 Let's go, extracting the signal from the noise. It's theCUBE, covering VMworld 2015. Brought to you by VMworld and its ecosystem sponsors. Now your host, Stu Miniman and Brian Gracely. Welcome back, I'm Stu Miniman and my co-host for the segment, Brian Gracely, and this is theCUBE, SiliconANGLE TVs, live flagship product, extracting the signal from the noise here at VMworld 2015. Excited to have back a repeat guest, Dom Delfino. Last time we talked to Don, he was working for Cisco. And now, Dom is the SVP of Worldwide Systems Engineering of the VMware Network and Security Business Unit. Dom, welcome back. Hey, Stu, how are you? Brian, good to see you, bud. Yeah, great to see you. All right, so I got a couple of former Cisco guys here. We're going to talk basketball, football, or I think we're going to talk networking security, unfortunately, because that's just kind of geek I am. Okay, great. So, Dom, I made a comment two years ago when Pat and Martine got up on stage and they said, we've got the largest collection of network architects out there because we've got more virtual ports in VMware than anybody had. And I said it's an interesting talking point, but most of the virtualization people weren't thinking that much about the network. They were handing it off to the network team. Sure, there was the V-Switch and everything like that. Fast forward two years and networking's pretty important part of the conversation here. Maybe you can give us a little bit of the update as to where we are with NSX and networking for VMware in general. And going back to that point, Stu, I think it's actually, I remember hearing that, right? And not being on this side of the fence, but I remember hearing that. And what is interesting about that statement is whenever we design and architect networks, right, we're always trying to push the services as close to the edge as possible, whether that be campus, a WAN, a data center. And when you think about that, the edge is either the user or the application. And I think in the construct of virtualization and the construct of cloud, which sort of implies virtualization, the edge is no longer the physical access layer of the physical network infrastructure. It is the V-Switch and the V-NIC. So it is the optimal place to deploy services. And obviously one of the big components or the many components of NSX is the distributed services that we provide, whether it be distributed virtual switching, distributed logical routing, distributed firewalling, load balancers, et cetera, so on and so forth. So really there was huge advantages to having that presence and that real estate inside the host because you have a view not only out into the network infrastructure, but also up into the host. And you know about things like users and files and what's being accessed. So it really allows you and enables you to do many, many, many more things in a much more automated fashion and you could do historically with physical ports in the network infrastructure as well. Yeah, so I mean, Dom, you know, networking's a complicated beast. If I looked at the announcement this morning, boy, there was a lot there. Maybe can you give us the 6.2 is kind of the major update? What was announced this week and kind of the maturity of the product? Yeah, so great points too. 6.2 is a pretty significant release for us. Not only in the context of features, but also in the context of scale and reliability and quality. We've really been taking feedback from our customers. Obviously there's a lot of tie-in to vSphere 6 and the ability to do things like long distance vMotion. You saw our demo of cross-cloud vMotion stew. That's a new one, huh? You like that, didn't you? Yeah, I like it better than fog computing. You like it better than fog across cloud vMotion. But I think we're also very, very focused on the operationalization of network virtualization and our customer environments as well. So you see things, a lot of fun in the industry about they don't have the diagnostic tools and the troubleshooting tools and the telemetry. And now you see us implementing things like a central CLI. No, capabilities that were always there in tools like VR ops, we're bringing to the network administrator in a manner which they're consistent of using it. You look at technologies like our ability to extend the micro segment now to a bare metal server, beyond the bounds of virtualization. You look at the ability to do things like trace flow where I can now do a packet walk through both the virtual and the physical network end to end and look at each step along the way in case I'm having some troubleshooting issues there as well. So it's really significant for us as our customers implementations get more scale. They're finding more and more use cases every day to really continue to give them the technologies they need to operate this at scale as well. So one question, then I'll let Brian jump back in here. So... He's hitching over there. Yeah, I know. So Dom, one of the challenges is we know change in networking takes a long time. When I usually draw out those charts as to how things, even just speed changes, it's usually talking decades. So last year, when Martin on the queue, he said, we're now, we're really starting to get production. Customers are using it. It was 150 customers with the number last year. The latest number I heard was 700. You said you're getting a lot of feedback from your customers. So what's the reality? Are we making progress? Where are we with the customer adoption point? Yeah, so it's a great point. So yeah, we've gone from 150-ish customers to north of 700 customers in the past 12 months, north of 65 customers who spent more than a million dollars on NSX and some of them, well more than a million dollars on NSX as well. And I think what you said is very relevant, right? I think we've gone through this, two waves of virtualization, consolidation, and then mobility workloads and into cloud. And not much has changed from a networking perspective. And I think this has been a huge pain point for customers. You know, I heard it when I was on the other side of the fence, you'd walk into a customer and they say, I could spin up a VM in 15 minutes. It takes me four weeks to get services from my networking team. And it's not because the networking people are dumb or lazy or because they don't have the budget, it's because the tools that they have and the architectures that they're handed to don't enable them to have that type of agility. And really, this is what software brings to the tables to do. It allows you to instantiate these things on demand, grow them, shrink them, remove them. Who removes firewall rules, right? Nobody ever gets rid of them. So I mean, and we can talk about the security aspect of this because that is also a massive pain point for network administrators as well as security administrators as well. So you guys are selling a network solution, a security solution, it's tied to virtualization. When you have an NSX customer now, what is the team? Is it the network team? What is that team now? What have they evolved to become? Cause there's still, there's all the routing stuff, there's all the security stuff but there's also that physical stuff underneath. What does your customer call themselves when they're using NSX? So it's a great question, because 10 years ago we didn't have cloud teams, right? Now customers have cloud teams. And I think you'll see customers in different phases of organizational transformation that we all go through as technology evolves. And sometimes you walk into a customer and there's a networking guy or gal and security and storage and computer virtualization. Now I think you're really starting to see the shift to infrastructure architects or sometimes they'll call themselves enterprise architects. From an application's developer's perspective or from the application perspective itself, infrastructure is one thing. If any component of the infrastructure breaks, the whole infrastructure is broken and the application residing above it and then the business depending on it as well. So I think people really now realize that it's fairly critical that they not only have deep domain expertise in one discipline, but they have a really good working knowledge of the adjacent disciplines with an infrastructure as well. And I think that people also realize that having the knowledge to provision and configure something is not as valuable today as having the knowledge to automatically provision and configure something. So skill sets continue to evolve in this industry, right? And if they don't, you'll probably be out of a job pretty soon. And I think that core networking expertise is still critical, having a stable, robust, reliable, physical network infrastructure is still very critical. And I think people realize that in order to take advantage of some of these capabilities that you've got to change and they've got to become a little bit more cross functional than they have been historically as well. Yeah, Dom, can you walk us through, I'm sure every customer is different. What's the typical customer look like though? Is this large enterprise, you have service providers, does it get down into the mid-market? You know, what's that customer look like? So I think we tend to sell NSX in very horizontal use cases. So it's not specific to a customer segment or vertical. We've got very large massive service providers, some of them you know as well, very large financial accounts, all sorts of government agencies, whether it be intelligence or defense or civilian agencies, retail customers, banking, healthcare, higher education, K through 12. So it applies in every vertical. And I think what you're seeing is three major use case areas for NSX. The first one being network automation, right? And that sometimes in the context of network automation, sometimes in the context of infrastructure as a service, private cloud, developer cloud, platform as a service. And you know, those things are obviously very, very important to those customers. And depending on what scope and scale they want to take it to, they can do that. The second major use case, which is about at this point an equivalent size and scale business to the first use case is the security use case, right? And I think that customers are facing a massive challenge today. You know, the big breaches that have been exposed have actually brought a lot of attention to this, not only with an IT stew, but this is now a boardroom discussion, business discussion, line of business discussion because of the impact that some of these companies have had. But I think there's really two major problems that they're trying to address. And everybody has some form of a segmentation initiative underway. And really what they've recognized is that the propagation of large flat layer two networks has significantly increased the size of the attack surface in their infrastructure. And the second thing being this majority of firewalls still deployed today on port-based firewalls. And if I mask my malware in a port that you have opened through the firewall from a host that I've compromised, I could simply walk through your firewalls from tier to tier of your network. And this is how they're doing that. So how to deal with that from a traditional networking and security tools perspective is extremely painful. And customers embark on segmentation initiatives, they try the traditional tool sets and they can get some segmentation, they can get some isolation, but they hit the point very early where A, it's very capital-intensive and B, it's operationally infeasible. Yeah, so yesterday Pat was showing or they were showing multi-cloud cloud to cloud V motion from V cloud air back to a private cloud data center. The reality is the market for cloud is much bigger than V cloud air. Amazon's legitimate, Azure's legitimate, Google's legitimate. What's the NSX team doing? How do you guys think about helping customers extend secure networking out to those clouds as well? And I think it's a great question, Brian. So Guido Appenzela, our CTO who you know as well as Stu actually demoed earlier today the ability to move a VM into AWS while maintaining both its network policy, its IP address, and as well as its security policy as well. So, you know, and I think we have the technical capacity and capabilities to deliver that through other cloud providers as well. We have many cloud providers. I think you're going to have one coming on after me here who's actually one of, is an NSX customer as well. I've got a major cloud provider from a big brand who just vMotioned a customer's workload from their Dallas data center to their New York data center last week as well. So I think you'll see this technology continue to evolve. Obviously the first step being us being able to move workloads across longer distances, right? Within a customer's own infrastructure or from a customer's infrastructure to our hybrid cloud offering with V cloud air. But I think, you know, as the technology continues to develop and evolves, this is certainly a feasible option, the ability for us to take workloads, move them into the cloud and move them amongst different cloud providers while maintaining the network policy and the security policy as well. So I'm curious Dom, you know, how many customers are starting to not just do NSX as a standalone project, but doing it as part of their larger transformation? So specifically, I guess I've talked to VCE and how they're putting the NSX in there. And of course the announcement this week for what's coming out in 2016 with the Evo SDDC. You know, how much is that going to play into the NSX adoption? Yeah, I think most of the customers doing network automation today, it's tied to a much bigger initiative, right? So, you know, they don't just want to automate the network, they want to automate the entire infrastructure and the application development, lifecycle and everything like that as well. So, and you know, but it also can be a brownfield technology. So many customers are going in, if you're running vSphere 55 update two, the Vibs for NSX already existed in there, you can implement micro segmentation but not even rebooting a host. So it's tied to new initiatives, it's tied to existing brownfield implementations, it's sometimes tied to broader initiatives. There's many, many ways you can utilize NSX. So obviously some of your competition likes to beat you guys up about overlay and how do you manage the underlay and how do you manage, what do you tell customers when you start thinking about, we talked about, you know, a cloud infrastructure team and where is that today? Yeah, you know, Brian, I mean, let's talk to the first point, right? We've been running overlays for 25 years. IP over eight frame relay is an overlay. IP over ATM is an overlay. IP over MPLS is an overlay. They're running VXLand, they're running an overlay in their own institution. So I think that, you know, running overlays versus not running overlays is not even a question at this point anymore. I think most customers have accepted that you're going to run some form of an overlay in order to take advantage of, you know, software defined networking and what we consider network virtualization. I think, you know, as they implement it, they start to understand that the operational tools and the capabilities are there, your ability to do diagnostics and telemetry and use existing tools like they have today, Gigamon and Cascade and native integration in other underlying physical network infrastructure platforms like Arista and Brookade and Juniper and HP and Cumulus are there and these things work. They work very well and they scale very well. So it's not a barrier, you're not seeing it as a barrier. No, I, you know, that might have been a barrier a year ago to 18 months ago. I think more and more they've tried not doing these things and they're not advancing the ball. So now they understand that, you know, this is a different approach, it's a different architecture fundamentally, but it's an architecture that we've seen succeed in other areas of technology. So I think the resistance is getting less and less and less over time. So, Dom, where are we with the kind of the barrier and the limitations between physical networking and virtual networking, you know, kind of that transition to help fix networking for the virtual environment, as I guess. Yeah, and I think Stu, it's a great question. I think it depends, it does depend on the customer and the use case, but I think that we are, you know, certainly if you look at the massively scalable data centers out there, you look at the Googles, the Facebooks, the Amazons, the Microsofts, you know, they've done as much as possible to simplify the physical network configuration and abstract some of the functionality in an abstraction layer above it in software because it gives them more agility. If you look at how we do it in X86, you don't have a feature tied to a platform-dependent operating system tied to an ASIC or a chipset tied to an underlying hardware platform. You don't have that anymore. And, you know, we moved away from that. That was the mid-range computing days, right? That was Solaris and AIX and HPUX. And by and large, we moved to, you know, a disaggregated architecture where I could take advantage of the innovation cycle of each one of those layers of that architecture independently of each other. And customers get that. They buy that today and they understand that that's going to give them feature velocity and innovation at a speed and a pace, like we've seen on the server in the compute side as well. All right, so, Dom, I'm curious, you know, when you talk to some of the industry watches out there, that whole SDN wave, many people say it just hasn't materialized. I mean, 700 customers is good, but, you know, an ACI has its place and it has its customers, but some people say, well, we're onto the next cool flashy thing there. What would you say to people that's... So, you know, it's a good point. And, you know, I got to blame you for some of this, Stu, right? I got to blame the media, the technology media. They come up with these terms and it's all we talk about. So, one of the challenges when you talk about SDN today is you take all these vendors and you put them in the same bucket, right? But when you peel off the covers and really look at what all these vendors are doing, there might be some overlap, but there's also varying ways and approaches. You know, NFV, is it WAN focus, is it campus focus, is it academia focus? And I think, you know, sometimes it's like comparing apples and bowling balls, saying I'm going to take SDN vendor one and pick them against SDN vendor two, because the solutions tend to be very, very dramatically different. So, I actually think, you know, while the media hype and the buzzword bingo of SDN might be, you know, calming down somewhat, the implementation phase is just ramping up and it's actually accelerating. So, if you look at the number of customers that we're growing by on a quarter over quarter basis, if you look at the number of customers moving in production every quarter as well, I think we're really just starting to hit the acceleration phase of that. So, last year there was a big announcement about VMware integrated OpenStack. Right. It's part of your business unit. The NYSERA team brought a ton of, you know, contributions to OpenStack experience. Where are we with OpenStack? You know, sometimes we hear various things, we'll hear different things at the OpenStack summit. You guys obviously have a very strong network play in OpenStack, what do you see from customers with OpenStack? You know, it's a great question because I think customers have actually learned something in the past 12 months about OpenStack and, you know, my organization will walk in and they've sort of got a qualifying question for customers to sort of figure out if they really want to implement OpenStack for the right reasons. And, you know, you would go back and talk to customers and you say, why do you want OpenStack? Because it's free, right? I think a really smart guy I know coined this term is, yeah, it's free like a box of puppies, right? So, and, you know, you go to other customers and they'll tell you, you know, I want to implement OpenStack because I want vendor-neutral APIs, right? And those are the customers and, you know, we've had this reset now in the OpenStack world of, you know, why should I deploy OpenStack and, you know, what are the benefits to me as a customer? And I actually think you're starting to see right now, you know, obviously we've had customers running NSX in OpenStack, our biggest customers are running NSX in OpenStack environments. We're seeing good traction for VIO as well in our customer base and there's many advantages to having that, the native vSphere integration in there and all the benefits in terms of drivers and supportive devices and storage arrays that come along with that as well. So I think we are seeing it being adopted more and more in the enterprise and, you know, we're going to have customers with multiple options, right? And the ability to use OpenStack is going to be a very relevant one. Yeah. No, I think it's interesting, you said your largest customers are OpenStack customers. So it means, you know, you talked about a million dollar customers, it means it's got to have some level of scale and they've always said the biggest problem with OpenStack is the networking piece. You obviously, for the plugins, can probably fix a lot of those things. I think it's important to get that message out. And VMware is a major contributor to OpenStack, right? If you look at the context of Neutron and you look at the context of Congress and you look at the context of OVS, right? We're going to continue to fuel that fire as well. You know, customers are going to have choice, right? There's not going to be one-size-fits-all solution for everybody in this market and you're going to see a lot more technology coming out of us in the early part of next year in the open source side of the world as well. All right. So, Don, last question. That's my teaser. Last question I have for you. You've got the field SEs out there. Yes. You know, what are kind of the big pain points, the big questions that are coming back from customers that are leading them towards your solutions? You know, I think security is the biggest pain point right now. It would be hard to, you know, not put that as number one at the top of the list. You know, and I think it's also innovation, right? I think so much time is spent by our customers on sustaining the existing environment versus advancing it forward that they're really not able to meet the business needs if they don't change moving forward today. But far and away, security is a much bigger driver than I think most people thought it would be, certainly for us in this industry. I think a lot's changed in the past 24 months and the security landscape, the profile, the breaches we've seen, certainly, you know, throughout enterprises, throughout government agencies. So when my SEs are out there talking to customers, I think, you know, the need is already there. It's about getting through the educational phase of the, it's not, why should I implement it anymore? It's when and how quickly can I get it up and running? So I think that's really what we're seeing right now. All right, Dom, thank you so much for joining us. Always great to catch up with you. We'll catch you on the Twitter, talk about the Yankees and everything else going on. All right, we'll be right back with some more coverage of the networking conversation here at VMworld. Thanks for watching.