 Everyone, welcome to the power of N, where HPE, Aruba, and Pensando are changing the game, the way customers scale with the cloud and what's next in the evolution in switching. Hi everyone, I'm John Furrier with theCUBE and I'm here with Shane Corbin, Director of Technical Product Management at Pensando and William Chow, Vice President of Product Management at Aruba HPE. Gentlemen, thank you for coming on and doing a deep dive and going into the big news. So the first question I want to ask you guys is what do you guys see from a market customer perspective that kicked this project off? Amazing results over the past year or so. Where did it all come from? No, it's a great question, John. So when we were doing our homework, there were actually three very clear customer challenges. First, security threats were largely spawned within the perimeter. In fact, forester highlights that 80% of threats originate within the internal network. Secondly, workloads are largely distributed, creating a ton of east-west traffic. And then lastly, network services such as firewalls, load balancers, VPN aggregators are expensive, they're centralized, and then ultimately result in service chaining complexity. So go ahead, Shane. Yeah, additionally, when we spoke to our customers after launching initially the Distributed Services Platform, these compliance challenges clearly became apparent to us and while they saw the architectural value of adopting what the largest public cloud providers have done by putting a SmartNIC in each compute node to provide these stateful services, enterprise customers were struggling with the need to upgrade fleets and brownfield servers and the associated per node cost of adding a SmartNIC to every compute node. Typically, the traffic volumes on a per node basis within an enterprise data center are significantly lower than cloud. Thus we saw an opportunity here to, in conjunction with Aruba, develop a new category of switching product to share the processing capabilities of our unique intellectual property around our DPU across a rack of servers that net-net delivers the same set of services through a new category of platform, enabling a distributed services architecture and ultimately addressing the compliance and TCO, generating huge TCO and ROI for customers. You know, one of the things that we've been reporting on with you guys as well as the cloud scale, just the volume of data and just the performance and scale. I think the timing of this partnership and the product development is right on point. And you got the edge right around the corner, a more distributed nature of cloud operations. Huge, huge change in the marketplace. So great timing on the origination story there. Great stuff. Tell me more about the platform itself, the details. What's under the hood? The hardware OS, what are the specs? Yeah, so we started with a very familiar premise. Aruba customers are already leveraging CX with an edge-to-cloud common operating model and deploying leaf and spine networks. Thus, we're excited to introduce the industry's first distributed services switch where the first configuration has 48, 25 gig ports with 100 gig up links, running Aruba CX cloud native operating system and Pensando A6 and software inside, enabling layer four through seven stateful services. Shane, do you want to elaborate on that? Yeah, let me elaborate on that a little further. You know, as we spoke, existing platforms and how customers were seeking to address these challenges were inherently limited by the ASIC die size and that thus limited their scale and performance and ability in traditional switching platforms to deliver truly stateful functions in a switching platform. This was, you know, architecturally from the ground up when we developed our DPU, first and second generation, we delivered it, we built it with stateful services in mind from the GECO. We leveraged a clean state design with our P4 program with DPU. We evolved to our seven nanometer based DPU right now which is essentially enabling software and silicon and this has generated a new level of performance scale, flexibility and capability in terms of services. This serves as the foundation for our 200 gig card where we're taking the largest cloud providers into production for and the DPU itself is designed inherently to process state, track stateful connections and stateful flows at very, very large scale without impacting performance. And in fact, the two of these DPU components serve as the services foundation of the CX-10K and this is how we enable stateful functions in a switching platform, functions like stateful network firewalling, stateful segmentation, enhanced programmable telemetry which we believe will bring a whole lot of value to our customers. And this is a platform that's inherently programmable from the ground up. We can build and leverage this platform to build new use cases around encryption enabling stateful load balancing, stateful NAT to name a few. But the key message here is this is a platform with the next generation of architectures in mind is programmable at all layers of the stack and that's what makes it fundamentally different than anything else. I want to just double click on that if you don't mind before we get to the competitive question because I think you brought up the state thing. I think this is worth calling out. If you guys don't mind commenting more on this state issue because this is big. Cloud native developers right now want speed. They're shifting left at the CICD pipeline with programmability. So going down and having the programmability and having state is a really big deal. Can you guys just expand on that a little bit more and why it's important and how hard it really is to pull off? I can start, I guess, William. It's very hard to pull off because of the sheer amount of connections you need to track. When you're developing something like a stateful firewall or a stateful load balancer, a key component of that is managing the connections at very, very large scale and understanding what's happening with those connections at scale without impacting application performance. And this is fundamentally different. A traditional switching platform, regardless of how it's deployed today in ASICS, don't typically process and manage state like this. The memory resources within the chip aren't sufficient. The policy scale that you can implement on a platform aren't sufficient to address and fundamentally enable deployable firewalling or load balancing or other stateful services. That's exactly right. And so the other kind of key point here is that if you think about the sophistication of different security threats, it does really require you to be able to look at the entire packet and more so be able to look at the entire flow and be able to log that history so that you can get much better heuristics around different anomalies, security threats that are emerging today. That's a great, great point. Thanks for bringing that extra point out. I would just add to this, we're reporting this all the time when SiliconANGLE and theCUBE is that, the automation wave that's coming around data, it's a center of data now, not data sent as we heard earlier on in the presentation. Data drives automation. Having that enabled with state is a real big deal. So I think that's really worth calling out. Now, I got to ask the competition question. How is this different? I mean, this is an evolution. I would say it's a revolution. You guys are being humble. But how is this different from what customers can deploy today? Architecturally, if you take a look at it, so we've spoken about the technology and fundamentally in the platform, what's unique in the architecture. But foundationally, when customers deploy stateful services, they're typically deployed, leveraging traditional big box appliances for East West or workload-based agents, which seek to implement stateful security for East West. Architecturally, what we're enabling is stateful services like firewalling, segmentation, can scale with the fabric and are delivered at the optimal point for East West, which is through the leaf or access layer of the network. And we do this for any type of workload, be it deployed on a virtualized compute node, be it deployed on a containerized worker node, be it deployed on bare metal. Agnostic of topology. It can be in the access layer of a three-tier design in a data center. It can be in the leaf layer of a VX9E VPN-based fabric. But the goal is an all-centrally managed to a single point of orchestration control, which William will talk about shortly. The goal of this is to drive down the TCO of your data center as a whole by allowing you to retire legacy appliances that are deployed in an East West role, not utilize host-based agents and thus save a whole lot of money. And we've modeled on the order of 60 to 70% in terms of savings, in terms of the traditional data center pod design of a thousand compute nodes, which we'll be publishing. And as we go forward, additional services, as we mentioned, like encryption, this platform has the capability to terminate up to 800 gigs of line-rate encryption, IPsec VPN per platform, state-of-the-art load balancing, and this is all functionality we'll be adding to this existing platform because it's programmable, as we mentioned from the ground up. What are some of the use cases lead? And what are the top use cases? What's the low-hanging fruit? And where does this go? We've got service providers, enterprise. What are the types of customers you guys see implementing? Yeah, that's what's really exciting about the CX-10,000. We actually see customer interest from all types of different markets, whether it be higher education, service providers, to financial services. Basically, all enterprises, verticals with private cloud or edge data centers, for example, could be a hospital, a big box retailer, or a colo, such as an equinex. So it's really the CX-10,000 that creates a new switching category, enabling stateful services in that leaf node right at the workload, unifying network and security automation policy management. Second, the CX-10,000 greatly improves security posture and eliminates the need for hairpinning east-west traffic all the way back to the centralized appliance. Lastly, as Shane highlighted, there's a 70% TCO savings by eliminating that appliance sprawl and ultimately collapsing the network security operations. I love the category creation vibe here. Love it. So the technical and the cloud line is great. But how do the customers manage all this? Okay, you got a new category. I just put the box in, throw away some other one. I mean, how does this all get done? How does the customers manage all this? Yeah, so we're looking to build on top of the Aruba fabric composer. It's another familiar site for our customers. What's already provides for compute storage and network automation with a broad ecosystem integrations such as VMware vSphere vCenter as with Nutanix Prism. And so aligned with the CX-10,000 at GA, now the Aruba fabric composer unifies security and policy orchestration and management with the ability to find firewall policies efficiently and provide that telemetry to collectors such as Sploom. So the customer environments right now involve a lot of multi-vendor and new frameworks, obviously cloud native. How does this fit into the customer's existing environment with the ecosystem? How do they get going here? Yeah, great question. Our customers can get going is we built a flexible platform that can be deployed in either Greenfield or Brownfield. Obviously, it's a best of breed architecture for distributed services. We're building in conjunction with the Aruba but if customers want to gradually integrate this into their existing environments and they're using other vendors, spines or cores, this can be inserted seamlessly as a leaf or an access tier switch to deliver the exact same set of services within that architecture. So it plugs seamlessly in because it supports all the standard control plan protocols at VxLine EVPN and traditional L2 three-tier designs easily. Now, for any enterprise solution deployment, it's critical that you build a holistic ecosystem around it. It's clear that this will get customer deployments and the ecosystem being diverse and rich is very, very important. And as part of our integrations with the controller, we're building a broad suite of integrations across threat detection, application dependency mapping, Siemens or DevOps infrastructure as code tools like Ansible and Terraform. It's clear if you look at these categories of integrations, XDR or threat detection requires full telemetry from within the data center. It's been hard to accomplish to date because you typically need agents on your compute nodes to give you the visibility into what's going on or firewalls for east-west flows. Now, our platform can natively provide full visibility into all flows east-west in the data center. And this can become the source of telemetry truth that these MLXDR engines require to work. The other aspects of ecosystem are around application dependency mapping. The single core challenge with deploying segmentation east-west is understanding the rules to put it in place. Right, first is how do you insert the service device in such a way that it won't add more complexity? We don't add any complexity because we're in line natively. How do we understand and allow you to build the rules that are necessary to do segmentation? We integrate with tools like GuardiCorps. We provide our flow logs and source of data and they can provide rule recommendations and policy recommendations for customers. Around, we're building integrations around Siemens SOAR with tools like Splunk and Elasticsearch that will allow NetOps and SecOps teams to visualize, train and manage the services delivered by the CX-10K. And the other aspect of ecosystem from a security standpoint is clearly, how do I get policy from these traditional appliances and enforce them on this next generation architecture that you've built that can enable stateful services? So we're building integrations with tools like Tuffin and AgroSec, third-party sources of policy that we can ingest and enforce on the infrastructure, allowing you to gradually migrate to this new architecture over time. It's really a cloud-native switch. I mean, you solve people's problems, pain points, but yet position for growth. I mean, it sounds, that's my takeaway, but I got to ask you guys both, what's the takeaway for the customers? Because it's not that simple for them. It's complicated environment. I think it's really simple. Every 10 years or so, we see major evolutions in the data center and the switching environment. And we do believe we've created a new category with the distributed services switch, delivering cloud-scale distributed services, where the workloads reside, greatly simplifying network security provision and operations with the Aruba Fabric Composer while improving security posture and the TCO. But that's not all folks. It's a journey, right Shane? Yeah, it's absolutely a journey. And this is the first step in a long journey with a great partner like Aruba. There's other platforms, 100 or 400 gig hardware platforms we're looking at. And then there's additional services that we can enable over time, allowing customers to derive even more TCO value out of the platform and the architecture of services like encryption for securing the cloud on-ramp services like state for load balancing to deploy East-West in the data center. And holistically, that's the goal, deliver value for customers. And we believe we have an architecture and a platform and this is a first step in a long journey. It's a great way. If I just ask one final question for both of you, as product leaders, you got to be excited having a category creation product here in this market. This big wave, what's your thoughts? Yeah, exactly right. It doesn't happen that often. And so we're all in. It's exciting to be able to work with a great team like Sandu and Shane here. And so we're really excited about this launch. Yeah, it's awesome. The team is great. It's a great partnership between and Sandu and Aruba. You know, we look forward to delivering value for our joint customers. Thank you both for sharing under the hood and more details on the product. Thanks for coming on. Thank you. Okay, the next evolution and switching, I'm John Furrier, here with the power of Ann, HPE Aruba and Pensando, changing the game the way customers scale up in the cloud and networking. Thanks for watching.