 extracting the signal from the noise. It's theCUBE, covering VMworld 2015. Brought to you by VMware and its ecosystem sponsors. Now your hosts, John Furrier and Dave Vellante. Okay, welcome back everyone. We are here live in San Francisco in Moscone, North Lobby at VMworld 2015, Silicon Angles theCUBE. I'm John Furrier, the co-founder of Silicon Angles. I'm John Mycoz, Dave Vellante, co-founder of Wikibon.com And our next guest is Steve Herrod, Cube alumni. He's been there from the beginnings in 2010. He's back on theCUBE, Cube alumni. Former CTO of VMware now, a general partner, managing director at General Catalyst, Venture Capitalist. VMware turned Venture Capitalist like Jerry Chen and Pete Sonsini. Welcome back to theCUBE. Great to see you. Thanks, Dave. You've seen this when we were here in 2010. Now we've got the two sets here. I'm an emeritus at this point, I think. Great to have you. And the rumor is that you're going to come back as CTO of VMware because you're just giving a keynote. You haven't spoken in two years here because when you gave up the CTO to move on to your next adventure as a Venture Capitalist, you lose the stage, but you have a different stage. Different stage, yeah. Tell us, you're giving a little keynote here in DevOps. How did they wrangle that? That was fun. Kit Colbert's awesome. I'm sure you've talked to him before in here. We were just talking about different angles for DevOps and thinking about it. And a lot of what I'm investing in now is thinking about how this DevOps movement actually makes it to real enterprises, not just to the Silicon Valley startups. And so it's a big investment area and I wanted to just share my thinking on what kind of companies will make it. And what was the feedback downstairs in the DevOps lounge there? Because they have a real DevOps focus here. I mean, VMware has a lot of ops guys in there, install base. But Pure Developer is a whole new opportunity for VMware. Yeah, and I think the biggest debate going on in the industry is like, do you have to start with developers and then have operations people like you? Or can you start with infrastructure and operations and appeal to the developers? This is an operations infrastructure conference and not a ton of developers down there. So it's an ops dev conference. I can't say this for ops and dev perhaps. But I do think ultimately it's about them getting along and having some value that hits both of them. So it's good casual environment. They're doing a hackathon tomorrow. And I think a lot of interesting startups came and talked to you. So when we first started kicking around, this is a few years ago, I think you, when the first guess we've had that really kind of brought up the term infrastructure as code. I mean, it's now a few years in. Where are we with this? I mean, NSX is looking good off the tee, middle of the fairway, as they say in golf. So where are we with this programmable infrastructure? No, I love that. I still love the concept and the notion of infrastructure's code means a bunch of things. One is you can think about it programmatically and have it repeatable. So you can write the recipe and have it play on time and time again. But I think especially right now, the idea of versioning it is really important. It's VMware's kind of had one version of doing this, but whether you're chef or puppet or Ansible or chef or salt, any of these are trying to think of ways you can check in the golden environment. And I think ultimately a lot of the DevOps work is around homogenization of environments so that when you go to production, you're not getting giant surprises versus testing. So they're all part of that same thing. I think it's something that we're stuck with. It's going to be a good thing. What's your big learning now that you're two years out of VMware, you're out in the wild, so to speak, and you're writing big checks, you're looking at stuff, you've made some good investments so far. What's your take on looking now, if you will, from the balcony onto the stage of VMware, and how are they doing, and what's your take on some of the things that they're doing? Are they doing too much? Are they just enough? Obviously Pat laid out a pretty good vision this morning. Impressive. What's your take on VMware? Give them a report card. I think things, I mean, a lot of this has been in underworks for quite a while, so I think it just takes a long time to deliver on the vision that it's had for quite a while. And I think at the top level, in user computing, you've had plenty of talks there, a lot of cool stuff going on. I think the air watch in particular has moved them forward a giant leap. Microsoft on stage was kind of cool to see today. I think the software defined data center is something we talked about for a while, and I think you're seeing both NSX and VSAN show that the rest of the infrastructure can be virtualized. And then I think that the hardest question will be, does this hybrid cloud world really work out, and is it hybrid where it's one vendor, multiple vendors, and where are the connection points? So it's very fun to be, on the outside, there's two things you see. One is that there is a world that's not all purely VMware, which is one thing, but you also get a respect for just like how amazing the traction is and how many customers rely on this. VMware makes one announcement of a keynote and two startups get scared and have to change their tax. So it's kind of neat to see both sides of it in this world. And you see VMware moving into this sort of heterogeneous management and he's talking about it, not probably not today managing much Azure or AWS, but sort of setting forth that vision. When we seem to be living in this fragmented world, fragmented clouds, but you mentioned homogeneity before, there's some benefits of homogeneity. You see it with Amazon, you kind of see it with Azure. What's your take on that? I mean, is that sort of inter-cloud management, a great opportunity for just VMware? Are you see other guys trying to do it as well? Even some startups, even guys like Nutanix playing around with it. Yeah, I think it's super interesting. I think the irony is that there's been all these approaches to homogeneity, whether it be virtual machines, whether it be a converged infrastructure, whether it be containers. And the irony is that the move to homogenization has caused more heterogeneity than before. So I think the real opportunity and where I love looking is whether it's a storage or a security company or a DevOps company, whether you're a journalist or whether you're an analyst or whether you're an investor, you benefit from a lot of complexity in trying to solve something about it. So I think that's where all these are coming from is there's great new technologies that have to work with existing ones. How do you tame it? And looking across the places where people invest to tame it is really the thing we're all doing. So you've made some investments in both the data side and the cloud side. I didn't need the cloud data side. Maybe talk a little bit about some of the more exciting ones that you're... Yeah, I'm an infrastructure guy, so I don't do consumer things, but I love things around data, around networking and around DevOps. So those are the three areas. A lot of them have gotten to come on theCUBE and talk to you, but I think the companies that are coming here today, a lot of them are launching at VMworld. So it's been a real fun full circle as sort of originally trying to launch VMware and now having companies that dream of presenting on the big stages here. But they're doing things like, Alumeo is a very interesting company, really trying to apply the DevOps notion of continuous deployment to security, which is I think one of the biggest holes in this move fast movement. There's a company here called ClearSky Data, which is a really interesting approach to blending on-premise and cloud-based storage. And they just launched and got a really good attention here. Paula Long, who you've spent time with us on the board. Yeah, one of our famous quotes from last year, I asked her if data gravity was an aspirin or a vitamin, it's a vaccine. I'm like, I've been trumped on theCUBE. So she's on the board of ClearSky Data. Yes, she's on the board of ClearSky Data as well as building data gravity herself. And you're on the board as well. So it's kind of do little mini board meetings. That's hyper-converged startup. Yeah, it's very fun. There's a great new startup here too. I just want to call them out called DATO, D-A-T-T-O, which is this killer company doing disaster recovery. Connecticut company, aren't they? Connecticut, Norwalk Connecticut, which is not the first place you think when you think of cool infrastructure startups. But they're absolutely killing it for small businesses. Now they're applying it to the virtual world and to SaaS applications. So the theme is heterogeneity and trying to do enterprise capabilities to move fast on top of that. Okay, so I got to ask you a question around a quote we heard earlier this morning on theCUBE and the quote is, respect to the VMware portfolio and the ecosystem, is the technology, and it could be anyone's technology in the ecosystem, the best of the last generation or the first of the next generation? So depending on how you look at things, VMware has legacy now. So you know, multiple, almost 20 years now coming up on 20 years of VMworld. There's old generation and the new. So you're either the best of the last of the new or the old or first of the new. What's your take on that? Because you're doing a lot of stuff certainly on the security side, that's the first of the new. Yeah, so again, I've spent enough time with CIOs that you just know no one ever starts with a green field. It's always starting with something in place. And so the question isn't, is it this one or this one? It's how much are they bridging it and how quickly are they moving to the new world? I mean, I think all the startups I work with are in the public cloud from the get go. So unless you have a compelling developer cloud, you're not likely to get those customers. And that's where Amazon's killing it, of course. But if you're an enterprise and you're migrating your existing applications, I see it time and time again, but the CIOs, they take all their applications, they put them into buckets and some of them they're going to move forward one place, others they're going to lock in a corner and put an API on the front of. And so I think the question is what customer set are you serving and how are you trying to take them forward? And a lot of the young talent coming in has never stacked a server before. Yeah, absolutely. Never had the joys of going through the racks. A hybrid cloud, does hybrid cloud exist? Is that the outcome of public private? What's your take on hybrid today? I mean, is it just like distributed computing? Yeah, my only problem with the term, and I probably used it originally for other reasons, I think it implies probably too much homogeneity because I really do think the modern CIO is dealing with a multi-cloud world. Maybe there's a better term. They have SaaS applications, they might have some things in vCloud, they might have some things in Google, they're using Office 365. And so I really think it's about all these things and they're not tightly, tightly coupled, they're more loosely coupled. You want a security policy that mostly works around them. You want to be able to maybe look at your billing across all of them. So I think it's probably more loosely tied than a lot of people probably think of it when they hear the word hybrid, where it's a seamless connection. Okay, that's interesting. I mean, you listen to Amazon talk and they don't even acknowledge the term. The existence of the, yeah. Because I don't believe in it. And you know, so I think based on what you just said, probably that's the correct intellectual model or their model near term, but it sounds like I'm inferring from your comments. It's probably mid to long term too. That doesn't really change because it's going to be highly fragmented. Yeah, and it'll be steadily, and we already seen this over the last year. It'll be holes that get poked between them and whether it's access to data, whether it's a common security policy, whether it's identity as the glue. You're just going to see a lot of angles of connecting pretty loosely connected devices, loosely connected clouds. What's cloud native mean to you? When you hear that term, you mentioned startups that start, I mean, you got absolutely the web scale guys were always DevOps in the beginning. And then like you think about Dropbox and these new startups, they're always born and they're born in the cloud because that's the best resource pool and tools available. Then you get the legacy enterprises. But what is cloud native across those three spectrums mean? Yeah, I think about it just very loosely. It's people who have starting new startups without a legacy. Actually, that's how I like to think about it. They don't have an existing code base. They don't have an existing data source necessarily. And largely the architecture of modern apps is as you know, very well from your own work. It's a mashup of a lot of sources of data coming together. So I really think of it as, it's more loosely connected programming. It's got a notion of microservices because you're leveraging other people's work. You're coding locally, you're coding smaller and leveraging all the other pieces. And then I think it has less of a legacy allowing you to adopt the newer methodologies and the newer technologies more quickly than a company that has legacy can do. So the word engineering is kicked around with DevOps. We've done so many interviews and we always ask questions about DevOps. And the common thread is it's not so much pure developers it's that a lot of engineering is going on around it. So the word engineering is the word or the hiring keyword or I've got to engineer this or architect it. What are you seeing happening now from an engineering standpoint? Because that touches cloud, that's apps, that's business mobility which you mentioned yourself. So this engineering focus is really the centerpin of DevOps. What's your take on that? Yeah, maybe a couple of things. It's a really good recognition. I think DevOps, a lot of people talk about it as tools and techniques. I think it is at least as much people and organization and how they communicate and how they get along and how you're held accountable. So a lot of it is, the finger used to point different ways. You have one group that's in charge of getting the whole thing out there. So I think that's a big part of it. And again, I also think it's around, it's certainly around how are we gonna develop the new code but it's ultimately how are we shipping it. And I think that's where these thinking about ways they can dance better than in the past is what really comes to mind when I think about it. But there are these new roles that are popping up not only in the pure DevOps but like SREs is the hot new topic. It's the person who can go in and find where the problem is. And what's that stand up for? A site reliability engineer. And it's people that go in and they literally have to find things across a haystack of possible areas. They take the pagers, they get things running. So it is a rethinking of, maybe that's a really good way to think of it. The engineer is a new task or a new term that has more relevance than ever. Okay, so now the developers are out there, boom, you're seeing a lot of downloads, but they're seeing a lot of interest from stuff like Seth and these tools around OpenStack. And Container certainly has broken on the scene and changed the game a bit. Developers are moving fast at the top of the stack. What has to happen underneath the covers or underneath the hood? In your mind, where's the bottleneck now? I mean, obviously we know that the pressure's coming from the top from developers. What's happening under the hood that's going to make it go faster? Well, this is the hard, the adoption, if you will. Yeah, absolutely, this is the hard of, I mean, ultimately the reason DevOps exists is because every company has realized they need to push things out faster while still making sure that they run. So at the very top level, how do I ship more features more quickly for customer satisfaction, for new revenue sources? Again, you all know this very well. The part that's interesting is that you have to develop the features quickly, but if you push them out and they crash or it's a bad user experience, it backfires. So I think the whole purpose of this DevOps thing is to make developers want to use the tools because they're more productive and pushing out features, but they need to have the operations team get the itties in place on it very quickly. So again, every startup I look at is really trying to think about how do I bring security, reliability, availability, scalability, and auditability into these systems. And those are the bottlenecks for shipping products. Yeah, it's a double edged sword. You know, we're living in, we were just at the Opus Deck event in Silicon Valley where we put on with Mirantis and the concept of API application came out and Craig Mclucky from Google was like, if you go too fast on API-ing things. That's right, you could really get yourself in dangerous territory because you have a lot of legacy to deal with. So I got to ask you, at what point do you go with your APIs? What point do you kind of hold back? Because the term that's not being talked about that's being talked about the most in the all ways is security. So you're doing that. So API application, talk about that trend. Where's the balance line now? And then security. Yeah, and again, I think it differs whether you're going into the enterprise or whether you're doing the hot new startup. I think the trend that I like the most on the enterprises is that they have a data source. It's their customer data. It's whatever it might be. They've written a web app that's pretty tightly bound to it. The path I like to follow is usually the first time an enterprise is writing a mobile application for themselves. They realize I now have two things that need to get to my data source. So this is purely internal. It's not something they're trying to ship. That's where I see them create some sort of API layer for the first time to allow mobile access. And then in a lot of cases, they realize there's partners that could add value to our data. We could monetize our data. And that's when they decide to make the public API. But you're 100% right. The first time you make APIs out there and you have external parties dependent on it, of course, you're kind of stuck with them. So I think deprecation of APIs and dealing with that is something you have to think about a lot up front. The other part of it is I'm a big fan of this microservices and API movement in the sense that it allows you to ship code more quickly. But these things now become critical infrastructure. You have to version and test them and do performance management and security on something that's harder than when you had everything in your own hand. And so that's where I also think a lot of nice startups are going to be built. So following up on the security, we saw some, actually, a while ago we asked Pat Gelsinger, John, you know, a security duo over years ago and said, yes, this is his answer. So we saw some announcements today, heavy emphasis on encryption, the hybrid cloud stuff. Look like still a lot of moats going on. And then we've seen efforts, you know, Warren Buffett might be right, Bitcoin might fail as a currency, but you're seeing efforts to use the Bitcoin blockchain as sort of a new model for security MIT and others. Wonder what your thoughts are in the sort of state of the security and what about sort of Bitcoin blockchain-like approaches? So I think on the security front, this is one of the areas I'm most passionate about and three of my, four of my first investments have been around it. So I think there are a couple of traits that have to be in place. As I said at the start, I firmly believe you want to have one type of security policy that holds whether you're in Amazon or Azure or containers or VMs instead of standalone siloed security policies. So the startups that can think of a way and think of a solution that will work across all of them, I think are the ones that are gonna really do well. And I think that's a very key trend just because as much as is, like sure it'd be great to build it into the platform, but then you need that platform everywhere or else you have different designs. The other thing I focus on quite a bit, and this is a different aspect of security though, is how are we protecting your laptops and really thinking about the modern vectors for attacks and malware's coming in through the web browser, through mail, through phishing attacks and through documents, through PDF or whatever it might be. So I've been really obsessed with this notion of changing the security game from one of prevention and one of tracking to one of, just assume it's gonna get through and do forms of isolation. And this is where the bromium startup kind of came in trying to do it at a Windows level. I have a company called Minlow Security which I'm super excited about that's trying to do it purely at a DOM level in the browser. And I just think this is the only way you can really fight security issues in the long term is assume they're gonna get through even though you try hard, just don't let them damage things when they do get through. Yeah, so open the perimeter up and let them come in and then you focus on using whether it's big data and or other algorithms. Yeah, probably still open the perimeter up. Yeah, come on in. There's definitely levels and you're gonna try to reduce it but no matter what you're gonna get day zeros that get through you. But an outside in view of what's going on in your environment as opposed to sort of inside out. Yeah, it's like we always talk about the castle note analogy and like the bad guys are inside the castle sometimes and also your I guess your knights are outside the castle sometimes and just the mode analogy is not gonna work. And what about this keyless security notion, you know? Yeah, it's interesting. I actually think, I do think the core of everything that we're looking at now is identity and I think you can associate keys with identities or not but I actually, I like the model that they're going down in the end user computing and I do think identity is the thing that holds regardless of what device you're on, what data you're touching and what applications you're using. So I think pivots that go around identity as the core piece are important. Then how you authenticate and say I am that identity. You know, there are a lot of interesting methods going on there. I agree, I think that is the secret sauce because now you can change your data modeling around identity versus the other way around. It's really kind of flips upside down in a way. It does, it just kind of makes perfect sense in a multi device, multi app, multi data world. It's kind of like an overlay kind of mindset. Just focus on one piece of data and kind of change it over. Build around it. My final question for you is, what's changed in your thesis? Well actually two part question. What's changed in your investment thesis since you become a VC two years ago and now the market's changed a little bit so and you're seeing more and you're getting your sea legs if you will in the market you've done some deals. And the second part is, what's the big learning that you've learned from the marketplace? Hmm, good questions on both fronts. I think on the investment thesis for me has not changed at all, which is it starts enterprise investments, you spend time with customers, you understand pain points and you try to figure the frictionless or less friction full way of getting things in there. The biggest change for me has just been it is a heterogeneous world, not just what cloud vendor, what hypervisor, but like SaaS is a huge part of everyone's life and we sort of ignore it as it would get rid of those. So it is a multi cloud heterogeneous world solutions that I invest in have to take that into account. I guess the other was lessons learned or things that are looked for. Key learnings that you over the past couple years you've walked away from on a personal level here in the industry, what you see here at VMworld. Probably something that people take for granted, especially if you're in the VMware ecosystem, like this is something that is very mature and has gone a long way. Even if you have the best solution on earth, if you don't have the right way to tell the story or you don't have the right inroads to channels or partners, that is the way that you get started and it is just the cycle that builds on itself. You have to have the Lighthouse customer that in turn tells their friends that it's okay. You have to have a set of partners that can get you into the market and give you the right level of scale without building up a big force. So it's really how do you get started that is something I think underappreciated by companies that are big. All right, final, final question is, what's it take on VMworld this year? Oh, it's fun to be here. I certainly always come here and my favorite part is always the solutions exchange. Actually, my favorite part's a cube. My second favorite part. Good save there. That was close one. No, I love going to the solutions exchange and you see, I mean literally, you see hundreds of companies that are telling you where the future of infrastructure is and part of it is the VMware ecosystem. The other is that this is the rallying point for infrastructure innovations. And what theme is the most important that's going to be the most resonant this year? Well, a lot of people jokingly have said this is storage world actually because there's so many announcements and that definitely is true and a lot of great stuff going on there. I actually really excited that KIT has brought in the DevOps push here and I think it's, again, we're coming from an infrastructure angle. This is not the developer community but I think the awareness that this team and this group of people administering the world have to offer up the things developers want is a really cool theme and I think you're going to begin to see more and more talks. I think there were 60 something talks tagged as DevOps talks here. So that's probably a changing theme and something I really like. Yeah, I agree. We're big fans of the DevOps. Eric Nielsen did a great job putting that together. Thanks for joining us on the cube and also giving the keynote back on the stage here at VMworld, back in the limelight. Back in business. It's good for deal flow. Okay, this is the cube. Of course, we're extracting the signal from the noise here. I'm John Furrier with Dave Vellante, Steve Herrod, former VMWare CTO, now venture capital set general catalyst. One of the best in the business. It's a sight to have them on the cube. Thanks for sharing your insights. We'll be back with more after the short break.