 Hey everyone, welcome back to theCUBE's day two coverage of VMware Explorer 22 from San Francisco. Lisa Martin back here with you with Dave Nicholson. We have a couple of guests from VMware joining us. Please welcome Jay Workman, Senior Director of Cloud Partner and Alliances Marketing and Jeff Thompson, VP Cloud Provider Sales at VMware. Guys, it's great to have you on the program. Good to be here. Thanks for having us on. We're going to be talking about a really interesting topic, sovereign cloud. What is sovereign cloud, Jeff? Why is it important? But fundamentally, what is it? Yeah, well, we were just talking a second ago, I mean, it's not about royalty. Yeah, data sovereignty is really becoming super important. It's about the regulation and control of data. So lots of countries now are being very careful and advising companies around where to place data. And the jurisdictional controls mandate that personal data or otherwise has to be secured. We have to have access controls around it and privacy controls around it. So sovereign clouds are clouds that have been built by our cloud providers in VMware that specifically satisfy the requirements of those jurisdictions and regulated industries. So we've built a little program around that. We launched it about a year ago and continue to add cloud providers to that. Yeah, and I think it's also important just to build on what Jeff said, is who can access that data is becoming increasingly important. Data is almost, it's becoming a bit of a currency. There's a lot of value in data. And securing that data is becoming, over the years, increasingly important. So it's not like we built a problem or we created a solution for a problem that didn't exist. It's been a problem for a while. It's getting exponentially bigger. Data is expanding and growing exponentially and it's becoming increasingly important for organizations and companies to realize where my data sits, who can access it, what types of data needs to go and what type of clouds. And it's very, very aligned with multi-cloud because some data can sit in a public cloud, which is fine, but some data needs to be secure. It needs to be resident within country. And so this is what we're addressing through our partners. Yeah, yeah, I was just going to add to that. I think there's a classification there. There's data residency and then there's data sovereignty. So residency is just about where is the data? Which country is it in? Sovereignty is around who can access that data. And that's the critical aspect of data sovereignty. Who's got control and access to that data? And how do we make sure that all the controls are in place to make sure that only the right people can get access to that data? Yeah, so let's sort of build from the ground up an example. And let's use Western Europe as an example just because state to state in the United States, although California is about to adopt European standards for privacy in a unique way. Pick a country in Europe. I'm a service provider. I have an offering and that offering includes the stack of hardware and I'm running what we frequently refer to as the SDDC or Software Defined Data Center stack. So I've got NSX and I've got vSAN and I've got vSphere and I'm running and I have a cloud and you have all of the operational tools around that and you can spin up VMs and run your applications there and here we are within the borders of this country. What makes it a sovereign cloud? At that, so at that point, is that a sovereign cloud or no? Not yet. Not yet. It's closed. What's the secret sauce? We nailed the technology underpinning. So we've got 4,500 plus cloud provider partners around the world. Less than 10% of those partners are running the full SDDC stack, which we've branded as VMware Cloud Verified. So the technology underpinning from our perspective is the starting point for sovereignty. So they need that right technology. Verified is required for sovereign? Yes. Cloud Verified is the required technology stack for sovereign so they've got vSphere, vSAN, NSX, a lot of these partners are also offering a multi-tenant cloud with VMware Cloud Director on top of that, which is great. That's the starting point, but then we've set a list of standards above and beyond that. In addition to the technology, they've got to meet certain jurisdictional requirements, certain local compliance requirements and certifications. They've got to be able to address the data residency requirements of their particular jurisdiction. So it's going above and beyond, but to your point, it does vary by country. Okay, so in this hypothetical example, this is this country, Europe-Astan. I love it when people talk about it in Mia. People talk about it in Mia. I love a Mian food. Isn't a Mian food one? There's no such thing as a European until you have an Italian, a Brit, and a German in Florida arguing about how our beer and our coffee is terrible. Then they're all European. They go home and they don't like each other. But let's just pretend that there's a thing called Europe. So we've got a border. We know residency, right? Because it physically is here. But what are the things in terms of sovereignty? You're talking about a lot of certification and validation, making sure that everything maps to those existing rules. So is a lot of this administrative, and I mean administrative in the sort of state administrative terminology? Let's build on your example. So we were talking about food and obviously we know the best food in the world comes from England. Of course it does, no doubt. I agree, I do agree. So UK Cloud, fantastic partner for us. Whether they're one of our first sovereign cloud providers in the program. So UK Cloud, they satisfy the requirements with the local UK government. They built out their cloud verified, they built out a stack specifically that enables them to satisfy the requirements of being a sovereign cloud provider. They have local data centers inside the UK. The data from the local government is placed into those data centers and it's managed by UK people on UK soil so that they know the privacy, they know the security aspects, the compliance. All of that wrapped up on top of a secure SDDC platform satisfies the requirements of the UK government that they are managing that data in a sovereign way that aligns to the jurisdictional control that they expect from a company like UK Cloud. Well I think to build on that, at UK Cloud as an example, certain employees at UK Cloud will have certain levels of clearance from the UK government who can access and work on certain databases that are stored within UK Cloud. So they're addressing it from multiple fronts, not just with their hardware, software, data center framework, but actually at the individual compliance level and then individual security clearance level as to who can go in and work on that data. And it's not just a governmental, it's not a public sector thing. I mean any highly regulated industry, healthcare, financial services, they're all going to need this type of data protection and data sovereignty. Can this work in a hyperscaler? So you have VMC, AVS, GCVE, OCVS, thank you. Can a sovereign cloud be created on top of physical infrastructure that is in one of those hyperscalers? From our perspective it's not truly sovereign. If it's a United States based company operating in Germany, operating in the UK in a local customer organization in Germany or the UK wants to deploy workloads in that cloud, we wouldn't classify that as totally sovereign because by virtue of the Cloud Act in the United States, that gives the US government rights to request or potentially view some of that data because it's coming out of a US based operator, data center sitting on foreign soil. So that the US government has some overreach into that and some of that data may actually be stored, some of the metadata may reside back in the US and the customer may not know. So certain workloads would be ideally suited for that but for something that needs to be truly sovereign and local data residency, then it wouldn't be a good thing. I think that's a key thing. Going back to residency versus sovereignty, it can be, let's go to our UK example, it can be on a hyperscaler in the UK, now it's resident in the UK, but some of the metadata, the profiling information could be accessible by the entity in the United States for example there, now it's not sovereign anymore. So that's the key difference between what we view as a pure sovereign cloud play and then maybe a hyperscaler that's got more residency than sovereignty. Yeah, we talk a lot about partnerships. This seems to be a unique opportunity for a certain segment of partners that really is an opportunity for them to have a line of business established that's unique from some of the hyperscale cloud providers where sort of the modesty of your size might be an advantage if you're in a locale. You're in Italy and you are a service provider there. Sounds like a great fit. Yeah, you've always had the beauty of our program, we have 4,500 cloud providers. Obviously not all of them are able to provide a data sovereign cloud. We have 20 in the program today. In the country you'd expect them to be in, the UK, Italy, France, Germany, over in Asia, Pacific, we have in Australia, New Zealand, Japan, and we have Canada and Latin America to dovetail the United States. But those are the people that have had these long term relationships with the local governments, with these regulated industries and providing those services for many, many years. It's just that now data sovereignty has become more important and they're able to go that extra mile and say hey, we've been doing this pretty much for decades, but now we're going to put a wrapper and some branding around it and do these extra checks because we absolutely know that we can provide the sovereignty that's required. And that's been one of the beautiful things about the entire initiative is we're learning a lot from our partners in these countries that to Jeff's point have been doing this. They've been long time VMware partners, they've been doing sovereignty. And so collectively together we're able to really establish a pretty robust framework from our perspective. What does data sovereignty mean? Why does it matter? And that's going to help us work with the customers, help them decide which workloads need to go in which type of cloud and it dovetails very, very nicely into a multi-cloud. That's a reality. So some of those workloads can sit in the public sector and the hyperscalers and some of them need to be sovereign. So it's a great solution for our customers. When you're in customer conversations especially as data sovereignty becomes a global problem where, who are you talking to? Are you talking to CIOs? Are you talking to chief data officers? I imagine this is a pretty senior level conversation. Yeah, I think it's all of the above really. Who's managing the data? What type of customer is it? What vertical market are they in? What compliance regulations are they beholden to as an enterprise depending on which country they're in. Do they have a need for a public cloud? They may already be all localized. So it really depends but it could be any of those. It's generally I think a fairly senior level conversation and it's consultancy. It's us understanding what their needs are working with our partners and figuring out what's the best solution for them. I think going back to they've probably having those conversations for a long time already because they probably have had workloads in there for years, maybe even decades. It's just that now sovereignty has become more popular requirement to satisfy and so they've gone back to, they've gone the extra mile with those as the trusted advisor, with those people they've all been working with for many, many years to do that work. And what sort of, any examples you mentioned some of the highly regulated industries, healthcare, financial services. Any customer come to mind that you think really articulates the value of what VMware is delivering through its cloud provider program that makes the obvious why VMware an obvious answer? Wow, I get this, there's so many. It's actually, each of our different cloud providers they bring their windwires to us and we just have, we have a great library now of assets that are on our sovereign cloud website of those windwires. So it's many industries, many countries so you can really pick your choice there. That's a good problem to have. To the example of UK Cloud, they're really focused on the UK government so some of them aren't going to be referenced so well we may have indication of a major financial services company in Australia has deployed with AU Cloud, one of our partners. So we've also got some semi-blind references like that and to some degree a lot of these are maintained as fairly private winds and whatnot for obvious security reasons but we're building it and building that library up. You mentioned the number 4,500 a couple of times. You're referencing VMWare cloud provider partners or program partners, so VCPP. Yes. So 4,500 is the kind of, is the number? That's the number globally of partners that are offering a commercial cloud service based at a minimum with vSphere and there in many of them have many more of our technologies and we've got a little under 10% of those that have the cloud verified designation that are running that full SDDC stack. Somebody tallied up all of that and the argument has been made that that would mean that VMWare's cloud and although some of it's on IaaS from hyperscale cloud providers but that means that VMWare has the third or fourth largest cloud on the planet already right now, which is kind of interesting because if you go back to when 2016 or so and VMC was at least bandied about, is that right? A lot of people were skeptical. I was skeptical. A very long history with VMWare at the time and I was skeptical, I'm thinking that. It's not going to work. This is desperation. Sorry, Pat, I love you, but desperation. AWS, their attitude is in this transaction. Sure, send us some customers. We'll take them, right? I was very, very cynical about it. Completely proved me wrong, obviously. Where did it go? Went from AWS to Azure to GCP to Oracle. Alibaba, globally. We've got IBM, right? So along the way, it would be easy to look at that trajectory and say, okay, wow, hyperscale cloud. Yeah, everything's consolidating great. There's going to be five or six or 10 of these players and that's it and everybody else is out in the cold but it turns out that long tail, if you look at the chart of who the largest VCPP partners are, that long tail of the smaller ones seem to be carving out specialized niches where you can imagine now, at some point in the future, you sum up this long tail and it becomes larger than maybe one of the hyperscale cloud providers. I don't think a lot of people predicted that. I think people predicted the demise of VMware and frankly, a lot of people in the VMware ecosystem, just like they predicted the demise of the mainframe, the storage area network, fill in the blank. Jeff and I, we've been on that. Jeff's been on it a little longer than I have but we've been working together for 10 plus years on this and we've heard that many times. Our ecosystem has grown over the years. We've seen some consolidation, some M&A activity that we're not even actively recruiting partners and it's growing. We're focused on helping our partners gain more share internally, gain more share at wallet but we're still getting organic growth in the program. So it shows, I think that there is value in what we can offer them as a platform to build a cloud on. Yeah, what's been interesting is, there's growth and there's some transition as well, right? So there's been traditional cloud providers who've built a cloud in their data center, some sovereign, some not. And then there's other partners that are adopting VCPP because of our SaaS. So we've either converted some technology from product into SaaS or we've built net new SaaS or we've acquired companies that have been SaaS only and now we have a bigger portfolio that service providers, cloud providers, managed service providers are all interested in. So you get resellers, channel partners who've historically been doing ELAs and reselling to end customers. They're transitioning their business into doing recurring revenue and the only game in town where you really want to do recurring revenue is VCPP. So our ecosystem is both growing because our cloud providers with their data center are doing more with our customers and then we're adding more managed service providers because of our SaaS portfolio and that combo, that one-two punch is creating a much bigger VCPP ecosystem overall. Impressive. Do you think we have a better idea of what sovereign cloud means? Yes, I think we do. It's not royalty. It's all about royalty. All about royalty. What are some of the things, Jeff, as we look on the horizon, obviously, seven to 10,000 people here at VMware is where people are really excited to be back. They want to hear it from VMware, they want to hear it from its partner ecosystem, the community. What are some of the things that you think are on the horizon where sovereign cloud is concerned that are really opportunities for businesses to get it right? Yeah. We're in the early days of this. I think there's still a whole bunch of rules and regulatory laws that have not been defined yet. So I think there's going to be some more learning. There's going to be some top-down guidance like GaiaX in Europe. That's the way that they're defining who gets access and control over what data and what's in and what's out of that. So we're going to get more of these GaiaX type things happening around the world and they're all going to be slightly different. Everyone's going to have to understand what they are, how to interpret and then build something around them. So we need to stay on top of that, myself and Jay, to make sure that we've got the right cloud providers in the right space to capitalize on that, build out the sovereign cloud program over time and make sure that what they're building to support aligns with these different requirements that are out there across different countries. So it's an evolving landscape. That's- And one of the things too we're also doing from a product perspective to better enable partners to address these sovereign cloud workloads is where we have gaps, maybe in our portfolio, where we're partnering with some of our ISVs like a Kavionics, like a Fortanix Veeam. So we could give our partners object storage or ransomware protection to add on to their sovereign cloud service all accessible through our cloud director consult. So we're enhancing the program that way and to Jeff's point earlier, we've got 20 partners today. We're hoping to double that by the end of our fiscal year and just take a very befadical approach to growth of the program. Sounds great guys, early innings though. Thank you so much for joining Dave and me talking about what sovereign cloud is, describing it to us, and also talking about the difference between that data residency and all of the challenges in the landscape that customers are facing. They can go turn to VMware and its ecosystem for that help. We appreciate your insights and your time guys. Thank you for having us. Our pleasure. Appreciate it. For our guests and Dave Nicholson, I'm Lisa Martin. You've been watching theCUBE. This is the end of day two coverage of VMware Explorer 2022. Have a great rest of your day. We'll see you tomorrow.