 Live from Vancouver, Canada, it's theCUBE. Covering OpenStack Summit North America 2018. Brought to you by Red Hat, the OpenStack Foundation and its ecosystem partners. Welcome back to theCUBE. Here at OpenStack Summit 2018 in Vancouver, I'm Stu Miniman, what I co-host this week is John Torrier. And happy to welcome to the program, first time guest, it's Ann Bertusio, who is the Cata Container Community Manager with the OpenStack Foundation. Thanks so much for joining us. Thank you for having me. All right, it's our pleasure. Ann, containers been a discussion we've been having for a few years now. I remember when we were last year in Vancouver, three years ago, you know, that the joke was it was Docker, Docker, Docker year. So tell us a little bit first, you know, your role, how long you've been with the foundation and what you're covering there. Absolutely, I've been at the foundation for going on three years at this point. You know, the Cata Containers Project we announced in December, it's come up and come in there as the community manager, kind of helping them figure out, since December to the launch now, in less than six months, we had to figure out how are we going to work together, how are we going to merge two code bases, and we have to create a new open source project and a new community. So leading that has been a big part of my work. So there's a whole track on containers now. Give us a little bit of, you know, flavor for our audience that couldn't be sitting in the keynote and attend all the sessions. You know, what were they missing? Absolutely, I think the major theme was security. Maya, she's a PM of security at Google. She opened it up saying containers don't contain. I almost wish we had been on like a game show, but containers don't contain. That was the theme of the day. And, you know, we talked about where did Cata come from? Cata came from how do we answer that question? I think people got so excited about performance and portability about containers, we forgot about security a little bit, and now we're seeing some of the ramifications and it's time to make this the year of security. So you talked about bringing two code bases together. Can you talk a little bit about kind of what some of the ingredients are here that we, to get to our dish that we find the Cata containers? Absolutely, so we had Run-V from Hyper and we had Clear Containers from Intel and they both looked at things a little bit differently. Like Hyper has a frack de-implementation that was really critical to their customers. Clear Containers is coming a little bit from Run-C, Vert Containers. And what we arrived at for 1.0 is an OCI compatible runtime. It's going to put a lightweight VM around your container and we're thrilled to look beyond 1.0 into things like supporting hardware accelerators and so it may be just to raise it up one level before we go on. So Cata Containers in some sense, let's just repeat maybe what you said, see if I get it right. It's wrapping a container in a lightweight VM and that gives us the isolation and security that's traditionally associated with a virtual machine with all the APIs and flexibility and performance and all the other goodness of a container. So one container in one VM is the first implementation here. I think the easiest way to think about it, you're talking about Docker, Docker, Docker. So in Cata, really instead of using Run-C as your runtime, we would just say Cata runtime and now we have our Docker containers but they're wrapped in these lightweight VMs, each with their own kernel. Yeah, I think back to the early days when we were trying to figure out what these whole containers were and was that the death of virtualization? It was like, oh, well, you know, VMs, gosh, they, you know, they take minutes to spin up and containers super fast. Security, oh, VMs? Oh yes, there's security there but you know, we need to move fast, fast, fast. So explain how this kind of helps bring together the, you know, the peanut butter and chocolate, if we will. Absolutely, oh, I love peanut butter and chocolate. But that's really what it is. You know, we, like you were saying, virtualization, yes, super secure, slow. Like I think I have a clip art chart with a sad turtle on it, a little bit slower. The containers super fast, we're getting a little nervous about security. I think we maybe C groups and namespaces are good but people who are enterprise environments, they've been putting full blown VMs around their containers because they were saying, well, that's not enough and I need two isolation boundaries, not just one. Right, in terms of some of the use cases then, I imagine multi-tenancy would be one and then perhaps even, I think some of the newest trend of defense in depth of actually even in an individual app putting different zones in different components or different risk zones in their own containers or own VMs, even inside an individual app just making sure that the different components only can talk to each other in ways that they're supposed to. Absolutely, I think it's any time where you're running untrusted code or you have questions about what's going on there or you just want that heightened security caught as an easy use case there. Sure, I guess my VMware call it micro segmentation would be their buzzword on it. Oh, I got to think of what mine's going to be. We can all use the same words, it's good. So Anne, you know, Intel Clear Containers was the piece of this, of course Intel partners with everyone there. Give us a little bit also the kind of the ecosystem and the team that makes this up is this, you know, people out there will be like, oh, well, Docker has their solution and VMware has their solution. How does this fit into the broader ecosystem? Our team is incredibly diverse. I've just been thrilled with 1.0. We had 40 contributors from a good diversity of companies. Architecture committee, it's Google, it's Huawei, Hyper, Intel and Microsoft. And I think we've, I was saying in the keynote the other day, I was on a call for our architecture committee and we had AMD, Arm and Intel all talking about the same solution. So it's the beauty of open source that we've brought all these groups together. One of the things that also struck us, especially if we've been here, the diversity of the show is always really good. The main keynote, it's not, oh, they've brought up some people of diversity. Oh no, no, these are the project leads and therefore they're doing this. Can you touch on some of the diversity and activities at the show itself? In terms of the technologies we're looking at. No, I just, so there's, I'm just saying, talking about the community is the diversity of companies as well as the diversity of people. So we've got lots of the women inclusion, things like that, yeah. Yeah, I know we had, the executive producer of Chasing Grace was here and I know she's been, Jennifer, is it Klauer, is that correct? Yeah, Jennifer Klauer, we actually interviewed her last week at a different show, yeah. Yeah, I mean, she's been, her document has been incredibly well received. I know she's kind of making the rounds to get the word out there about what's going on with women in tech and we were more than thrilled to host her and have her here and be a part of that conversation. It's clear community is a big part of OpenStack, the OpenStack Summit and care of the OpenStack Foundation. In terms of Cata containers, you work for the OpenStack Foundation. Is Cata officially then part of OpenStack or is that have a different governance model? That's a great question. This has kind of been an area confusion because it's the first time the foundation has broken out and there's the OpenStack project and there's Cata containers, the project, but we both live at the OpenStack Foundation. Okay. I think the guiding principles though and it's really helped us over the last kind of four months is that the OSF, OpenStack Foundation, we believe in open source, open design, open development and open community and Cata, we were like, that's a great home. We believe in that as well. And any customers that are yet talking about there, their early usage of Cata that you can share? I think we have a lot of customers from RunV and Clear Containers and Cata is going to be their next path forward. So with 1.0 out yesterday, I'm excited to see, we should see some upgrades real soon here. Yeah. What's the path for them to get from where they are to the 1.0? Is that pretty straightforward? It should be, yeah. We think so. And they have their support from Intel and from Hyper to help them out with that as well. Okay. Is Cata containers, is it integrated in an API or is OpenStack necessary for it or is it completely, is it independent of, from an infrastructure perspective, OpenStack, the stack? Yeah, it's completely independent but it's also compatible. Okay. So you can run on Azure, Google, OpenStack, agnostic to the infrastructure underneath it. Great. All right. And I want to give you a final word, takeaways from the show that you'd want people to have. Absolutely. I think the final word is, containers are fantastic. It's probably time to take a look at your container architecture, think about it from a security perspective and I would encourage everyone to go check out Cata containers and see if that's the solution for them. All right, well, and Berthusio, really appreciate you joining, sharing with us, everything happening. It can work with or without the OpenStack containers absolutely a big trend and by security, absolutely top of mind from everyone we talk to. If it's not top of mind of a company, I'm always a little bit worried about them. For John Troyer, I'm Stu Miniman. We'll be back with lots more coverage here from OpenStack Summit 2018 in Vancouver. Thanks for watching theCUBE.