts just take care >>Of, you know, it's when I first heard and start, I started watching some of his old videos, ACE really like hyperconverged brought to secondary storage. In fact, he said, oh yeah, that's great. You got it. Because I first called this idea, hyperconverged secondary storage, because the idea of him inventing hyperconverge was bringing compute to storage. It had never been done. I mean, you had the kind of big VC stuff, but these guys were the first to bring that hyperconverge at, at Nutanix. So I think this is that same idea of bringing computer storage, but now applied not to the warm data, but to the rest of the data, including a >>Lot of, what about developers? What's, what's your relationship with developers? >>Maybe you talk about the marketplace and everything >>He's yeah. And I'm, I'm curious as to do you have a PAs layer, what we call super PAs layer to create an identical developer experience across your Supercloud. I'm gonna my >>Term. So we want our customers not just to benefit from the software that we write. We also want them to benefit from, you know, software that's written by developers by third party people and so on and so forth. So we also support a marketplace on the platform where you can download apps from third party developers and run them on this platform. There's a, a number of successful apps. There's one, you know, look like I said, our entry point might be backups, but even when backups, we don't do everything. Look, for instance, we don't backup mainframes. There is a, a company we partner with, you know, and their software can run in our marketplace. And it's actually used by many, many of our financial customers. So our customers don't get, just get the benefit of what we build, but they also get the benefit of what third parties build. Another analogy I like to draw. You can tell. And front of analogy is I drew an analogy to hyperscale is like Google. Yeah. The second analogy I like to draw is that to a simple smartphone, right? A smartphone starts off by being a great phone. But beyond that, it's also a GPS player. It's a, it's a, it's a music player. It's a camera, it's a flashlight. And it also has a marketplace from where you can download apps and extend the power of that platform. >>Is that a, can we think of that as a PAs layer or no? Is it really not? You can, okay. You can say, is it purpose built for what you're the problem that you're trying to solve? >>So we, we just built APIs. Yeah. Right. We have an SDK that developers can use. And through those APIs, they get to leverage the underlying services that exist on the platform. And now developers can use that to take advantage of all that stuff. >>And it was, that was a key factor for me too. Cause I, what I, you know, I've studied all the six, seven players that sort of so-called leaders. Nobody had a developer ecosystem, nobody. Right? The old folks were built for the hardware era, but anyones were built for the cloud to it didn't have any partners were building on their platform. So I felt for me listen, and that the example of, you know, model nine rights, the name of the company that does back up. So there's, there's companies that are built on and there's a number of others. So our goal is to have a big tent, David, to everybody in the ecosystem to partner with us, to build on this platform. And, and that may take over time, but that's the way we're build >>It. And you have a metadata layer too, that has the intelligence >>To correct. It's all abstract. That that's right. So it's a combination of data and metadata. We have lots of metadata that keeps track of where the data is. You know, it allows you to index the data you can do quick searches. You can actually, you, we talking about the control plan from that >>Tracing, >>You can inject a search that'll through search throughout your multi-cloud environment, right? The super cloud that you call it. We have all that, all that goodness sounds >>Like a Supercloud John. >>Yeah. I mean, data tracing involved can trace the data lineage. >>You, you can trace the data lineage. So we, you know, provide, you know, compliance and stuff. So you can, >>All right. So my final question to wrap up, we guys, first of all, thanks for coming on. I know you're super busy, San Jose. We, we know what you're gonna do. You're gonna amp it up and, you know, knock all your numbers out. Think you always do. But what I'm interested in, what you're gonna jump into, cuz now you're gonna have the creative license to jump in to the product, the platform there has to be the next level in your mind. Can you share your thoughts on where this goes next? Love the control plane, separate out from the data plane. I think that plays well for super. How >>Much time do you have John? This guy's got, he's got a wealth. Ditis keep >>Going. Mark. Give us the most important thing you're gonna focus on. That kind of brings the super cloud and vision together. >>Yeah. Right away. I'm gonna, perhaps I, I can ion into two things. The first one is I like to call it building the, the machine, the system, right. Just to draw an analogy. Look, I draw an analogy to the us traffic system. People from all walks of life, rich, poor Democrats, Republicans, you know, different states. They all work in the, the traffic system and we drive well, right. It's a system that just works. Whereas in some other countries, you know, the system doesn't work. >>We know, >>We know a few of those. >>It's not about works. It's not about the people. It's the same people who would go from here to those countries and, and not dry. Well, so it's all about the system. So the first thing I, I have my sights on is to really strengthen the system that we have in our research development to make it a machine. I mean, it functions quite well even today, but wanna take it to the next level. Right. So that I wanna get to a point where innovation just happens in the grassroots. And it just, just like >>We automations scale optic brings all, >>Just happens without anyone overseeing it. Anyone there's no single point of bottleneck. I don't have to go take any diving catches or have you, there are people just working, you know, in a decentralized fashion and innovation just happens. Yeah. The second thing I work on of course is, you know, my heart and soul is in, you know, driving the vision, you know, the next level. And that of course is part of it. So those are the two things >>We heard from all day in our super cloud event that there's a need for an, an operating system. Yeah. Whether that's defacto standard or open. Correct. Do you see a consortium around the corner potentially to bring people together so that things could work together? Cuz there really isn't no stand there. Isn't a standards bodies. Now we have great hyperscale growth. We have on-prem we got the super cloud thing happening >>And it's a, it's kind of like what is an operating system? Operating system exposes some APIs that the applications can then use. And if you think about what we've been trying to do with the marketplace, right, we've built a huge platform and that platform is exposed through APIs. That third party developers can use. Right? And even we, when we, you know, built more and more services on top, you know, we rolled our D as we rolled out, backup as a service and a ready for thing security as a service governance, as a service, they're using those APIs. So we are building a distributor, putting systems of sorts. >>Well, congratulations on a great journey. Sanja. Congratulations on taking the hem. Thank you've got ball control. Now you're gonna be calling the ball cohesive as they say, it's, >>It's a team. It's, you know, I think I like that African phrase. If you want to go fast, you go alone. If you wanna go far, you go together. So I've always operated with the best deal. I'm so fortunate. This is to me like a dream come true because I always thought I wanted to work with a technologist that frees me up to do what I like. I mean, I started as an engineer, but that's not what I am today. Right? Yeah. So I do understand the product and this category I think is right for disruption. So I feel excited, you know, it's changing growing. Yeah. No. And it's a, it requires innovation with a cloud scale mindset and you guys have been great friends through the years. >>We'll be, we'll be watching you. >>I think it's not only disruption. It's creation. Yeah. There's a lot of white space that just hasn't been created yet. >>You're gonna have to, and you know, the proof, isn't the pudding. Yeah. You already have five of the biggest 10 financial institutions in the us and our customers. 25% of the fortune 500 users, us two of the biggest five pharmaceutical companies in the world use us. Probably, you know, some of the biggest companies, you know, the cars you have, you know, out there probably are customers. So it's already happening. >>I know you got an IPO filed confidentially. I know you can't talk numbers, but I can tell by your confidence, you're feeling good right now we are >>Feeling >>Good. Yeah. One day, one week, one month at a time. I mean, you just, you know, I like the, you know, Jeff Bezos, Andy jazzy expression, which is, it's always day one, you know, just because you've had success, even, you know, if, if a and when an IPO O makes sense, you just have to stay humble and hungry because you realize, okay, we've had a lot of success in the fortune 1000, but there's a lot of white space that hasn't picked USS yet. So let's go, yeah, there's lots of midmarket account >>Product opportunities are still, >>You know, I just stay humble and hungry and if you've got the team and then, you know, I'm really gonna be working also in the ecosystem. I think there's a lot of very good partners. So lots of ideas brew through >>The head. Okay. Well, thank you so much for coming on our super cloud event and, and, and also doubling up on the news of the new appointment and congratulations on the success guys. Coverage super cloud 22, I'm sure. Dave ante, thanks for watching. Stay tuned for more segments after this break.

(gentle upbeat music) >> Okay, welcome back everyone to theCUBE's live coverage here in Boston, Massachusetts for AWS RE:INFORCE 22. I'm John Furrier, your host with Dave Vellante co-host of theCUBE, and Shreyans Metah, CTO and founder of Cequence Security. CUBE alumni, great to see you. Thanks for coming on theCUBE. >> Yeah. Thanks for having me here. >> So when we chatted you were part of the startup showcase. You guys are doing great. Congratulations on your business success. I mean, you guys got a good product in hot market. >> Yeah. >> You're here before we get into it. I want to get your perspective on the keynote and the talk tracks here and the show. But for the folks that don't know you guys, explain what you guys, take a minute to explain what you guys do and, and key product. >> Yeah, so we are the unified API protection place, but I mean a lot of people don't know what unified API protection is but before I get into that, just just talking about Cequence, we've been around since 2014. But we are protecting close to 6 billion API transactions every day. We are protecting close to 2 billion customer accounts, more than 2 trillion dollars in customer assets and a hundred million plus sort of, data points that we look at across customer base. That's that's who we are. >> I mean, of course we all know APIs is, is the basis of cloud computing and you got successful companies like Stripe, for instance, you know, you put API and you got a financial gateway, billions of transactions. What's the learnings. And now we're in a mode now where single point of failure is a problem. You got more automation you got more reasoning coming a lot more computer science next gen ML, AI there too. More connections, no perimeter. Right? More and more use cases, more in the cloud. >> Yeah. So what, what we are seeing today is, I mean from six years ago to now, when we started, right? Like the monolith apps are breaking down into microservices, right? What effectively, what that means is like every of the every such microservices talking APIs, right? So what used to be a few million web applications have now become billions of APIs that are communicating with each other. I mean, if you look at the, I mean, you spoke about IOT earlier, I call, I call like a Tesla is an application on four wheels that is communicating to its cloud over APIs. So everything is API yesterday. 80% traffic on internet is APIs. >> Now that's dated transit right there. (laughing) Couldn't resist. >> Yeah. >> Fully encrypted too. >> Yeah. >> Yeah, well hopefully. >> Maybe, maybe, maybe. (laughing) We dunno yet, but seriously everything is talking to an API. >> Yeah. >> Every application. >> Yeah. And, and there is no single choke point, right? Like you spoke about it. Like everybody is hosting their application in the cloud environments of their choice, AWS being one of them. But it's not the only one. Right? The, the, your APIs are hosted behind a CDN. Your APIs are hosted on behind an API gateway behind a load balancer in guest controllers. There is no single. >> So what's the problem? What's the problem now that you're solving? Because one was probably I can imagine connecting people, connecting the APIs. Now you've got more operational data. >> Yeah. >> Potential security hacks? More surface area? What's the what's what are you facing? >> Well, I can speak about some of the, our, some of the well known sort of exploits that have been well published, right. Everybody gets exploited, but I mean some of the well knowns. Now, if you, if you heard about Expedian last year there was a third party API that was exposing your your credit scores without proper authentication. Like Facebook had Ebola vulnerability sometime ago, where people could actually edit somebody else's videos online. Peloton again, a well known one. So like everybody is exposed, right. But that is the, the end results. All right? But it all starts with people don't even know where their APIs are and then you have to secure it all the way. So, I mean, ultimately APIs are prone to business logic attacks, fraud, and that's what, what you need to go ahead and protect. >> So is that the first question is, okay, what APIs do I need to protect? I got to take a API portfolio inventory. Is that? >> Yeah, so I think starting point is where. Where are my APIs? Right, so we spoke about there's no single choke point. Right, so APIs could be in, in your cloud environment APIs could be behind your cloud front, like we have here at RE:INFORCE today. So APIs could be behind your AKS, Ingrid controllers API gateways. And it's not limited to AWS alone, right. So, so knowing the unknown is, is the number one problem. >> So how do I find him? I asked Fred, Hey, where are our API? No, you must have some automated tooling to help me. >> Yeah, so, I, Cequence provides an option without any integration, what we call it, the API spider. Whereas like we give you visibility into your entire API attack surface without any integration into any of these services. Where are your APIs? What's your API attack surface about? And then sort of more details around that as well. But that is the number one. Is that agent list or is that an agent? >> There's no agent. So that means you can just sign up on our portal and then, then, then fire it away. And within a few minutes to an hour, we'll give you complete visibility into where your API is. >> So is it a full audit or is it more of a discovery? >> Or both? >> So, so number one, it's it's discovery, but we are also uncovering some of the potential vulnerabilities through zero knowledge. Right? So. (laughing) So, we've seen a ton of lock for J exposed server still. Like recently, there was an article that lock four J is going to be endemic. That is going to be here. >> Long time. >> (laughs) For, for a very long time. >> Where's your mask on that one? That's the Covid of security. >> Yeah. Absolutely absolutely. So, you need to know where your assets are what are they exposing? So, so that is the first step effectively discovering your attack surface. Yeah. >> I'm sure it's a efficiency issue too, with developers. The, having the spider allows you to at least see what's connecting out there versus having a meeting and going through code reviews. >> Yeah. Right? Is that's another big part of it? >> So, it is actually the last step, but you have, you actually go through a journey. So, so effectively, once you're discovering your assets you actually need to catalog it. Right. So, so I know where they're hosted but what are developers actually rolling out? Right. So they are updating your, the API endpoints on a daily basis, if not hourly basis. They have the CACD pipelines. >> It's DevOps. (laughing) >> Welcome to DevOps. It's actually why we'll do it. >> Yeah, and people have actually in the past created manual ways to catalog their APIs. And that doesn't really work in this new world. >> Humans are terrible at manual catalogization. >> Exactly. So, cataloging is really the next step for them. >> So you have tools for that that automate that using math, presumably. >> Exactly. And then we can, we can integrate with all these different choke points that we spoke about. There's no single choke points. So in any cloud or any on-prem environment where we actually integrate and give you that catalog of your APIs, that becomes your second step really. >> Yeah. >> Okay, so. >> What's the third step? There's the third step and then compliance. >> Compliance is the next one. So basically catalog >> There's four steps. >> Actually, six. So I'll go. >> Discovery, catalog, then compliance. >> Yeah. Compliance is the next one. So compliance is all about, okay, I've cataloged them but what are they really exposing? Right. So there could be PII information. There could be credit card, information, health information. So, I will treat every API differently based on the information that they're actually exposing. >> So that gives you a risk assessment essentially. >> Exactly. So you can, you can then start looking into, okay. I might have a few thousand API endpoints, like, where do I prioritize? So based on the risk exposure associated with it then I can start my journey of protecting so. >> That that's the remediation that's fixing it. >> Okay. Keep going. So that's, what's four. >> Four. That was that one, fixing. >> Yeah. >> Four is the risk assessment? >> So number four is detecting abuse. >> Okay. >> So now that I know my APIs and each API is exposing different business logic. So based on the business you are in, you might have login endpoints, you might have new account creation endpoint. You might have things around shopping, right? So pricing information, all exposed through APIs. So every business has a business logic that they end up exposing. And then the bad guys are abusing them. In terms of scraping pricing information it could be competitors scraping pricing. They will, we are doing account take. So detecting abuse is the first step, right? The fifth one is about preventing that because just getting visibility into abuse is not enough. I should be able to, to detect and prevent, natively on the platform. Because if you send signals to third party platforms like your labs, it's already too late and it's too course grain to be able to act on it. And the last step is around what you actually spoke about developers, right? Like, can I shift security towards the left, but it's not about shifting left. Just about shifting left. You obviously you want to bring in security to your CICD pipelines, to your developers, so that you have a full spectrum of API securities. >> Sure enough. Dave and I were talking earlier about like how cloud operations needs to look the same. >> Yeah. >> On cloud premise and edge. >> Yes. Absolutely. >> Edge is a wild card. Cause it's growing really fast. It's changing. How do you do that? Cuz this APIs will be everywhere. >> Yeah. >> How are you guys going to reign that in? What's the customers journey with you as they need to architect, not just deploy but how do you engage with the customer who says, "I have my environment. I'm not going to be to have somebody on premise and edge. I'll use some other clouds too. But I got to have an operating environment." >> Yeah. "That's pure cloud." >> So, we need, like you said, right, we live in a heterogeneous environment, right? Like effectively you have different, you have your edge in your CDN, your API gateways. So you need a unified view because every gateway will have a different protection place and you can't deal with 5 or 15 different tools across your various different environments. So you, what we provide is a unified view, number one and the unified way to protect those applications. So think of it like you have a data plane that is sprinkled around wherever your edges and gateways and risk controllers are and you have a central brains to actually manage it, in one place in a unified way. >> I have a computer science or computer architecture question for you guys. So Steven Schmidt again said single controls or binary states will fail. Obviously he's talking from a security standpoint but I remember the days where you wanted a single point of control for recovery, you talked about microservices. So what's the philosophy today from a recovery standpoint not necessarily security, but recovery like something goes wrong? >> Yeah. >> If I don't have a single point of control, how do I ensure consistency? So do I, do I recover at the microservice level? What's the philosophy today? >> Yeah. So the philosophy really is, and it's very much driven by your developers and how you want to roll out applications. So number one is applications will be more rapidly developed and rolled out than in the past. What that means is you have to empower your developers to use any cloud and serverless environments of their choice and it will be distributed. So there's not going to be a single choke point. What you want is an ability to integrate into that life cycle and centrally manage that. So there's not going to be a single choke point but there is going to be a single control plane to manage them off, right. >> Okay. >> So you want that unified, unified visibility and protection in place to be able to protect these. >> So there's your single point of control? What about the company? You're in series C you've raised, I think, over a hundred million dollars, right? So are you, where are you at? Are you scaling now? Are you hiring sales people or you still trying to sort of be careful about that? Can you help us understand where you're at? >> Yeah. So we are absolutely scaling. So, we've built a product that is getting, that is deployed already in all these different verticals like ranging from finance, to detail, to social, to telecom. Anybody who has exposure to the outside world, right. So product that can scale up to those demands, right? I mean, it's not easy to scale up to 6 billion requests a day. So we've built a solid platform. We've rolled out new products to complete the vision. In terms of the API spider, I spoke about earlier. >> The unified, >> The unified API protection covers three aspects or all aspects of API life cycle. We are scaling our teams from go to market motion. We brought in recently our chief marketing officer our chief revenue officer as well. >> So putting all the new, the new pieces in place. >> Yeah. >> So you guys are like API observability on steroids. In a way, right? >> Yeah, absolutely. >> Cause you're doing the observability. >> Yes. >> You're getting the data analysis for risk. You're having opportunities and recommendations around how to manage the stealthy attacks. >> From a full protection perspective. >> You're the API store. >> Yeah. >> So you guys are what we call best of breed. This is a trend we're seeing, pick something that you're best in breed in. >> Absolutely. >> And nail it. So you're not like an observability platform for everything. >> No. >> You guys pick the focus. >> Specifically, APS. And, so basically your, you can have your existing tools in place. You will have your CDN, you will have your graphs in place. So, but for API protection, you need something specialized and that stuff. >> Explain why I can't just rely on CDN infrastructure, for this. >> So, CDNs are, are good for content delivery. They do your basic TLS, and things like that. But APIs are all about your applications and business that you're exposing. >> Okay, so you, >> You have no context around that. >> So, yeah, cause this is, this is a super cloud vision that we're seeing of structural change in the industry, a new thing that's happening in real time. Companies like yours are be keeping a focus and nailing it. And now the customer's can assemble these services and company. >> Yeah. - Capabilities, that's happening. And it's happening like right now, structural change has happened. That's called the cloud. >> Yes. >> Cloud scale. Now this new change, best of brief, what are the gaps? Because I'm a customer. I got you for APIs, done. You take the complexity away at scale. I trust you. Where are the other gaps in my architecture? What's new? Cause I want to run cloud operations across all environments and across clouds when appropriate. >> Yeah. >> So I need to have a full op where are the other gaps? Where are the other best of breed components that need to be developed? >> So it's about layered, the layers that you built. Right? So, what's the thing is you're bringing in different cloud environments. That is your infrastructure, right? You, you, you either rely on the cloud provider for your security around that for roll outs and operations. Right? So then is going to be the next layer, which is about, is it serverless? Is it Kubernetes? What about it? So you'll think about like a service mesh type environment. Ultimately it's all about applications, right? That's, then you're going to roll out those applications. And that's where we actually come in. Wherever you're rolling out your applications. We come in baked into that environment, and for giving you that visibility and control, protection around that. >> Wow, great. First of all, APIs is the, is what cloud is based on. So can't go wrong there. It's not a, not a headwind for you guys. >> Absolutely. >> Great. What's a give a quick plug for the company. What are you guys looking to do hire? Get customers who's uh, when, what, what's the pitch? >> So like I started earlier, Cequence is around unified API protection, protecting around the full life cycle of your APIs, ranging from discovery all the way to, to testing. So, helping you throughout the, the life cycle of APIs, wherever those APIs are in any cloud environment. On-prem or in the cloud in your serverless environments. That's what Cequence is about. >> And you're doing billions of transactions. >> We're doing 6 billion requests every day. (laughing) >> Which is uh, which is, >> A lot. >> Unheard for a lot of companies here on the floor today. >> Sure is. Thanks for coming on theCUBE, sure appreciate it. >> Yeah. >> Good, congratulations to your success. >> Thank you. >> Cequence Security here on theCUBE at RE:INFORCE. I'm chatting with Dave Vellante, more coverage after this short break. (upbeat, gentle music)

>>The cube presents, Coon and cloud native con Europe 22 brought to you by the cloud native computing foundation. >>Welcome to Licia Spain in Coon cloud native con Europe, 2022. I'm your host, Keith Townson, along with Paul Gillon senior editor, enterprise architecture for Silicon angle. Paul, we're gonna talk to some amazing people this week. Coon, what the energy here, what, what, what would you say about >>It? I'd say it's reminiscent of, of early year, early stage conferences I've seen with other technologies. There is a lot of startup activity. Here's a lot of money in the market, despite the selloff in the stock market lately, a lot of anticipation that there are, there could be big exits. There could be big things ahead for these companies. You don't see that when you go to the big established conferences, you see just anticipation here that I don't think you see you you'll see maybe in a couple of years. So it's fun to be here right now. I'm sure it'll be a very different experience in two or three years. >>So welcome to our guest Q alum. BAAM Tobar the founder and CEO of Upbound. Welcome back. >>Thank you. Yeah, pleasure to be on, on the show again. >>So Paul, tell us the we're in this phase of migrations and, and moving to cloud native stacks. Are we another re-platforming generation? I mean, we've done, the enterprise has done this, you know, time and time again, and whether it's from Java to.net or net to Java or from bare metal to VMs, but are we in another age of replatforming? >>You know, it's interesting. Every company has now become a tech company and every tech company needs to build a very model, you know, modern digital platform for them to actually run their business. And if they don't do that, then they'll probably be out of business. And it is interesting to think about how companies are platforming and replatforming. Like, you know, as you said, just a, a few years back, you know, we were on people using cloud Foundry or using Heroku, you hear Heroku a lot, or, you know, now it's cloud native and Kubernetes and, and it, it begs the question, you know, is this the end that the tr point is this, you know, do we have a, you know, what, what makes us sure that this is the, you know, the last platform or the future proof platform that, that people are building, >>There's never a last platform, right? There's always something around the core. The question is, is Kubernetes Linux, or is it windows? >>That, that's a good question. It's more like more like Linux. I think, you know, the, you know, you've heard this before, but people talk about Kubernetes as a platform off platforms, you can use it to build other platforms. And if you know what you're doing, you can probably put, assemble a set of pieces around it and arrive at something that looks and can work for your business. But it requires a ton of talent. It requires a lot of people that actually can act, you know, know how to put the stick together to, to work for your business. It is, there's not a lot of guidance. I, we were, I think we were chatting earlier about the CSCF landscape and, and how there all these different projects and companies around it. But, but they don't come together in meaningful ways that you have, they act the enterprise itself has to figure out how to bring them together. Right. And that's the combination of what they do there organically or not is their platform. Right. And that changes. It can change over time. >>Do you think they really do. They really want to put these things together? I mean, there's, that's not what enterprise is like to do. They want to find someone who's gonna come in and turnkey do it all for >>Them. Yeah. And, and if there were, this is the, this is the things like EV every week now you hear about another platform that says, this is the new Heroku. This is the new cloud Foundry. This replaces every, you know, some vendor has, and you can see them all around here. You know, companies that are basically selling platform solutions that do put 'em together. And the problem with it is that you typically outgrow these, like you are, it might solve 80% of the use cases you care about, but the other 20% are not represented. And so you end up outgrowing the platform itself, right? And the, the choice has been mostly around, you know, do you buy something off the shelf that solves 80% of your use cases? Or do you build something on your own? And then you have to spend all your resources actually going through and building all of it. And that's been the dilemma, you know, people who talk about this as a platform dilemma, but it's been, it's been the way for a long time. Like you, every, we go through this cycle every few years and, you know, people end up essentially oscillating between buying something off the, you know, that's off the shelf or building it, building it themselves. >>So what's the payoff. If I'm a CIO and I'm looking at the landscape, I don't need to understand, you know, I don't know what a pod is to know that looking at 200 plus projects in co and at, in cloud native foundation and the bevy of, of co-located projects and, and conferences before the, even the start of this, what's the payoff >>Increasing the pace of innovation. I mean, that literally is when we talk to customers, they all say roughly the same thing. They want something that works for their business. They want something that helps them take their, you know, line of business applications to production in a much quicker way, lets them innovate, lets them create higher engineers that can, don't have to understand everything about every system, but can actually specialize and focus on the, the parts that they sh they care about. But it's all in the context of, you know, people want to be able to innovate at a very high pace. Otherwise they get disrupted. >>So I was at the, you know, my favorite part of coan in general is the hallway track and talking to people on the ground, doing cool things. I was talking to a engineer who was able to take their Java, stack their, their.net stack and start to create APIs between and break 'em into microservices. Now teams are working across from one another realizing that, that, that promise of innovation, but that was the end point. They they're there. Yeah. As companies are thinking about replatforming where like, where do we start? I mean, I'm looking at the, the C CNCF, the, the map and it's 200 plus projects. Where, where do I start? >>You typically today start with Kubernetes. And, and a lot of companies have now deployed Kubernetes to production as a container orchestrator, whether they're going through a vendor or not. But now you're seeing all the things around it, whether it's C I C D or GI ops that they're looking at, you know, or they're starting to build consoles around, you know, their, their platforms or looking at managing more than just containers. And that's a theme that, you know, we're seeing a lot now, people want, people want to actually bring this modern stack to manage, not just container workloads, but start looking at databases and cloud workloads and everything else that they're doing around it. Honestly, everybody's trying to do the same thing. They're trying to arrive at a single point of control, a single, you know, a platform that can do it all that they can centralize policies, centralized controls to compliance governance, cost controls, and then expose a self-service experience to the developers. Like they're all trying to build what we probably call an internal cloud platform. They don't know, they talk about it in different ways, but almost everyone is trying to build some internal platform that sits on top of, on premises. And on top of cloud, depending on their scenarios, >>You make an interesting point, which is that everyone here is to some extent trying to do the same thing. And there's fine points of granularity between now they're approaching it as you walk around this floor. Do you understand what all of these companies are doing? >>I'm not sure I understand all of them, but I, I do. I do recognize a lot of them. Yes. >>And in terms of your approach, you, you use the term control plane. What is distinctive about your approach? >>Very good question. So, you know, we, we end, Upbound take a, we we're trying to solve this problem as well. We're trying to help people build their own platforms, but let me, let me, you know, there's a lot to it. So let me actually step back and, and talk about the architecture of this. But if you were to look at any cloud platform, let's take the largest one. AWS, if you peek behind the scenes at AWS, you know, it's basically a set of independent services, EC two S three databases, et cetera, that are, you know, essentially working on different parts of, you know, like offer completely different pricing, different services, et cetera. They come together because they all integrate into a control plan. >>It's the thing that serves an API. It's the thing that gives it all a common feel. It's where you do access control. It's where you do billing metering, cost control policy, et cetera. Right? And so our realization was if the enterprises are platforming and replatforming, why shouldn't they build their platform in the same way that the cloud vendors build theirs? And so we started this project almost four years ago, now three and a half years called cross plain, which is a, essentially an open source control plane that can become the integration point for all services. And essentially gives you a universal control plane for cloud. >>So you mentioned the idea of if orchestrating or managing stuff other than containers, as I think about companies that built amazing platforms, enterprise companies, building amazing applications on AWS 10 years ago, and they're adopting the AWS control plane. And now I'm looking at Kubernetes is Kubernetes the way to multi-cloud to be able to control those discrete services in a AWS or Google cloud Azure or Oracle cloud, is that true? >>We kind have the tease it, the parts. So there are really two parts to Kubernetes and everybody thinks of Kubernetes as a container orchestration platform. Right? And you know, there is a sense that people say, if I was to run Kubernetes on everywhere and can build everything on top of containers, that I get some kind of portability across clouds, right. That I can put things in containers. And then they magically run, you know, in different environments. In reality, what we've seen is not everything fits in containers. It's not gonna be the world is not gonna look like containers on the bottom. Everything else is on top. Instead, what we're gonna see is essentially a set of services that people are using across the different vendors. So if you look at like, you could be at AWS shop primarily, but I bet you're using confluent or elastic or data breaks or snowflake or Mongo or other services. >>I bet you're using things that are on premises, right? And so when you look at that and you say to build my platform as an enterprise, I have to consume services from multiple vendors. Even if it's just one major cloud vendor, but I'm consuming services from others. How do I bring them together in meaningful ways so that I can, you know, build my platform on top of the collection of them and offer something that my developers can consume. And self-service on. That's not a, that's not just containers. What's interesting though, is if you look at Kubernetes and, you know, look inside it, Kubernetes built a control plane. That's actually quite useful and applicable outside of container scenarios. So this whole notion of CRDs and controllers, if you've heard that term, the ability, you know, like there are two parts to Kubernetes, there is a control plane, and then there's the container container workloads. >>And the control plane is generic. It could be used literally across, you know, you can use it to manage things that are completely outside of container workloads. And that's what we did with cross mind. We took the control plane of Kubernetes and then built bindings providers that connected to AWS, to Google, to Azure, to digital ocean, to all these different environments. So you can bring the way of managing, you know, the style of managing that Kubernetes invented to more than just containers. You can now manage cloud services, using the same approach that you are now using with Kubernetes and using the entire ecosystem of tooling around it. >>Enterprise has been under pressure to replatform for a long time. It was first go to Unix then to Linux and virtualize then to move to the cloud. Now, Kubernetes, do you think that this is the stack that enterprises can finally commit to? >>I think if you take the orientation of your deploying a control plane within your enterprise, that is extensible, that enables you to actually connect it to all the things that are under your domain, that that actually can be a Futureproof way of doing a platform. And, you know, if you look at the largest cloud platforms, AWS has been around for at least 15 years now, and they really haven't changed the architecture of AWS significantly. It's still a control plane, a set of control planes that are managing services. >>It's a legacy >>They've added a lot of services. They've have a ton of diversity. They've added so many different things, but the architecture is still a hub and spoke that they've built, right? And if the enterprise can take the same orientation, put a control plane, let it manage all the things that are, you know, about today, arrive at a single point of control, have a single point where you can enforce policy compliance, cost controls, et cetera, and then expose a self-service experience to your developers that actually can become future proof. >>So we've heard this promise before the cloud of clouds, basically, yes, the, the, to be able to manage everything, what we find is the devils in the details. The being able to say, you know, a load balancer issuing a, a command to, to deploy a load balancer in AWS is different than it is in Azure, which is different than it is in GCP. How do, how do enterprises know that we can talk to a single control plane to do that? I mean, that just seems extremely difficult to manage. >>Oh yeah. That the approach is not, you're not trying to create a lowest common denominator between clouds. That's a really, really hard problem. And in fact, you get relegated to just using this, you know, really shallow features of each, if you're, if you're gonna do that, like your, your example of load balancers, load balances look completely different between between cloud vendors, the approach that we kind of advocate for is that you shouldn't think of them as you shouldn't try to unify them in a way that makes them, you know, there's a, there's a global abstraction that says, oh, there's a load balancer. And it somehow magically works across the different cloud vendors. I think that's a really, really hard thing to say, to do as you pointed out. However, if you bring them all under a same control plane, as different as they are, you're able to now apply policies. You're able to set cost controls. You're able to expose a self-service experience on top of them, even, even if they are very different. And that's, that's something that I think is, you know, been hard to do in the past. >>So BAAM, we'll love to dig deeper into this in future segments. And I'm gonna take a look at the, the, the product and project and see where you folks land in this conversation from Valencia Spain, I'm Keith towns, along with Paul Gillon and you're watching the leader in high tech coverage.

(upbeat music) >> Okay, we're back. I'm John Furrier with theCUBE and we're going to go deeper into a deep dive into unified cloud networking solution from Pluribus and NVIDIA. And we'll examine some of the use cases with Alessandro Barbieri, VP of product management at Pluribus Networks and Pete Lumbis, the director of technical marketing and video remotely. Guys thanks for coming on, appreciate it. >> Yeah thanks a lot. >> I'm happy to be here. >> So a deep dive, let's get into the what and how. Alessandro, we heard earlier about the Pluribus and NVIDIA partnership and the solution you're working together in. What is it? >> Yeah, first let's talk about the what. What are we really integrating with the NVIDIA BlueField the DPU technology? Pluribus has been shipping in volume in multiple mission critical networks, this Netvisor ONE network operating systems. It runs today on merchant silicon switches and effectively it's standard based open network operating system for data center. And the novelty about this operating system is that it integrates distributed the control plane to automate effect with SDN overlay. This automation is completely open and interoperable and extensible to other type of clouds. It's not enclosed. And this is actually what we're now porting to the NVIDIA DPU. >> Awesome, so how does it integrate into NVIDIA hardware and specifically how is Pluribus integrating its software with the NVIDIA hardware? >> Yeah, I think we leverage some of the interesting properties of the BlueField DPU hardware which allows actually to integrate our network operating system in a manner which is completely isolated and independent from the guest operating system. So the first byproduct of this approach is that whatever we do at the network level on the DPU card is completely agnostic to the hypervisor layer or OS layer running on the host. Even more, we can also independently manage this network node this switch on a NIC effectively, managed completely independently from the host. You don't have to go through the network operating system running on X86 to control this network node. So you truly have the experience effectively top of rack for virtual machine or a top of rack for Kubernetes spots, where if you allow me with analogy, instead of connecting a server NIC directly to a switchboard, now we are connecting a VM virtual interface to a virtual interface on the switch on an niche. And also as part of this integration, we put a lot of effort, a lot of emphasis in accelerating the entire data plan for networking and security. So we are taking advantage of the NVIDIA DOCA API to program the accelerators. And these you accomplish two things with that. Number one, you have much better performance. They're running the same network services on an X86 CPU. And second, this gives you the ability to free up I would say around 20, 25% of the server capacity to be devoted either to additional workloads to run your cloud applications or perhaps you can actually shrink the power footprint and compute footprint of your data center by 20% if you want to run the same number of compute workloads. So great efficiencies in the overall approach. >> And this is completely independent of the server CPU, right? >> Absolutely, there is zero code from Pluribus running on the X86. And this is why we think this enables a very clean demarcation between compute and network. >> So Pete, I got to get you in here. We heard that the DPU enable cleaner separation of DevOps and NetOps. Can you explain why that's important because everyone's talking DevSecOps, right? Now, you've got NetSecOps. This separation, why is this clean separation important? >> Yeah, I think, it's a pragmatic solution in my opinion. We wish the world was all kind of rainbows and unicorns, but it's a little messier than that. I think a lot of the DevOps stuff and that mentality and philosophy. There's a natural fit there. You have applications running on servers. So you're talking about developers with those applications integrating with the operators of those servers. Well, the network has always been this other thing and the network operators have always had a very different approach to things than compute operators. And I think that we in the networking industry have gotten closer together but there's still a gap, there's still some distance. And I think that distance isn't going to be closed and so, again, it comes down to pragmatism. And I think one of my favorite phrases is look, good fences make good neighbors. And that's what this is. >> Yeah, and it's a great point 'cause DevOps has become kind of the calling car for cloud, right? But DevOps is a simply infrastructures code and infrastructure is networking, right? So if infrastructure is code you're talking about that part of the stack under the covers, under the hood if you will. This is super important distinction and this is where the innovation is. Can you elaborate on how you see that because this is really where the action is right now? >> Yeah, exactly. And I think that's where one from the policy, the security, the zero trust aspect of this, right? If you get it wrong on that network side, all of a sudden you can totally open up those capabilities. And so security's part of that. But the other part is thinking about this at scale, right? So we're taking one top of rack switch and adding up to 48 servers per rack. And so that ability to automate, orchestrate and manage its scale becomes absolutely critical. >> Alessandro, this is really the why we're talking about here and this is scale. And again, getting it right. If you don't get it right, you're going to be really kind of up you know what? So this is a huge deal. Networking matters, security matters, automation matters, DevOps, NetOps, all coming together clean separation. Help us understand how this joint solution with NVIDIA fits into the Pluribus unified cloud networking vision because this is what people are talking about and working on right now. >> Yeah, absolutely. So I think here with this solution we're attacking two major problems in cloud networking. One, is operation of cloud networking and the second, is distributing security services in the cloud infrastructure. First, let me talk about first what are we really unifying? If we're unifying something, something must be at least fragmented or disjointed. And what is disjointed is actually the network in the cloud. If you look wholistically how networking is deployed in the cloud, you have your physical fabric infrastructure, right? Your switches and routers. You build your IP clause, fabric leaf and spine topologies. This is actually a well understood problem I would say. There are multiple vendors with let's say similar technologies, very well standardized, very well understood and almost a commodity I would say building an IP fabric these days, but this is not the place where you deploy most of your services in the cloud particularly from a security standpoint. Those services are actually now moved into the compute layer where cloud builders have to instrument a separate network virtualization layer where they deploy segmentation and security closer to the workloads. And this is where the complication arise. This high value part of the cloud network is where you have a plethora of options that they don't talk to each other and they're very dependent on the kind of hypervisor or compute solution you choose. For example, the networking API between an ESXi environment or an Hyper-V or a Zen are completely disjointed. You have multiple orchestration layers. And then when you throw in also Kubernetes in this type of architecture, you are introducing yet another level of networking. And when Kubernetes runs on top of VMs which is a prevalent approach, you actually are stuck in multiple networks on the compute layer that they eventually ran on the physical fabric infrastructure. Those are all ships in the knights effectively, right? They operate as completely disjointed and we're trying to tackle this problem first with the notion of a unified fabric which is independent from any workloads whether this fabric spans on a switch which can be connected to bare metal workload or can span all the way inside the DPU where you have your multi hypervisor compute environment. It's one API, one common network control plane and one common set of segmentation services for the network. That's problem number one. >> It's interesting I hear you talking and I hear one network among different operating models. Reminds me of the old serverless days. There's still servers but they call it serverless. Is there going to be a term network-less because at the end of the day it should be one network, not multiple operating models. This is a problem that you guys are working on, is that right? I'm just joking serverless and network-less, but the idea is it should be one thing. >> Yeah, effectively what we're trying to do is we're trying to recompose this fragmentation in terms of network cooperation across physical networking and server networking. Server networking is where the majority of the problems are because as much as you have standardized the ways of building physical networks and cloud fabrics with IP protocols and internet, you don't have that sort of operational efficiency at the server layer. And this is what we're trying to attack first with this technology. The second aspect we're trying to attack is how we distribute security services throughout the infrastructure more efficiently whether it's micro-segmentation is a stateful firewall services or even encryption. Those are all capabilities enabled by the BlueField DPU technology. And we can actually integrate those capabilities directly into the network fabric limiting dramatically at least for east west traffic the sprawl of security appliances whether virtual or physical. That is typically the way people today segment and secure the traffic in the cloud. >> Awesome. Pete, all kidding aside about network-less and serverless kind of fun play on words there, the network is one thing it's basically distributed computing, right? So I'd love to get your thoughts about this distributed security with zero trust as the driver for this architecture you guys are doing. Can you share in more detail the depth of why DPU based approach is better than alternatives? >> Yeah, I think what's beautiful and kind of what the DPU brings that's new to this model is completely isolated compute environment inside. So it's the, yo dog, I heard you like a server so I put a server inside your server. And so we provide ARM CPUs, memory and network accelerators inside and that is completely isolated from the host. The actual X86 host just thinks it has a regular niche in there, but you actually have this full control plane thing. It's just like taking your top of rack switch and shoving it inside of your compute node. And so you have not only this separation within the data plane, but you have this complete control plane separation so you have this element that the network team can now control and manage, but we're taking all of the functions we used to do at the top of rack switch and we're distributing them now. And as time has gone on we've struggled to put more and more and more into that network edge. And the reality is the network edge is the compute layer, not the top of rack switch layer. And so that provides this phenomenal enforcement point for security and policy. And I think outside of today's solutions around virtual firewalls, the other option is centralized appliances. And even if you can get one that can scale large enough, the question is, can you afford it? And so what we end up doing is we kind of hope that NVIDIA's good enough or we hope that the VXLAN tunnel's good enough. And we can't actually apply more advanced techniques there because we can't financially afford that appliance to see all of the traffic. And now that we have a distributed model with this accelerator, we could do it. >> So what's in it for the customer real quick and I think this is an interesting point you mentioned policy. Everyone in networking knows policy is just a great thing. And as you hear it being talked about up the stack as well when you start getting to orchestrating microservices and whatnot all that good stuff going on there, containers and whatnot and modern applications. What's the benefit to the customers with this approach because what I heard was more scale, more edge, deployment flexibility relative to security policies and application enablement? What's the customer get out of this architecture? What's the enablement? >> It comes down to taking again the capabilities that we're in that top of rack switch and distributing them down. So that makes simplicity smaller, blast radius' for failures smaller failure domains, maintenance on the networks and the systems become easier. Your ability to integrate across workloads becomes infinitely easier. And again, we always want to kind of separate each one of those layers so just as in say a VXLAN network, my leaf in spine don't have to be tightly coupled together. I can now do this at a different layer and so you can run a DPU with any networking in the core there. And so you get this extreme flexibility. You can start small, you can scale large. To me the possibilities are endless. >> It's a great security control plan. Really flexibility is key and also being situationally aware of any kind of threats or new vectors or whatever's happening in the network. Alessandro, this is huge upside, right? You've already identified some successes with some customers on your early field trials. What are they doing and why are they attracted to the solution? >> Yeah, I think the response from customer has been the most encouraging and exciting for us to sort of continue and work and develop this product. And we have actually learned a lot in the process. We talked to tier two, tier three cloud providers. We talked to SP, Soft Telco type of networks as well as inter large enterprise customers. In one particular case one, let me call out a couple of examples here just to give you a flavor. There is a cloud provider in Asia who is actually managing a cloud where they're offering services based on multiple hypervisors. They are native services based on Zen, but they also on ramp into the cloud workloads based on ESXi and KVM depending on what the customer picks from the menu. And they have the problem of now orchestrating through their orchestrate or integrating with Zen center, with vSphere, with OpenStack to coordinate this multiple environments. And in the process to provide security, they actually deploy virtual appliances everywhere which has a lot of cost complication and eats up into the server CPU. The promise that they saw in this technology, they call it actually game changing is actually to remove all this complexity, having a single network and distribute the micro segmentation service directly into the fabric. And overall they're hoping to get out it tremendous OPEX benefit and overall operational simplification for the cloud infrastructure. That's one important use case. Another global enterprise customer is running both ESXi and Hyper-V environment and they don't have a solution to do micro segmentation consistently across hypervisors. So again, micro segmentation is a huge driver security. Looks like it's a recurring theme talking to most of these customers. And in the Telco space, we're working with few Telco customers on the CFT program where the main goal is actually to harmonize network cooperation. They typically handle all the VNFs with their own homegrown DPDK stack. This is overly complex. It is frankly also slow and inefficient. And then they have a physical network to manage. The idea of having again one network to coordinate the provisioning of cloud services between the Telco VNFs and the rest of the infrastructure is extremely powerful on top of the offloading capability opted by the BlueField DPUs. Those are just some examples. >> That was a great use case. A lot more potential I see that with the unified cloud networking, great stuff, Pete, shout out to you 'cause at NVIDIA we've been following your success us for a long time and continuing to innovate as cloud scales and Pluribus with unified networking kind of bring it to the next level. Great stuff, great to have you guys on and again, software keeps driving the innovation and again, networking is just a part of it and it's the key solution. So I got to ask both of you to wrap this up. How can cloud operators who are interested in this new architecture and solution learn more because this is an architectural shift? People are working on this problem, they're try to think about multiple clouds, they're try to think about unification around the network and giving more security, more flexibility to their teams. How can people learn more? >> Yeah, so Alessandro and I have a talk at the upcoming NVIDIA GTC conference. So it's the week of March 21st through 24th. You can go and register for free nvidia.com/gtc. You can also watch recorded sessions if you end up watching this on YouTube a little bit after the fact. And we're going to dive a little bit more into the specifics and the details and what we're providing in the solution. >> Alessandro, how can we people learn more? >> Yeah, absolutely. People can go to the Pluribus website, www.pluribusnetworks.com/eft and they can fill up the form and they will contact Pluribus to either know more or to know more and actually to sign up for the actual early field trial program which starts at the end of April. >> Okay, well, we'll leave it there. Thank you both for joining, appreciate it. Up next you're going to hear an independent analyst perspective and review some of the research from the enterprise strategy group ESG. I'm John Furrier with theCUBE, thanks for watching. (upbeat music)

(bright music) >> Hi, everyone. Welcome to the CUBE's presentation of the AWS Startup Showcase around open cloud innovations. It's the season two episode one of the ongoing series covering exciting startups from the AWS ecosystem and talking about open source and innovation. I'm John Furrier, your host. Today, we're joined by two great guests. Dan Garfield, chief open source officer and co-founder of Codefresh IO, and Raziel Tabib, CEO and co-founder. Two co-founders in the middle of all the innovation. Gentlemen thanks for coming on. >> Thank you. >> So you guys have a great platform and as cloud native goes mainstream in the enterprise and for developers, the big topic is unification, end-to-end, horizontally scalable, leveraging data. All these things around agile that I call agile cloud next level. This is kind of what we're seeing. The CNCF is growing. You've seen KubeCon every year is more about these kinds of things. Words like orchestration, Kubernetes, container, security. All of those complexities are now at the center of making things easier for developers. This is a key value proposition and you guys at Codefresh are offering really the first enterprise delivery solution powered by Argo, which is an open source project. Again, open source driving really big changes. So let's get into it. And first of all, congratulations, and thanks for working on this project. What's so special about- >> Thank you for that. >> Argo the project, and why have you guys decided to build a platform on it, and where is this coming together? Take us through why this is so important. >> I think Argo has been a very fast growing open source project for multiple reasons. A, it has been built for the new way of building and deploying an application. It's cloud native. You mentioned Kubernetes becoming kind of the de facto way of running application. It's the de facto way to run automation and pipeline. But also Argo has been built from the ground up to the latest practices of how we deploy software. We deploy software now differently. We deploy it using a GitOps practice. We're deploying it using canary blue-green progressive deployment. And Argo has been built around these practices, around these technologies, and has been very much widely adopted by the community. In the past, the KubeCon you've mentioned, Argo was all over the place. And we were very glad to be working with the community to talk about what the next steps with Argo. >> Yeah, it's a really good point. I would like to just follow up on that because you see this being talked about. It always comes up, where is open source really outside of a pure contributors matter? And when you have corporations contributing, you seeing this has been the trend. You saw it with Lyft, with Envoy, companies doing more and more open source. This is part of a big collaboration. And again, this comes back down to this whole why it's relevant and why it's so special with Argo. Continue to talk about relationship because it's not just you guys, it's now community. >> Yeah, I can speak to that. The Argo project is something that we maintain in partnership with several other companies and really our relationship with it is that this is something that we're actively contributing to. This is something that we're helping build the roadmap on and planning the events around and all those kinds of things. And we're doing that because we really believe in this technology and we've built our platform on it. So when you deploy Codefresh, you're deploying technology that's built directly on Argo and is designed specifically to solve that problem that you spoke to at the top of the hour. We all want to deliver software faster. We all want to have fewer regressions. We want to have fewer breaking changes. We want software to be super reliable. We want to be comfortable with what we're doing. That's really why we picked Argo because that technology that we have it is to Raziel's point delivered in this new way. It's delivered using GitOps. And that's a whole revolution and change in the way that people build and deploy software. And bringing cohesion into that experience is so critical to building the confidence that lets you actually deploy often and frequently and more. >> Dan, if you don't mind just expanding on that one point about the problem you solve, because to me, this has been kind of that evolution. It's almost like, yeah, there's been problems, plural, and opportunities that you saw with those in growing markets like this with DevOps and DevSecOps and now cloud native. What is the catalyst behind all of this? What was the epiphany behind it? How did it get so much momentum? What was it really doing under the covers? >> Well, it's a very simple and easy to use set of tools. And that's one of the big things is that if you look at the ideas of GitOps and there's actually a foundation around this that were part of called open GitOps to GitOps working group under the CNCF. And those principles of, I want to, yes, do my software defined as code. I want to do my infrastructure defined as code and I need something monitoring by production run times and making sure that the declared desired state is always matching the actual state. Those principles have actually been around for a number of years. And with Kubernetes, we really unlocked an API that allowed us to start doing GitOps and this is why we bring in Argo and you see the rise of Argo CD and other workflows and what we've been doing is really because that technology has been unlocked now. So the ability to define how your software is supposed to run and now your entire software delivery stack should run, all defined and then monitored and then kept in check using the GitOps operator. That critical unlock is what's really driving the massive adoption. And like Raziel said, Argo is the fastest growing and most popular open source project for delivering software. And it's not even close. >> Yeah, this is really great point. And I want to get into that 'cause I want to know why, what you guys do on your platform versus the open source and get that relationship settled? Before we get there, though, I want to get your reaction to some of the commentary in the industry 'cause GitOps trend has been exploding into new directions. I mean, it used to be a term about 10 years ago called big data. And at the beginning where data was all big data. Now it was DevOps revolution around data as well. But now you're hearing people talk about big code. Like, I mean, the code bases are becoming so huge. So as a developer, you're leveraging large open source code. This idea of the software delivery with existing code and new code just adds to more code. There's more code being developed every day. >> There is more code delivered every day. And I think that organization realize today, almost in every industry that they have to pace up how fast and how frequent they update their software delivery. We're living in a world in which every aspect of our life has been disrupted by software and organization realize that they have to keep up and figure out how to deploy software more frequent and more lively. And I think, you mentioned that really Kubernetes, the cloud native became the de facto way of running application. I think most of organization has made that decision to move into cloud native. The second question is after, is okay, now we have all applications running, how fast and how more frequent we can deploy applications to the cloud native? And that's the stage in which we're super excited about Argo and our up platform because that's basically streamline the building application for these cloud native, deploying applications for the cloud native, and so on. >> Yeah, and I think that highlights the business value. You getting a lot of the conversations with businesses that say they want the modern application on the cloud scale. And at the end of the day, it comes down to speed and security. So how fast can I get the app out? How well does it work? Does it run performance? And does it have security? And I don't want a slow. >> Exactly. Exactly. It kind of oversimplifies it, but that's kind of the net net. So when you look at Argo open source, what's that's done and kind of where you guys are taking it. Can you talk about the differences between your enterprise version and the open source version and the interplay there, the relationship, the business model health customers can play on both sides or understand the difference? >> Sure. >> Go ahead. >> Go ahead, Raziel. Okay, so I think Argo, as you mentioned, is probably the most advanced technology today to both run pipelines. They're like events to trigger pipelines and Argo work for the one that pipelines, the Argo CD for GitOps and Rollout, for Canary blue-green strategies. And the adoption is really exploding. Just as an Advocate that we had in December, we have worked with the community and organized ArgoCon events in which we had initially kind of thought about 500 attendees. And so we have more than 4,000 registrants and majority of them are coming from enterprise. Now as we have talked to the community during this conference and figure out, okay, so what are the things that you're still missing? And that will help you take the benefit that you get from Argo to the next level. The few things that came up. One is Argo is a great technology. However, Argo now is fragmented into four projects. There is an advance. There is workflow. There is Argo CD. And there is Argo Rollout. And there is a need to bring them all together into a solid platform, solid one run time that can be easily installed, monitor all of these in a single UI, in a single control plane. That's one aspect. The second is the scalability. Really being able to manage it centrally across multiple clusters, not in one cluster. And what we bring in with the new one, we're so excited about this platform, is we're bringing that big. The first to get all of these four projects in one runtime, and one control plane, but also allow the community to run it across multiple cluster from one place getting into the solution, not just as a technology. >> If I may add to that, the value of bringing these projects together, it provides so many insights. So when you're trying to figure out, there's some breaking change that has been made, but you don't necessarily know where it is because you have a lot of microservices that are out there. You have a lot of teams working on it. By bringing all of these things together, we're able to look at all of the commits, all of the deployments, all of the Jira issues. All of these components combined together, so you really get a single view where you can see everything that's going on. And this is another element where when you're trying to deploy software at scale, you're trying to deliver it faster. People are getting a little bit overwhelmed because there are so many updates and so many different services and so many teams working that they're starting to miss that visibility. So this is what we want to bring into the ecosystem is we really want them that visibility to be super clear. And by bringing all of the Argo components, the Argo tools together, we're able to do that in a single dashboard. >> Yeah, so if I get this right, let me just double click on that because it sounds like, yeah, Argo's great. It's been organically growing, a lot of different components to it, but when you start getting into pushing code in an organization, you have, I call the old-school version control kind of vibe going on where it's like you don't know what's out there and how that affects the system as it's a distributed system, which cloud is. There are consequences when stuff breaks. So we all know that. Is that kind of where you guys are getting at? The challenge is actually the opportunity at the same time where it's all goodness, but then when you start looking at scale and the system impact, is that kind of where the open source and you guys pick up, is that right? >> This is one aspect. I think the second one is that again, when you look at each individual component of Argo, each provide a lot of value by itself. But when you sum it, the value of the sum is greater than the value of the individual. So when you're taking, really the events and workflow, Argo CD and Argo Rollout, and you bring them all together into single runtime. The value of its time is really automation all the way from code to cloud. It's not breaking into, there is like an automation for CI, there's an automation for CD, there's information for progressive delivery. It's actually automated all the way from the Git commit through the GitOps through the deployment strategy, and so on. And being able to monitor it and scale it in the enterprise scale. So, of course, it's helping enterprise and make Argo to some level more crucial for enterprise, if I may say, but second is really bringing all of these components together and get the outcome be greater than the individual parts. >> Yeah, that's a good point. Yeah, make it make a commercial grade, if you will, for enterprise who wants to have support and consistency and whatnot. What other problems are you solving? Dan, can you chime in on the whole, how you guys resolve some of these challenges for the enterprise? Because, again, some stability is key as well, but also the business benefit has got to be there for the development teams. >> Yeah. So there's several. One aspect is that the way that most people operate today is they essentially do a bunch of commands and engage with systems. And then hopefully at the end, they write those things to Git. And this is a little bit backwards if you think about it because there's a situation where you can end up with things in production that were never checked in, or maybe somebody is operating and they're making a change. If we look at most of the downtime that's occurred over the last two years, it's because people have flubbed a key when they were typing in a command or something like that. The way that this system works is that we provide an interface, both the CLI and the GUI, where those operations interactions actually end with a Git commit. So rather than doing an operation and then hopefully committing to Git, most of the operations are actually done first in Git, or if there is something that can't be done first in Git, it's maybe bootstrapped and then committed to Git as part of a single command. So this means you have end-to-end traceability. It also means your auditability is way better. And then the second, the other component that we're adding is that security and scale layer. So we are securing these things, we're building in single sign-on, and all those robust security things you would expect to have across all these instances. So many organizations, when they're building their software delivery tools, they have to deploy instances in many locations. And so this is how you end up with companies that have 5,000 instances that are all out of date and insecure. Well with Codefresh, if you need to deploy a component onto this end cluster or something like that, you may have thousands of them. All of those are monitored and taken care of in a centralized way, so I can do all of my updates at once. I can make sure they're all up to date. I'm not running with a bunch of known CVEs or something like that and it's clear. The components are also designed in an architectural way. So that only the information that is needed is ever passed out. So I can have a cluster that is remotely managed, that checks out code, that the control plane never has access to. So this hybrid model has been really popular with our customers. We have customers in healthcare, we have customers in defense and in financial services, all these regulated industries. The flow of information is really critical. So this hybrid model allows you to deploy something that has the ease of a SaaS solution, but has the security of an on-prem solution while being centrally managed and easy to take care of. >> Yeah, it's a platform. It's what it is. It's not a tool. It's not a tool anymore. It's a platform. >> Exactly. >> I think the foundational aspect of this is critical. And you mentioned automation before. If you're going to go end-to-end automation, you have some stuff in the system that whether it hasn't been checked in yet. I mean, we know what this leads to. Disaster or a lot of troubleshooting and disruption. That's what it seems to solve. Am I getting that right? Is that right? >> Yeah. >> Go ahead. >> Yeah, it helps automate the whole process. But as you say, it's really like identify what needs not to be going all the way to production and really kind of avoid vulnerabilities or any flaws in the software. So it automates everything, but in a way that the automation can identify issues and avoid them from coming into the production. >> Well, great stuff here. I've got to ask you guys now that you've got that settled. It's really, I see the value there, how you guys are letting it grow organically and with Argo and then building that platform for businesses and developers. It's really cool. And I see the foundational value there. It just only gets better. How you guys contributing back to open source and helping the wider GitOps and Argo communities? Because this is, again, the rising tide that's bringing all the boats into the harbor, so to speak. So this is a good trend and people will acknowledge that. So how's this going to work as you guys work back into the open source community? >> So we work closely with both myself and the other maintainers worked closely with the community on the roadmap and making sure that we're addressing issues. I think if you look in the last quarter, we probably have upwards of 40 or 50 different issues that we've solved in terms of fixing a bug or adding features or things like that. So making sure that these tools, which are really the undergirding components of our platform, they have to be really robust. They have to be really strong. And so we're contributing those things back. And then when it comes to the scalability side, these are things that we can build into the platform. So the value should be really clear. I can deploy this, I can manage it myself, I can build tools on top of it. And if I want to start doing it at scale, maybe I want support. That's when I really am going to go to Codefresh and start saying, let's get the enterprise little platform. >> Awesome. GitOps, a lot of people like some naysayers may say, Hey, it's the latest fad. Is it here to stay? We were talking about big code earlier. GitOps, obviously seeing open source. Just every year, just get better and better and growth. I mean, I remember when I was breaking into the business, you have to sell under the table. Now it's all free and open and getting better every year. Just the growth of code. Is GitOps a fad? How do you talk to people who say that? I mean, besides slapping around saying wake up. I mean, how do you guys address that when people say it's just the latest fad? >> So if I may comment here and Dan feel free to chime in, I think that the GitOps is a continuation of a trend that everything is a source code. As a developer, many years ago myself and still writing code, always both code and code was the source of tool that's where we write the code. But now code actually is also describing how our application is running in production. And we've already seen kind of where it's get next. We also hear about infrastructure as a code. So now actually we storing the code the way the infrastructure should be. And I think that the benefit of storing all this configuration in a source code, which has been built to track changes, to be enabled to roll back, that is just going to be here to stay. And I think that's the new way of doing things. >> All right, gentlemen, great. Closing statements. Please share an update on the company. What it's all about? What event you got coming? I know you got a big launch. Can you take us through? Take us home. >> Join on February 1st, we're going to be launching the Codefresh software delivery platform. Raziel and I will be hosting the event. We've got a number of customers, a number of members of the community who are going to be joining us to show off that platform. So you're going to be able to see it in action, see how the features work, and understand the value of it. And you'll see how it works with GitOps. You'll see how it helps you deliver software at scale. That's February 1st. You can get information at codefresh.io. >> Raziel, Dan, thanks for coming on. >> Thank you. >> Pretty good showcase. Thanks for sharing. Congratulations. Great venture. Loved the approach. Love the growth in cloud native and you guys sure on the cutting edge. Fresh code, people love fresh code, codefresh.io. Thanks for coming on. >> Thank you. Thank you. >> Okay, this is the AWS Startup Showcase Open Cloud Innovations. Cloud scale, software, data. That's the future of modern applications being developed, changing the game to the next level. This is the CUBE's coverage season two episode one of the ongoing AWS Startup series here in theCUBE.

(upbeat music) >> Hey, welcome back to theCubes coverage of Red Hat Summit 2021 virtual, I'm John Furry hosts of theCube, Cube Virtual. We're remote, we're not in person this year. Like last year, soon, we'll be back in person. We've got a great guest here, Mark Potts, managing director at Accenture for the Red Hat relationship. Mark, great to see you. Thanks for coming on theCube. >> Hey, thanks for having me John. I really appreciate it. >> Yeah, we've been covering pretty extensively throughout this event, as well as you know the many, many years, the impact of cloud computing. Obviously, you guys have a really big strategic relation with IBM and now Red Hat, Red Hat's part of IBM. It's pretty clear that, you know, that Red Hats got this operating system mindset of open source and, you know, innovation. It's extending into cloud, cloud native, and edge, distributed computing. That's kind of in their DNA if you will, distributed computing and system software and open source, kind of the perfect storm. So, really interesting as this enables new services you guys are on the front lines working with the biggest companies in the world as the global businesses is changing. So, I want to get your take on Red Hat and what you guys are doing together, but first give a quick overview of the center role with Red Hat, your role there and what you do. >> Yeah, thanks. Perfect John. So Mark Potts, as you mentioned I'm the managing director responsible for our global business with Red Hat and our partnership with Red Hat. As you probably saw in our announcements last Fall, around the September timeframe, Accenture made a very large, bold announcement about forming a new cloud first business unit within Accenture. And so we're going to invest $3 billion into that business unit. We're going to dedicate 70 over 70,000 people worldwide to that business unit and that cloud first initiative. And as part of that cloud fishing first initiative we've also developed our new hybrid cloud strategy. And we're looking for new partners and existing partners to help us grow in that hybrid cloud strategy, not hybrid cloud business. We see Red Hat as a very important partner in that business. And as you mentioned there, they've also been, you know, in the distributed computing for a long time. We also see them as a partner for clients that are lifting and shifting and migrating to the cloud on RHEL, like SAP and other workloads like that. And I'm excited to talk to you today about OpenShift, and Ansible, and all those great technologies that Red Hat brings to the table for our hybrid cloud approach and strategy. >> That's awesome. Great investment. And I love Paul coming in that you were saying on his keynote, you know, every CIO should be a cloud operator. I mean, running business at scale this is what hybrid cloud is all about. And so with your new hybrid cloud strategy and the formation of the new business group at Accenture what kind of challenges are you guys looking to solve? What are the opportunities that you're seeing for companies? How do you guys solve those challenges? What do you, what are you guys looking at right now? >> Yeah, that's a great question. As you mentioned, the keynote. So, Karthik Laredo actually runs our cloud first business was actually part of that keynote with Larry Slack as well, or Larry Stack, sorry, as well. And so he mentioned in his keynote something called the cloud continuum, right? And so historically Accenture has been working with our partner on cloud native development moving to about 20 to 25% of the existing workloads in the data center, the easy stuff to the cloud, right? But now we realize that there's a need for the hybrid cloud. There's a need to modernize, maybe on premise, there's a need to maybe modernize in the cloud one way or the other. And then we also look at the holistic view of cloud, on-prem, edge. And that's what Karthik is talking about when he's talking about the, the cloud continuum. And that's a very important part of our strategy within Accenture, and OpenShift really helps us meet those needs. So if a client is a little bit nervous about taking some of those complex workloads but they want a modernize and they want to use the latest and greatest cloud native technologies but they want to do it on-prem and move to the cloud a little bit later they can do that with OpenShift, right? And Red Hat. That's a great platform for that. Maybe it's a client that wants to lift and shift and get to the cloud as soon as possible, close their data centers save that cost of money and then modernize later, but they don't want to necessarily be locked and want to be locked into one cloud provider. Again, OpenShift is great for that. Take those legacy workloads that you move to the public cloud, modernize them on Red Hat OpenShift maybe it's Rosa on AWS, maybe it's aro on Azure. And then when you're ready to you can move those to any other public cloud, if you'd like to, when, when you're ready to, right. And that whole control plan as we call it, being able to see across public cloud, on-prem, the edge is really important for our story and our strategy, and Red Hat OpenShift, and Red Hat Satellite. And those technologies bring a lot to the table for us to meet those needs of our clients and our customers. >> That's great insight there, Mark. I really appreciate that. And one of the things brought up when he was saying that I was thinking to myself, okay, the cloud conversation has many evolutions and, you know, go back five years. It was all moved to the cloud. Everyone was moving to the cloud. That was the big discussion point. Now it's, you know, enterprise ready the cloud get that next level of scale. And as you know, in the enterprise everything we do all everything complicated is a lot of legacy and is existing stuff. So this, you know, this, this is the next enterprise at scale is the conversation that includes hybrid multi-cloud or running on that, on the horizon. So with that, can you expand on what you mean by this cloud continuum that you refer to, that essentially refers to and what is needed to make it a reality for customers? >> Yeah, I mean, what's really needed is the latest greatest in hybrid cloud technology like OpenShift and what Red Hat brings to the table, right. It's also new skills and new capabilities, and, and policy management and those types of things that are important for our company to decide when they're ready to move those workloads to the cloud, right. They need the ability to see across their entire infrastructure. Like I mentioned earlier, whether that be a public cloud provider, whether that in their existing data center, in a colo, or on the, in the edge, like in a retail store or something like that, they need, we need the ability to see across those, that seeing all that infrastructure is a single control plane. So we can manage and know where things are to feel confident about security and everything with our clients. The other big thing that we need is skills. Skills to, you know, build the migration, the modernization, and more importantly, the interaction and integration into legacy workloads like the mainframe, for example, Accentures got a lot of use cases, leveraging Red Hat OpenShift for our cloud coupling solution, where we interact and build new applications that connect to the mainframe sitting right next to the mainframe but their new digital mobile applications, web applications that can be quickly modified and deployed in, into production at a rapid pace. Right, and so when we look at everything that's needed, it's skills, it's technology partners like Red Hat, and then it's, it's really building assets and offerings to help make that journey for our clients better, and, and secure. >> We just found out here at the event that you guys at Accenture had been recognized as Red Hats, global systems integrated partner of the year for North America, congratulations on that. What do you see as some of the key reasons for the recognition? Was there anything that they called out in particular? Obviously you guys have a great track record well-known brand you've known for, you know, creating a lot of value for companies as they do digital transformation. What's the, what's the recognition for this year? >> Yeah, we're super excited about this, right. I mean, this is, we've been partners with Red Hat for a long time. I think we were one of the first system integrators, if not the first system integrators to partner with Red Hat many years ago. Right, so, to get this award, and get it for the first time, is super exciting for us. Right, and so we're very grateful for that recognition and opportunity. You know, I think what really, what really, what got us the recognition for this award was really the effort we put into our partnership over the last 12 to 24 months, right. We had had a really big business in Europe with GDPR and, and the risk averse of going to the public cloud in Europe. OpenShift and Red Hat really had taken off. In North America our business was lagging behind Europe and we significantly invested with Red Hat and new offerings and new clients and new people, right. New talent to build a better business and partnership in North America. You know, I think a lot of the things that we got recognized with were what I mentioned earlier some of our cloud coupling solutions for an insurance client in North America where we're building cloud native applications on Red Hat OpenShift sitting next to the mainframe we're building new cloud, cloud native applications for our transportation company in, in the South region of the US right? So it's really that business transformation work that we're doing working with the legacy, but building new core applications for our customers that are truly portable, nimble and agile, and they can use to get speeds to the market and get to the cloud. >> Cloud first organization you guys are investing billions of dollars, 3 billion. That was referenced. I saw an article. I think we covered it as well on (mumbles). Congratulations, cloud first also implies that cloud native is going to be there. Mark, in all your years in the industry talk about from your personal perspective and even from Accentures, the, the shift that's happening because it's almost mind blowing what's going on in the sense of so fast this is accelerated, even the pandemic exactly accelerate even further. The opportunities that were, that are available now that weren't there before and what it's done to the project timelines and what it's done as a forcing function. Could you share your view on the reality of the current situation and opportunities for companies to take advantage of that wave? >> Yeah, and, and I think Accentures done a great job talking about this recently, even from our C-suite down, right. And Karthik we'll mention, has mentioned this as well in his keynote. I mean, we are seeing an acceleration to get to the cloud that was completely unplanned for us. I think the, the numbers I heard was we thought most clients are going to get to the cloud in eight to 10 years and be fully in the cloud in eight to 10 years. But that's accelerated with COVID and the pandemic, right. We're looking at four to five years we think most of our clients will be in a majority of their, their infrastructure and everything, a new, a new applications and legacy applications will be in the cloud. Right, so the, the, the change and the impact of the pandemic had, had a significant impact on our customers and their need to, to, to get to the cloud. We've even seen those that were leaders in the cloud journey accelerate even more, right. And, and they're being rewarded for that acceleration. Right, a lot of our customers that were first to cloud are seeing the benefits and seeing the, the, the ability to scale and for the pandemic, like, like a lot of our customers in the, in the US in particular. And I think OpenShift is going to help them, help us with that, right, And, and Red Hat in particular. And let's not be lost on the fact that Realms is a great product out there as well. We have many of our clients that are running SAP on Realm and that lift and shift and moving SAP to Azure or AWS or Google or something like that is, is a viable solution for our, to help accelerate our customers as they expand, right. We've seen internationally a lot of our customers that have been really focused just in their local region are now expanding their business outwards, and now they need to get to the clouds to be able to expand those businesses. >> You know it's interesting Mark, just as we're talking, just, you know thinking about my experience over the years in the computer industry everything had to display something else, disrupt something, you know, the mainframes were disrupted by client server. Now we're living in an era where with the containers and microservices and service meshes and cloud native technologies you can embrace existing legacy and abstract away some of the complexity on the integration side, right? So you don't have to kill the old to bring in the new. And I think this phenomenon has opened up a new class of services and, you know the people I talk to and interview the leaders in the industry all have the same kind of view. And the ones that stand out are the ones that recognize that the operating system of business will be software. And that software hasn't yet been built in clouds. The beginning, it's not just one cloud. So I think what's interesting about Red Hat is that their operating system people you almost to see, you know, Arvin kind of snapping the lines and kind of cornering the market on the operating system for business and applications then are a thousand flowers that bloom from that. So, very interesting take here again. That's my opinion. I don't think they've said that formally but if you look at it, that's kind of what's going on. What's your reaction to that? >> I think you're a hundred percent, right. I mean, it, you know, I, I also carry a little bit of the responsibility on the IBM side. And you mentioned mainframe and I've mentioned mainframe a handful of times, right? There's a lot of customers that have this legacy estate like the mainframe in particular but they need to be nimble. Right, they need to be agile and mainframe is a challenge sometimes around that. Right, and so to your point creating those applications that participate with the mainframe allowed the mainframe to participate better with these cloud native applications and these new digital transformation applications is a very key component to it. And so I, a hundred percent agree with with everything you said. And I think, I think we're going to see more around this operating system type software. And I, you almost, to an extent, you you kind of view Red Hat OpenShift as kind of that new operating system, right? And you look at some of the announcements that Red Hat has made around Palentier, right, and adding Palentier and ISV to their marketplace to allow customers that are bought OpenShift or make it easy for clients to buy Red Hat OpenShift, and then bring in these ISVs that have been certified, they're secure, they're easy to consume and buy it through Red Hats marketplaces is very exciting and very interesting, and very easy to do, right. Once you get that Red Hat OpenShift layer in there, that operating system and now you're bringing in products all over the place, right. And, and all the new stuff. And I think we're going to see a lot more of those announcements during summit as well. >> Yeah, I think it was a 20 year run here. It's trillions of dollars as it's been forecasted. Mark, great to have you on. Super valuable resource. Great insight! While we got you here let's get a quick free consulting a minute here for the customers watching. What's your advice. I need some help here. I'm going to go to the cloud. I want a good, I want enough headroom so I can grow into I want to foreclose any opportunities. I want to move to the cloud. I want to have a hybrid distributed computing architecture. I want to program my business. I want infrastructure as code. I want dev sec ops. What's my playbook? What should I do? >> So Accenture's got a real smart approach and strategy around us. We leveraged an, an assessment approach really to look at what's in your what's in your data center today and what, what you have from an infrastructure and application standpoint, there should be-- We have a seminar where it's can completely rewrite an application, and we would apply those six hours or seven hours to that assessment to help you figure out the disposition of your applications and your infrastructure to figure out what is the right cloud. What's the right journey. I mean, we talked about, you know the mainframe and mainframe being an anchor in a lot of our client's data centers, right. How do we move those applications that have data gravity challenges to those legacy applications, to the cloud. How do we consider that? So the right way to do it is take a holistic approach. Do the assessment, do the disposition of your applications. And then let's let Accenture put together a full plan of how we would migrate you incidents into the public cloud. >> Mark FOS, managing director of Accenture. Congratulations on your North America award, partner of the year. And also awesome to hear. And we've been covering again cloud first. Totally believe it, great investment. That's going to pay back huge dividends for you guys and you know, having the hybrid, which is pretty much determined as a fact now in the industry. Congratulations, thanks for coming on. >> Perfect, thanks, and thanks for having me, and thank you Red Hat for the award. Really appreciate it. And look forward to talking to you soon. >> All right, this is theCubes coverage of Red Hat summit, 2021, virtual. This is the Cube virtual, I'm John Furry, your host. Thanks for watching.

>> Hello, everyone. I'm Khalil Ahmad, Senior Director, Architecture at S&P Global. I have been working with S&P Global for six years now. Previously, I worked for Citigroup and Prudential. Overall, I have been part of IT industry for 30 years, and most of my professional career has been within financial sector in New York City metro area. I live in New Jersey with my wife and son, Daniel Khalil. I have a Master degree in software engineering from the University of Scranton, and Master in mathematics University of Punjab, Lahore. And currently I am pursuing TRIUM global Executive MBA. A joint program from the NYU Stern, LSE and HEC Paris. So today, I'm going to talk about building multi-cluster scalable container platform, supporting on-prem hybrid and multicloud use cases, how we leverage that with an S&P Global and what was our best story. As far as the agenda is concerned, I will go over, quickly the problem statement. Then I will mention the work of our core requirements, how we get solutioning, how Docker Enterprise helped us. And at the end, I will go over the pilot deployment for a proof of concept which we leverage. So, as far as the problem statement is concerned. Containers, as you all know, in the enterprise are becoming mainstream but expertise remains limited and challenges are mounting as containers enter production. Some companies are building skills internally and someone looking for partners that can help catalyze success, and choosing more integrated solutions that accelerate deployments and simplify the container environment. To overcome the challenges, we at S&P Global started our journey a few years back, taking advantage of both options. So, first of all, we met with all the stakeholder, application team, Product Manager and we define our core requirements. What we want out of this container platform, which supports multicloud and hybrid supporting on-prem as well. So, as you see my core requirements, we decided that we need first of all a roadmap or container strategy, providing guidelines on standards and specification. Secondly, with an S&P Global, we decided to introduce Platform as a Service approach, where we bring the container platform and provide that as a service internally to our all application team and all the Product Managers. Hosting multiple application on-prem as well as in multicloud. Third requirement was that we need Linux and Windows container support. In addition to that, we would also require hosted secure image registry with role based access control and image security scanning. In addition to that, we also started DevOps journey, so we want to have a full support of CI/CD pipeline. Whatever the solution we recommend from the architecture group, it should be easily integrated to the developer workstation. And developer workstation could be Windows, Mac or Linux. Orchestration, performance and control were few other parameter which we'll want to keep in mind. And the most important, dynamic scaling of container clusters. That was something we were also want to achieve, when we introduce this Platform as a Service. So, as far as the standard specification are concerned, we turn to the Open Container Initiative, the OCI. OCI was established in June 2015 by Docker and other leaders in the technology industry. And OCI operates under Linux Foundation, and currently contains two specification, runtime specification and image specification. So, at that time, it was a no brainer, other than to just stick with OCI. So, we are following the industry standard and specifications. Now the next step was, okay, the container platform. But what would be our runtime engine? What would be orchestration? And how we support, in our on-prem as well as in the multicloud infrastructure? So, when it comes to runtime engine, we decided to go with the Docker. Which is by default, runtime engine and Kubernetes. And if I may mention, DataDog in one of their public report, they say Docker is probably the most talked about infrastructure technology for the past few years. So, sticking to Docker runtime engine was another win-win game and we saw in future not bringing any challenge or issues. When it comes to orchestration. We prefer Kubernetes but that time there was a challenge, Kubernetes did not support Windows container. So, we wanted something which worked with a Linux container, and also has the ability or to orchestrate Windows containers. So, even though long term we want to stick to Kubernetes, but we also wanted to have a Docker swarm. When it comes to on-prem and multicloud, technically you could only support as of now, technology may change in future, but as of now, you can only support if you bring your own orchestration too. So, in our case, if we have control over orchestration control and not locked in with one cloud provider, that was the ideal situation. So, with all that, research, R&D and finding, we found Docker Enterprise. Which is securely built, share and run modern applications anywhere. So, when we come across Docker Enterprise, we were pleased to see that it meets our most of the core requirements. Whether it is coming on the developer machine, to integrating their workstation, building the application. Whether it comes to sharing those application, in a secure way and collaborating with our pipeline. And the lastly, when it comes to the running. If we run in hybrid or multicloud or edge, in Kubernetes, Docker Enterprise have the support all the way. So, three area one I just call up all the Docker Enterprise, choice, flexibility and security. I'm sure there's a lot more features in Docker Enterprise as a suite. But, when we looked at these three words very quickly, simplified hybrid orchestration. Define application centric policies and boundaries. Once you define, you're all set. Then you just maintain those policies. Manage diverse application across mixed infrastructure, with secure segmentation. Then it comes to secure software supply chain. Provenance across the entire lifecycle of apps and infrastructure through enforceable policy. Consistently manage all apps and infrastructure. And lastly, when it comes to infrastructure independence. It was easily forever lift and shift, because same time, our cloud journey was in the flight. We were moving from on-prem to the cloud. So, support for lift and shift application was one of our wishlist. And Docker Enterprise did not disappoint us. It also supported both traditional and micro services apps on any infrastructure. So, here we are, Docker Enterprise. Why Docker Enterprise? Some of the items in previous slides I mentioned. But in addition to those industry-leading platform, simplifying the IT operations, for running modern application at scale, anywhere. Docker Enterprise also has developer tools. So, the integration, as I mentioned earlier was smooth. In addition to all these tools, the main two components, the Universal Control Plane and the Docker Trusted Registry, solve lot of our problems. When it comes to the orchestration, we have our own Universal Control Plane. Which under the hood, manages Kubernetes and Docker swarm both clusters. So, guess what? We have a Windows support, through Docker swarm and we have a Linux support through Kubernetes. Now that paradigm has changed, as of today, Kubernetes support Windows container. So, guess what? We are well after the UCP, because we have our own orchestration tool, and we start managing Kubernetes cluster in Linux and introduce now, Windows as well. Then comes to the Docker Trusted Registry. Integrated Security and role based access control, made a very smooth transition from our RT storage to DTR. In addition to that, binary level scanning was another good feature from the security point of view. So that, these all options and our R&D landed the Docker Enterprise is the way to go. And if we go over the Docker Enterprise, we can spin up multiple clusters on-prem and in the cloud. And we have a one centralized location to manage those clusters. >> Khalil: So, with all that, now let's talk about how what was our pilot deployment, for proof of concept. In this diagram, you can see we, on the left side is our on-prem Data Center, on the right side is AWS, US East Coast. We picked up one region three zones. And on-prem, we picked up our Data Center, one of the Data Center in the United States of America, and we started the POC. So, our Universal Control Plane had a five nodes cluster. Docker Trusted Registry, also has a five node cluster. And the both, but in our on-prem Data Center. When it comes to the worker nodes, we have started with 18 node cluster, on the Linux side and the four node cluster on the Windows side. Because the major footprint which we have was on the Linux side, and the Windows use cases were pretty small. Also, this is just a proof of concept. And in AWS, we mimic the same web worker nodes, virtual to what we have on-prem. We have a 13 nodes cluster on Linux. And we started with four node cluster of Windows container. And having the direct connect from our Data Center to AWS, which was previously existing, so we did not have any connectivity or latency issue. Now, if you see in this diagram, you have a centralized, Universal Control Plane and your trusted registry. And we were able to spin up a cluster, on-prem as well as in the cloud. And we made this happen, end to end in record time. So later, when we deploy this in production, we also added another cloud provider. So, what you see the box on the right side, we just duplicate test that box in another cloud platform. So, now other orchestration tool, managing on-prem and multicloud clusters. Now, in your use case, you may find this little, you know, more in favor of on-prem. But that fit in our use case. Later, we did have expanded the cluster of Universal Control Plane and DTR in the cloud as well. And the clusters have gone and hundreds and thousands of worker nodes span over two cloud providers, third being discussed. And this solution has been working so far, very good. We did not see any downtime, not a single instance. And we were able to provide multicloud platform, container Platform as a Service for our S&P Global. Thank you for your time. If any questions, I have put my LinkedIn and Twitter account holder, you're welcome to ask any question

>>from New York. It's the Q covering Escape. 19. >>Welcome back to the Cube coverage here in New York City for the first inaugural multi cloud conference called Escape, where in New York City was staying in New York, were not escaping from New York were in New York. It's all about multi Cloud, and we're here. Lisa Marie Nancy, developer advocate for Port Works, and Eric Conn, vice president of Products Works. Welcome back. Q. >>Thank you, John. Good to see >>you guys. So, um, whenever the first inaugural of anything, we want to get into it and find out why. Multi clouds certainly been kicked around. People have multiple clouds, but is there really multi clouding going on? So this seems to be the theme here about setting the foundation, architecture and data of the two kind of consistent themes. What shared guys take Eric, What's your take on this multi cloud trend? Yeah, >>I think it's something we've all been actively watching for a couple years, and suddenly it is becoming the thing right? So every we just had ah, customer event back in Europe last week, and every customer there is already running multi cloud. It's always something on their consideration. So there's definitely it's not just a discussion topic. It's now becoming a practical reality. So this event's been perfect because it's both the sense of what are people doing, What are they trying to achieve and also the business sense. So it's definitely something that is not necessarily mainstream, but it's becoming much more how they're thinking about building all their applications. Going forward, >>you know, you have almost two camps in the world. Want to get your thoughts on this guy's Because, like you have cloud native and people that are cloud native, they love it. They born the cloud that get it. Everything's cracking along. The developers air on Micro Service's They're agile train with their own micro service's. Then you got the hybrid I t. Trying to be hybrid developer, right? So you kind of have to markets coming together. So to me, I see multi cloud as kind of a combination of old legacy Data center types of I t with cloud native, not just ops and dead. But how about like trying to build developer teams inside enterprises? This seems to be a big trend, and multi club fits into that because now the reality is that I got azure. I got Amazon. Well, let's take a step back and think about the architecture. What's the foundation? So that to me, is more my opinion. But I want to get your thoughts and reactions that because if it's true, that means some new thinking has to come around around. What's the architecture? What are you trying to do? What's the workloads behavior outcome look like? What's the work flows? So there's a whole nother set of conversations that happened. >>I agree. I think the thing that the fight out there right now that we want to make mainstream is that it's a platform choice, and that's the best way to go forward. So it's still an active debate. But the idea could be I want to do multi club, but I'm gonna lock myself into the Cloud Service is if that's the intent or that's the design architecture pattern. You're really not gonna achieve the goals we all set out to do right, So in some ways we have to design ourselves or have the architecture that will let us achieve the business schools that were really going for and that really means from our perspective or from a port works perspective. There's a platform team. That platform team should run all the applications and do so in a multi cloud first design pattern. And so from that perspective, that's what we're doing from a data plan perspective. And that's what we do with Kubernetes etcetera. So from that idea going forward, what we're seeing is that customers do want to build a platform team, have that as the architecture pattern, and that's what we think is going to be the winning strategy. >>Thank you. Also, when you have the definition of cod you have to incorporate, just like with hybrid I t the legacy applications. And we saw that you throughout the years those crucial applications, as we call them People don't always want them to refer to his legacy. But those are crucial applications, and our customers were definitely thinking about how we're gonna run those and where is the right places it on Prem. We're seeing that a lot too. So I think when we talk about multi cloud, we also talk about what What is in your legacy? What is it? Yeah, I >>like I mean I use legacy. I think it's a great word because I think it really puts nail in the coffin of that old way because remember, if you think about some of the large enterprises, these legacy applications, they've been optimized for hardware and optimize their full stack. They've been build up from the ground up, so they're cool. They're running stuff, but it doesn't always translate to see a new platform designed point. So how do you mean Containers is great fit for their Cooper names. Obviously, you know is the answer. We you guys see that as well, but okay, I can keep that and still get this design point. So I guess what I want to ask you guys, as you guys are digging into some of the customer facing conversations, what are they talking about? The day talking about? The platform? Specifically? Certainly, on the security side, we're seeing everyone running away from buying tools to thinking about platforms. What's the conversation like on the cloud side >>way? Did a talk are multiplied for real talk at Barcelona? Q. Khan put your X three on Sudden. Andrew named it for reals of Izzy, but we really wanted to talk about multiplied in the real world. And when we said show of hands in Barcelona, who's running multi cloud? It was very, very few. And this was in, what, five months? Four months ago? Whereas maybe our customers are just really super advanced because of our 100 plus customers. At four words, we Eric is right. A lot of them are already running multi cloud or if not their plan, in the planning stage right now. So even in the last +56 months, this has become a reality. And we're big fans of communities. I don't know if you know Eric was the first product manager for Pernetti. Hey, he's too shy to say it on Dhe. So yeah, and we think, you know, and criminal justice to be the answer to making all They caught a reality right now. >>Well, I want to get back into G, K, E and Cooper. Very notable historic moment. So congratulations, But to your point about multi cloud, it's interesting because, you know, having multiple clouds means things, right? So, for instance, if I upgrade to office 3 65 and I kill my exchange server, I'm essentially running azure by their definition. If I'm building it, stack on AWS. I'm a native, this customer. Let's just say I want to do some tensorflow or play with big table or spanner on Google. Now >>we have three >>clouds now they're not. So they have work clothes, specific objectives. I am totally no problem. I see that like for the progressive customers, some legacy be to be people who like maybe they put their toe in the cloud. But anyone doing meaningful cloud probably has multiple clouds. But that's workload driven when you get into tying them together and is interesting. And I think that's where I think you guys have a great opportunity in this community because if open source convene the gateway to minimize the lock in and when I say lock and I mean like locking them propriety respect if his value their great use it. But if I want to move my data out of the Amazon, >>you brought up so many good points. So let me go through a few and Lisa jumping. I feel like locking. People don't wanna be locked >>in at the infrastructure level. So, like you said, if >>there's value at the higher levels of Stack, and it helps me do my business faster. That's an okay thing to exchange, but it is just locked in and it's not doing anything. They're that's not equal exchange, right, So there's definitely a move from infrastructure up the platform. So locking in >>infrastructure is what people are trying to move away from. >>From what we see from the perspective of legacy, there is a lot of things happening in industry that's pretty exciting of how legacy will also start to running containers. And I'm sure you've seen that. But containers being the basis you could run a BM as well. And so that will mean a lot for in terms of how V EMS can start >>to be matched by orchestrators like kubernetes. So that is another movement for legacy, and I wanted to acknowledge that point >>now, in terms of the patterns, there are definitely applications, like a hybrid pattern where connect the car has to upload all its data once it docks into its location and move it to the data center. So there are patterns where the workflow does move the ups are the application data between on Prem into a public cloud, for instance, and then coming back from that your trip with Lisa. There is also examples where regulations require companies to enterprise is to be able to move to another cloud in a reasonable time frame. So there's definitely a notion of Multi Cloud is both an architectural design pattern. But it's also a sourcing strategy, and that sourcing strategy is more regulation type o. R. In terms of not being locked in. And that's where I'm saying it's all those things. I'd >>love to get your thoughts on this because I like where you're going with this because it kind of takes it to a level of okay, standardization, kubernetes nights, containers, everyone knows what that is. But then you start talking about a P I gateways, for instance, right? So if I'm a car and I have five different gateways on my device, I ot devices or I have multiple vendors dealing with control playing data that could be problematic. I gotta do something like that. So I'm starting. Envision them? I just made that news case up, but my point is is that you need some standards. So on the a p I side was seeing some trends there. One saying, Okay, here's my stuff. I'll just pass parameters with FBI State and stateless are two dynamics. What do you make of that? What, What? What has to happen next to get to that next level of happiness and goodness? Because Bernays, who's got it, got it there, >>right? I feel that next level. I feel like in Lisa, Please jump. And I feel like from automation perspective, Kubernetes has done that from a P I gateway. And what has to happen next. There's still a lot of easy use that isn't solved right. There's probably tons of opportunities out there to build a much better user experience, both from the operations point of view and from what I'm trying to do is an intense because what people aren't gonna automate right now is the intent. They automate a lot of the infrastructure manual tasks, and that's goodness. But from how I docked my application, how the application did it gets moved. We're still at the point of making policy driven, easy to use, and I think there's a lot of opportunities for everyone to get better there. That's like low priority loving fruitcake manual stuff >>and communities was really good at the local food. That's a really use case that you brought up. Really. People were looking at the data now and when you're talking about persistent mean kun is his great for stateless, but for state full really crucial data. So that's where we really come in. And a number of other companies in the cloud native storage ecosystem come in and have really fought through this problem and that data management problem. That's where this platform that Aaron was talking to that >>state problem. Talk about your company. I want to go back to to, um, Google Days. Um, many war stories around kubernetes will have the same fate as map reduce. Yeah, the debates internally at Google. What do we do with it? You guys made the good call. Congratulations on doing that. What was it like to be early on? Because you already had large scale. You were already had. Borg already had all these things in place. Um, it wasn't like there was what was, >>Well, a few things l say one is It was intense, right? It was intense in the sense that amazing amount of intelligence amazing amount of intent, and right back then a lot of things were still undecided, right? We're still looking at how containers or package we're still looking at how infrastructure kit run and a lot of service is were still being rolled out. So what it really meant is howto build something that people want to build, something that people want to run with you and how to build an ecosystem community. A lot of that the community got was done very well, right? You have to give credit to things like the Sig. A lot of things like how people like advocates like Lisa had gone out and made it part of what they're doing. And that's important, right? Every ecosystem needs to have those advocates, and that's what's going well, a cz ah flip side. I think there's a lot of things where way always look back, in which we could have done a few things differently. But that's a different story for different. Today >>I will come back in the studio Palop of that. I gotta ask you now that you're outside. Google was a culture shock. Oh my God! People actually provisioning software provisioning data center culture shock when there's a little >>bit of culture shock. One thing is, and the funny thing is coming full circle in communities now, is that the idea of an application? Right? The idea of what is an application eyes, something that feels very comfortable to a lot of legacy traditional. I wanna use traditional applications, but the moment you're you've spent so much time incriminates and you say, What's the application? It became a very hard thing, and I used to have a lot of academic debates. Where is saying there is no application? It's It's a soup of resources and such. So that was a hard thing. But funny thing is covered, as is now coming out with definitions around application, and Microsoft announced a few things in that area to so there are things that are coming full circle, but that just shows how the movement has changed and how things are becoming in some ways meeting each other halfway. >>Talk about the company, what you guys are doing. Take a moment. Explain in context to multi cloud. We're here. Port works. What's the platform? It's a product. What's the value proposition? What's the state of the company. >>So the companies? Uh well, well, it's grown from early days when Lisa and I joined where we're probably a handful now. We're in four or five cities. Geography ease over 100 people over 150 customers and there. It's been a lot of enterprises that are saying, like, How do I take this pattern of doing containers and micro service is And how do I run it with my mission? Critical business crinkle workloads. And at that point, there is no mission critical business critical workload that isn't stable so suddenly they're trying to say, How do I run These applications and containers and data have different life cycles. So what they're really looking for is a data plane that works with the control planes and how controlled planes are changing the behavior. So a lot of our technology and a lot of our product innovation has been around both the data plane but a storage control plane that integrates with a computer controlled plane. So I know we like to talk about one control plane. There's actually multiple control planes, and you mentioned security, right? If I look at how applications are running way after now securely access for applications, and it's no longer have access to the data. Before I get to use it, you have to now start to do things like J W. T. Or much higher level bearer tokens to say, I know how to access this application for this life cycle for this use case and get that kind of resiliency. So it's really around having that storage. More complexity absolutely need abstraction >>layers, and you got compute. Look, leading work there. But you gotta have >>software to do it from a poor works perspective. Our products entirely software right down loans and runs using kubernetes. And so the point here is we make remarries able to run all the staple workloads out of the box using the same comment control plane, which is communities. So that's the experiences that we really want to make it so that Dev Ops teams can run anywhere close. And that's that's in some ways been part of the mix. Lisa, >>we've been covering Dev up, going back to 2010. Remember when I first was hanging around San Francisco 2008 joint was coming out the woodwork and all that early days and you look at the journey of how infrastructures code We talked about that in 2008 and now we'll get 11 years later. Look at the advancements you've been through this now The tipping point. It's just seems like this wave is big and people are on it. The developers air getting it. It's a modern renaissance of application developers, and the enterprises it's happening in the enterprise is not just like the nerds Tier one, the Alfa Geeks or >>the Cloud native. It's happening in the >>everyone's on board this time, and you and I have been in the trenches in the early stages of many open source projects. And I think with with kubernetes Arab reference of community earlier, I'm super proud to be running the world's largest CNC F for user group. And it's a great community, a diverse community, super smart people. One of my favorite things about working for works is we have some really smart engineers that have figured out what companies want, how to solve problems, and then we'll go creative. It'll open source projects. We created a project called autopilot, really largely because one of our customers, every who's in the G s space and who's running just incredible application. You can google it and see what the work they're doing. It's all there publicly, Onda We built, you know, we built an open source project for them to help them get the most out of kubernetes. We can say so. There's a lot of people in the community system doing that. How can we make communities better halfway make commitments, enterprise grade and not take years to do that? Like some of the other open source projects that we worked on, it took. So it's a super exciting time to be here, >>and open source is growing so fast now. I mean, just think about how these projects being structured. Maur and Maur projects are coming online and user price, but a lot more vendor driven projects to use be mostly and used, but now you have a lot of vendors who are users. So the line is blurring between Bender User in Open source is really fascinating. >>Well, you look at the look of the landscape on the C N. C f. You know the website. I mean, it's what 400 that are already on board. It's really important. >>They don't have enough speaking slasher with >>right. I know, and it's just it. It is users and vendors. Everybody's in this community together. It's one of things that makes it super exciting. And it it's how we know this is This was the right choice for us to base this on communities because that's what everybody, you guys >>are practically neighbors. So we're looking for seeing the studio. Palo Alto Eric, I want to ask you one final question on the product side. Road map. What you guys thinking As Kubernetes goes, the next level state, a lot of micro service is observe abilities becoming a key part of it, Obviously, automation, configuration management things are developing fast. State. What's the What's the road map for you guys? >>For us, it's been always about howto handle the mission critical and make that application run seamlessly. And then now we've done a lot of portability. So disaster recovery has been one of the biggest things for us is that customers are saying, How do I do a hybrid pattern back to your earlier question of running on Prem and in Public Cloud and do a d. R. Pale over into some of the things at least, is pointing out that we're announcing soon is non series autopilot in the idea, automatically managing applications scale from a volume capacity. And then we're actually going to start moving a lot more into some of the what you do with data after the life cycle in terms of backup and retention. So those are the things that everyone's been pushing us and the customers are all asking for. You >>know, I think data they were back in recovery is interesting. I think that's going to change radically. And I think we look at the trend of how yeah, data backup and recovery was built. It was built because of disruption of business, floods, our gains, data center failure. But I think the biggest disruptions ransomware that malware. So security is now a active disruptor. So it's not like it after the hey, if we ever have, ah, fire, we can always roll back. So you're infected and you're just rolling back infected code. That's a ransomware dream. That's what's going on. So I think data protection it needs to be >>redefined. What do you think? Absolutely. I think there's a notion of How do I get last week's data last month? And then oftentimes customers will say, If I have a piece of data volume and I suddenly have to delete it, I still need to have some record of that action for a long time, right? So those are the kinds of things that are happening and his crew bearnaise and everything. It gets changed. Suddenly. The important part is not what was just that one pot it becomes. How do I reconstruct everything? What action is not one thing. It's everywhere. That's right and protected all through the platform. If it was a platform decision, it's not some the cattlemen on the side. You can't be a single lap. It has to be entire solution. And it has to handle things like, Where do you come from? Where is it allowed to go? And you guys have that philosophy. We absolutely, and it's based on the enterprises that are adopting port works and saying, Hey, this is my romance. I'm basing it on Kubernetes. You're my date a partner. We make it happen. >>This speaks to your point of why the enterprise is in. The vendors jumped in this is what people care about Security. How do you solve this last mile problem? Storage. Networking. How do you plug those holes in Kubernetes? Because that is crucial to our >>personal private moment. Victory moment for me personally, was been a big fan of Cuban is absolutely, you know, for years. Then there were created, talked about one. The moments that got me that was really kind of a personal, heartfelt moment was enterprise buyer. And, you know, the whole mindset in the Enterprise has always been You gotta kill the old to bring in the new. And so there's always been that tension of a you know, the shiny new toy from Silicon Valley or whatever. You know, I'm not gonna just trash this and have a migration za paying that. But for I t, they don't want that to do that. They hate doing migrations, but with containers and kubernetes that could actually they don't to end of life to bring in the new project. They can do it on their own timetable or keep it around. So that took a lot of air out of the tension in on the I t. Side because they say great I can deal with the lifecycle management, my app on my own terms and go play with Cloud native and said to me, that's like that was to be like, Okay, there it is. That was validation. That means this Israel because now they can innovate without compromising. >>I think so. And I think some of that has been how the ecosystems embrace it, right. So now it's becoming all the vendors are saying my internal stack is also based on community. So even if you as an application owner or not realizing it, you're gonna take a B M next year and you're gonna run it and it's gonna be back by something like awesome. Lisa >>Marie Nappy Eric on Thank you for coming on Port Works Hot start of multiple cities Kubernetes big developer Project Open Source. Talking about multi cloud here at the inaugural Multi cloud conference in New York City. It's the Cube Courage of escape. 2019. I'm John Period. Thanks for watching

>>from New York. It's the Q covering escape. 19. Hey, welcome back to the Cube coverage here in New York City for the first inaugural multi cloud conference called Escape. We're in New York City. Was staying in New York, were not escapee from New York were in New York. So about Multi Cloud. And we're here. Lisa Marie Nancy, developer advocate for report works, and Eric Conn, vice president of products. Welcome back with you. >>Thank you, John. >>Good to see you guys. So whenever the first inaugural of anything, we want to get into it and find out why. Multiplied certainly been kicked around. People have multiple clouds, but is there really multi clouding going on? So this seems to be the theme here about setting the foundation, architecture and data to kind of consistent themes. What's your guys take? Eric, What's your take on this multi cloud trend? >>Yeah, I think it's something we've all been actively watching for a couple years, and suddenly it is becoming the thing right? So every we just had a customer event back in Europe last week, and every customer there is already running multi cloud. It's always something on their consideration. So there's definitely it's not just a discussion topic. It's now becoming a practical reality. So this event's been perfect because it's both the sense of what are people doing, What are they trying to achieve and also the business sense. So it's definitely something that is not necessarily mainstream, but it's becoming much more how they're thinking about building all their applications Going forward. >>You know, you have almost two camps in the world to get your thoughts on this guy's because like you have a cloud native people that are cloud needed, they love it. They're born in the cloud that get it. Everything's bringing along. The developers are on micro service's They're agile train with their own micro service is when you got the hybrid. I t trying to be hybrid developer, right? So you kind of have to markets coming together. So to me, Essie multi Cloud as a combination of old legacy Data Center types of I t with cloud native not just optioned. It was all about trying to build developer teams inside enterprises. This seems to be a big trend, and multi cloud fits into them because now the reality is that I got azure, I got Amazon. Well, let's take a step back and think about the architecture. What's the foundation? So that to me, is more my opinion. But I want to get your thoughts and reactions that because if it's true, that means some new thinking has to come around around. What's the architecture, What we're trying to do? What's the workloads behavior outcome look like? What's the workflow? So there's a whole nother set of conversations. >>Yeah, that happened. I agree. I think the thing that the fight out there right now that we want to make mainstream is that it's a platform choice, and that's the best way to go forward. So it's still an active debate. But the idea could be I want to do multi club, but I'm gonna lock myself into the Cloud Service is if that's the intent or that's the design architecture pattern. You're really not gonna achieve the goals we all set out to do right, So in some ways we have to design ourselves or have the architecture that will let us achieve the business schools that were really going for and that really means from our perspective or from a port Works perspective. There's a platform team. That platform team should run all the applications and do so in a multi cloud first design pattern. And so from that perspective, that's what we're doing from a data plane perspective. And that's what we do with Kubernetes etcetera. So from that idea going forward, what we're seeing is that customers do want to build a platform team, have that as the architecture pattern, and that's what we think is going to be the winning strategy. >>Thank you. Also, when you have the death definition of cod, you have to incorporate, just like with hybrid a teeny the legacy applications. And we saw that you throughout the years those crucial applications, as we call them. People don't always want them to refer to his legacy. But those are crucial applications, and our customers were definitely thinking about how we're gonna run those and where is the right places it on Prem. We're seeing that a lot, too. So I think when we talk about multi cloud, we also talk about what what is in your legacy? What is your name? I mean, I >>like you use legacy. I think it's a great word because I think it really nail the coffin of that old way because remember, if you think about some of the large enterprises these legacy applications didn't optimized for harden optimize their full stack builds up from the ground up. So they're cool. They're running stuff, but it doesn't translate to see a new platform design point. So how do you continue? This is a great fit for that, cos obviously is the answer. You guys see that? Well, okay, I can keep that and still get this design point. So I guess what I want to ask you guys, as you guys are digging into some of the customer facing conversations, what are they talking about? The day talking about? The platform? Specifically? Certainly on the security side, we're seeing everyone running away from buying tools were thinking about platform. What's the conversation like on the outside >>before your way? Did a talk are multiplied for real talk at Barcelona. Q. Khan put your X three on son. Andrew named it for reals of busy, but we really wanted to talk about multiplied in the real world. And when we said show of hands in Barcelona, who's running multi pod. It was very, very few. And this was in, what, five months? Four months ago? Whereas maybe our customers are just really super advanced because of our 100 plus customers. At four words, we Eric is right. A lot of them are already running multi cloud or if not their plan, in the planning stage right now. So even in the last +56 months, this has become a reality. And we're big fans of your vanities. I don't know if you know, Eric was the first product manager for Pernetti. T o k. He's too shy to say it on dhe. So yeah, and we think, you know, And when it does seem to be the answer to making all they caught a reality right now. >>Well, I want to get back into G k e. And Cooper was very notable historical. So congratulations. But your point about multi cloud is interesting because, you know, having multiple clouds means things, right? So, for instance, if I upgrade to office 3 65 and I killed my exchange server, I'm essentially running azure by their definition. If I'm building a stack I need of us, I'm a Navy best customer. Let's just say I want to do some tensorflow or play with big table. Are spanner on Google now? I have three clouds. No, they're not saying they have worked low specific objectives. I am totally no problem. I see that all the progressive customers, some legacy. I need to be people like maybe they put their tone a file. But anyone doing meaningful cloud probably has multiple clouds, but that's workload driven when you get into tying them together. It's interesting. I think that's where I think you guys have a great opportunity in this community because it open source convene the gateway to minimize the locket. What locket? I mean, like locking the surprise respect if its value, their great use it. But if I want to move my data out of the Amazon, >>you brought up so many good points. So let me go through a few and Lisa jumping. I feel like locking. People don't wanna be locked in at the infrastructure level. So, like you said, if there's value at the higher levels of Stack and it helps me do my business faster, that's an okay thing to exchange. But if it's just locked in and it's not doing anything. They're that's not equal exchange, right? So there's definitely a move from infrastructure up the platform. So locking in infrastructure is what people are trying to move away from. From what we see from the perspective of legacy, there is a lot of things happening in industry that's pretty exciting. How legacy will also start to run in containers, and I'm sure you've seen that. But containers being the basis you could run a BM as well. And so that will mean a lot for in terms of how VM skin start to be matched by orchestrators like kubernetes. So that is another movement for legacy, and I wanted to acknowledge that point now, in terms of the patterns, there are definitely applications, like a hybrid pattern where connect the car has to upload all its data once it docks into its location and move it to the data center. So there are patterns where the workflow does move the ups are the application data between on Prem into a public cloud, for instance, and then coming back from that your trip with Lisa. There is also examples where regulations require companies to enterprise is to be able to move to another cloud in a reasonable time frame. So there's definitely a notion of Multi Cloud is both an architectural design pattern. But it's also a sourcing strategy and that sourcing strategies Maura regulation type o. R in terms of not being locked in. And that's where I'm saying it's all those things. >>You love to get your thoughts on this because I like where you're going with this because it kind of takes it to a level of Okay, standardization kubernetes nights containing one does that. But then you're something about FBI gateways, for instance. Right? So if I'm a car, have five different gig weighs on my device devices or I have multiple vendors dealing with control playing data that could be problematic. I gotta do something. So I started envisioned. I just made that this case up. But my point is, is that you need some standards. So on the A p I side was seeing some trends there once saying, Okay, here's my stuff. I'll just pass Paramus with FBI, you know, state and stateless are two dynamics. What do you make of that? What? What what has to happen next to get to that next level of happiness and goodness because Ruben is has got it, got it there, >>right? I feel like next level. I feel like in Lisa. Please jump. And I feel like from automation perspective, Kubernetes has done that from a P I gateway. And what has to happen next. There's still a lot of easy use that isn't solved right. There's probably tons of opportunities out there to build a much better user experience, both from operations point of view and from what I'm trying to do is an intense because what people aren't gonna automate right now is the intent to automate a lot of the infrastructure manual tasks, and that's goodness. But from how I docked my application, how the application did, it gets moved. We're still at the point of making policy driven, easy to use, and I think there's a lot of opportunities for everyone to get better there. >>That's like Logan is priority looking fruity manual stuff >>and communities was really good at the food. That's a really use case that you brought up really. People were looking at the data now, and when you're talking about persistent mean Cooney's is great for stateless, but for St Paul's really crucial data. So that's where we really come in. And a number of other companies in the cloud native storage ecosystem come in and have really fought through this problem and that data management problem. That's where this platform that Aaron was talking about >>We'll get to that state problem. Talk about your company. I wanna get back Thio, Google Days, um, many war stories around kubernetes. We'll have the same fate as map reduce. You know, the debates internally and Google. What do we do with it? You guys made a good call. Congratulations doing that. What was it like to be early on? Because you already had large scale. You already had. Borg already had all these things in place. Was it like there was >>a few things I'll say One is. It was intense, right? It was intense in the sense that amazing amount of intelligence, amazing amount of intent, and right back then a lot of things were still undecided, right? We're still looking at how containers are package. We're still looking at how infrastructure Kate run and a lot of the service's were still being rolled out. So what it really meant is howto build something that people want to build, something that people want to run with you and how to build an ecosystem community. A lot of that the community got was done very well, right? You have to give credit to things like the Sig. A lot of things like how people like advocates like Lisa had gone out and made it part of what they're doing. And that's important, right? Every ecosystem needs to have those advocates, and that's what's going well, a cz ah flip side. I think there's a lot of things where way always look back, in which we could have done a few things differently. But that's a different story for different >>will. Come back and get in the studio fellow that I gotta ask you now that you're outside. Google was a culture shock. Oh my God. People actually provisioning software. Yeah, I was in a data center. Cultures. There's a little >>bit of culture shock. One thing is, and the funny thing is coming full circle in communities now, is that the idea of an application, right? The idea of what is an application eyes something that feels very comfortable to a lot of legacy traditional. I wanna use traditional applications, but the moment you're you've spent so much time incriminates and you say, What's the application? It became a very hard thing, and I used to have a lot of academic debates wise saying there is no application. It's it's a soup of resources and such. So that was a hard thing. But funny thing is covered, as is now coming out with definitions around application, and Microsoft announced a few things in that area to so there are things that are coming full circle, but that just shows how the movement has changed and how things are becoming in some ways meeting each other halfway. >>Talk about the company. What you guys are doing. Taking moments explaining contacts. Multi Cloud were here. Put worse. What's the platform? It's a product. What's the value proposition? What's the state of the company? >>Yes. So the companies? Uh well, well, it's grown from early days when Lisa and I joined where we're probably a handful now. We're in four or five cities. Geography is over 100 people over 150 customers and there. It's been a lot of enterprises that are saying, like, How do I take this pattern? Doing containers and micro service is, and how do I run it with my mission? Critical business crinkle workloads And at that point, there is no mission critical business critical workload that isn't stable so suddenly they're trying to say, How do I run These applications and containers and data have different life cycles. So what they're really looking for is a data plane that works with the control planes and how controlled planes are changing the behavior. So a lot of our technology and a lot of our product innovation has been around both the data plane but a storage control plane that integrates with a computer controlled plane. So I know we like to talk about one control plane. There's actually multiple control planes, and you mentioned security, right? If I look at how applications are running way, acting now securely access for applications and it's no longer have access to the data. Before I get to use it, you have to now start to do things like J W. T. Or much higher level bear tokens to say I know how to access this application for this life cycle for this use case and get that kind of resiliency. So it's really around having that >>storage. More complexity, absolutely needing abstraction layers and you compute. Luckily, work there. But you gotta have software to do it >>from a poor box perspective. Our products entirely software right down loans and runs using kubernetes. And so the point here is we make remarries able to run all the staple workloads out of the box using the same comment control plane, which is communities. So that's the experiences that we really want to make it so that Dev Ops teams can run anywhere close. And that's that's in some ways been part of the mix. >>Lisa, we've been covering Jeff up. Go back to 2010. Remember when I first I was hanging around? San Francisco? Doesn't eight Joint was coming out the woodwork and all that early days. You look at the journey of how infrastructures code. We'll talk about that in 2008 and now we'll get 11 years later. Look at the advancements you've been through this now the tipping point just seems like this wave is big and people are on developers air getting it. It's a modern renaissance of application developers, and the enterprise it's happening in the enterprise is not just like the energy. You're one Apple geeks or the foundation. It's happening in >>everyone's on board this time, and you and I have been in the trenches in the early stages of many open source projects. And I think with kubernetes Arab reference of community earlier, I'm super proud to be running the world's largest CNC F for user group. And it's a great community, a diverse community, super smart people. One of my favorite things about working poor works is we have some really smart engineers that have figured out what companies want, how to solve problems, and then we'll go credible open source projects. We created a project called autopilot, really largely because one of our customers, every who's in the G s space and who's running just incredible application, you can google it and see what the work they're doing. It's all out there publicly. Onda we built, you know, we've built an open source project for them to help them get the most out of kubernetes we can say so there's a lot of people in the community system doing that. How can we make communities better? Half We make competitive enterprise grade and not take years to do that. Like some of the other open source projects that we worked on, it took. So it's a super exciting time to be here, >>and open source is growing so fast. Now just think about having project being structured. More and more projects are coming online and user profit a lot more. Vendor driven projects, too used mostly and used with. Now you have a lot of support vendors who are users, so the line is blurring between then their user in open source is really fast. >>Will you look at the look of the landscape on the C N. C. F? You know the website. I mean, it's what 400 that are already on board. It's really important. >>They don't have enough speaking slasher with >>right. I know, and it's just it. It is users and vendors. Everybody's in the community together. It's one of things that makes it super exciting, and it's how we know this is This was the right choice for us. Did they communities because that's what? Everybody? >>You guys are practically neighbors. We look for CNN Studio, Palo Alto. I wanna ask you one final question on the product side. Road map. What you guys thinking As Kubernetes goes, the next level state, a lot of micro service is observe. Ability is becoming a key part of it. The automation configuration management things are developing fast. State. What's the road for you guys? For >>us, it's been always about howto handle the mission critical and make that application run seamlessly. And then now we've done a lot of portability. So disaster recovery is one of the biggest things for us is that customers are saying, How do I do a hybrid pattern back to your earlier question of running on Prem and in Public Cloud and do a D. R fail over into a Some of the things, at least, is pointing out. That we're announcing soon is non Terry's autopilot in the idea of automatically managing applications scale from a volume capacity. And then we're actually going to start moving a lot more into some of what you do with data after the life cycle in terms of backup and retention. So those are the things that everyone's been pushing us, and the customers are all asking, >>You know, I think data that recovery is interesting. I think that's going to change radically. And I think we look at the trend of how yeah, data backup recovery was built. It was built because of disruption of business, floods, our games. That's right. It is in their failure. But I think the biggest disruptions ransomware that malware. So security is now a active disruptor, So it's not like it After today. If we hadn't have ah, fire, we can always roll back. So you're infected and you're just rolling back infected code. That's a ransomware dream. That's what's going on. So I think data protection needs to redefine. >>What do you think? Absolutely. I think there's a notion of how do I get last week's data last month and then oftentimes customers will say If I have a piece of data volume and I suddenly have to delete it, I still need to have some record of that action for a long time, right? So those are the kinds of things that are happening and his crew bearnaise and everything, it gets changed. Suddenly, the important part is not what was just that one pot it becomes. How do I reconstruct everything? Action >>is not one thing. It's everywhere That's right, protected all through the platform. It is a platform decision. It's not some cattlemen on the side. >>You can't be a single lap. It has to be entire solution. And it has to handle things like, Where do you come from? Where is it allowed to go? >>You guys have that philosophy? >>We absolutely. And it's based on the enterprises that are adopting port works and saying, Hey, this is my romance. I'm basing it on Kubernetes here, my data partner. How do you make it happen? >>This speaks to your point of why the enterprise is in the vendors jumped in. This is what people care about security. How do you solve this last mile problem? Storage, Networking. How do you plug those holes and kubernetes? Because that is crucial. >>One personal private moment. Victory moment for me personally, Waas been a big fan of Cuban, is actually, you know, for years in there when it was created, talked about one of moments that got me was personal. Heartfelt moment was enterprise buyer on. The whole mindset in the enterprise has always been You gotta kill the old to bring in the new. And so there's always been that tension of a you know, the shame, your toy from Silicon Valley or whatever. You know, I'm not gonna just trash this and have a migration is a pain in the butt fried. You don't want that to do that. They hate doing migrations, but with containers and kubernetes, they actually they don't end of life to bring in the new project they could do on their own or keep it around. So that took a lot of air out of the tension in on the I t. Side. Because it's a great I can deal with the life cycle of my app on my own terms and go play with Cloud native and said to me, I was like, That was to be like, Okay, there it is. That was validation. That means this is real because now they will be without compromising. >>I think so. And I think some of that has been how the ecosystems embraced it, right, So now it's becoming all the vendors are saying My internal stack is also based on company. So even if you as an application owner or not realizing it, you're gonna take a B M next year and you're gonna run it and it's gonna be back by something like >>the submarine and the aircon. Thank you for coming on court. Worse Hot started Multiple cities Kubernetes Big developer Project Open Source Talking about multi cloud here at the inaugural Multi Cloud Conference in New York City Secu Courage of Escape Plan 19 John Corey Thanks for watching.