 And we're rolling. Hello everybody. My name is Michael Wait from Red Hat and we are here today with another edition of our OpenShift Commons Briefings, The Operator Hours. I'm going to do what I always like to say. Can you share my screen? And hopefully the screen is indeed sharing. And I'm going to just pop this up here today. We have Breton Tibernane, the CEO of Tigera has been gracious enough to join us on the TV show. And he's going to be talking about probably one of the most important considerations for customers moving workloads into production in multi-cloud. And that's security and observability with their Calico Enterprise product for OpenShift. I'm going to now stop my screen sharing and Breton, how are you this morning? Excellent, Mike doing really well. And you are West Coast, Santa Clara? That is right. Yes. Yes, San Jose, California, yes. What do you folks talk about in the morning when the weather is the same every day in Perth? You know, one thing we've had to be sensitive, especially the recent snow storms is to stay off the topic of having good weather in California. So we try not to talk about it. It's going to be an early spring here. We had probably 12 inches still on the ground. I'm here just north of Boston, but we actually are getting up into the 50 degrees. It's downright balmy. So, anyways, welcome and thank you for joining us. As I said, you're the CEO and president of Tigera. You folks have been work will not you, but your engineering and product teams have been working with us now for quite some time. For testing and certifying your software along with OpenShift to make sure that. It's really well integrated. We have a have that chocolate and peanut butter, better together story for end customers. So. When they, when they want to go ahead and deploy OpenShift and production environment. A lot of the considerations for day 2 supportability are greatly eased because there's there's things like what you folks are going to talk about here available for that. You folks have built an operator. It is certified for customer production use. It can be made. It is available in the in the red hat container and operator registries. So what with that? I'm going to be quiet and say hello to you or time. How are you? Excellent, Mike. Thanks a lot for having me here. So how are things at Tigera? Very well, very well. You know, last year was difficult for a lot of us going into last year, especially it feels like just about 12 months ago when we hold into the pandemic. It was a lot of uncertainty and I've got to say looking back. I'm just delighted that first the team did a fantastic job navigating that uncertainty and multiple dimensions. And we had just a fantastic year. We just closed out our fiscal year on January 31st. We had one of the best years ever in the history of the company. We blew past all targets to get incredibly happy customers and expansions are outstanding. So, so it is done extremely well. I could not be more happy with that. I remember when I think it was, it was March of last year and everybody was getting ready for coupon, which was going to be in Amsterdam. And, you know, I do marketing activities with our software partners and we're putting together. All right, what are we going to do and who we're going to do it with and, you know, we had our budget all allocated and we were working on putting together. Some really exciting customer workshops and some, some, you know, dinners for customers and partners and then the whole concept of like. Canceling was the first time I'd ever experienced that and I know I was greatly concerned about what was going to happen that year from business and, you know, how do we, you know, is everyone just going to stop buying or is, you know, what's going to happen. So it's really good that that these, you know, challenging times your company was able to actually, you know, succeed in. Yeah, absolutely. In fact, now that you mentioned it, it brings back memories. We wouldn't exactly the same boat. We, you know, we were going to have a pretty big presence at cube con in Europe. We'd all booked our tickets and so there was this period when we were trying to figure out what was going on. And you could recall it was quite a bit of chaos just in terms of lack of information at that time. But I remember thinking at that time and in our business, as you know, you've got to be there at cube con right. It is one of the most sacrosanct shows there. But I remember thinking that's leading back and saying boy, you know, if I have to make a decision is going to be based on that just the physical safety of people and I made a decision. Before the show got canceled said saying that you weren't going to go. And I mean, in hindsight, it turned out to be right. But I've got to say, it was pretty chaotic at that time and given the lack of information. Well, I'm really looking forward to when we can get back together in person. I think I think 12 months of 12 months of zoom meetings and virtual conferencing and can you see my screen and, you know, how many times has everybody heard, you know, hey, you're on mute. Right. I mean, it's like people don't have those problems when we're in person. So I'm really looking forward to being able to get back out there with an interact with people. So. Calico. Tigera. Let's just assume that not everyone is familiar with with project Calico. What can you tell us about it? Yeah, project Calico is the leading solution for Kubernetes networking and security. We've been with a gold standard. We've been out there in the market for about five years right now. We have users in 166 countries using it. We power over a million nodes, soft and run for over 10 billion hours. We considered the gold standard in the space, all the districts, all the major cloud providers, all of them use it for their own Kubernetes deployments. We power the largest Kubernetes deployment to the planet. We're very deeply proud of that. Perhaps the thing we're most proud of is the fact that when you ask for feedback from users across these 166 countries. And this is going to sound a little strange and partly spooky, but they all use three words to describe Calico. And they all say it just works. And first time I heard it said this can be a coincidence like how are different people in different countries using the same words. But that's really what's helped us drive adoption through word of mouth. People use it to solve these problems around security and networking. And we've got an incredible adoption across multiple data planes, EVPF, one of the earliest people to roll out a EVPF solution, the next channel, and more recently we rolled out a video solution. So you said networking and security. And I've been here at Red Hat for 20 plus years working with software partners for all 20 of those years. When people say security, there's endpoint security, there's secret security. We have lots and lots of various different software companies that provide various different security solutions. Where does yours fit in specifically Calico? Is it Calico Enterprise? Yeah, Calico Enterprise and also we just launched something called Calico Cloud, which we'll talk about in a few minutes. But to answer your question, very simplistically, there are four problems in use cases we are solving for customers. First is when you establish an OpenShift cluster, you've got to immediately solve the problem of North-South security. How do you publish services? What do you give access to? And anything sitting inside your cluster? How does it access external services? That's the North-South security. And every company in the regulated industry has to have some form of East-West security inside to be able to isolate workloads and white label what can talk to what. So that's the second piece, the East-West security. The third piece is most large enterprises or even medium-sized enterprises have their own specific security controls they want to establish within Kubernetes. But that's what we do. And some of them, depending on the industry, they have various compliance requirements. This could be as simple as encryption or could be PCI, HIPAA, SOC2, and we help enforce that. And the final thing is observability, which is once you put these applications in production, even for a modest footprint of microservices, it can get pretty confusing very quickly when things don't work because Kubernetes does such a wonderful job of abstracting. But when you're trying to debug, that can create enormous challenges. So those are the four challenges that we solve for customers. I was going to say, so the technology that you folks are bringing to market with Calico is not something that's just natively part of Kubernetes. What about Red Hat's product, OpenShift? Does Red Hat have something like this? Or what's the relationship between Calico and our OpenShift container platform? Yeah, so we have a tight integration. We build Calico in a prize. We build an operator, same thing with Calico Cloud. We've integrated the solution very well together. So the relation, if you flip it around and you look at it from a customer's angle about what challenges they're trying to solve. I mean, Red Hat, OpenShift, probably one of the best Kubernetes solutions are there in the market. You've got an incredible footprint. You land all these accounts. But as soon as customers try to move applications into production, they hit a series of challenges around security and compliance and DevOps and troubleshooting. And those are the sets of problems that we solve. And so it's a very complementary solution. And customers really, we've got a lot of joint customers and we're working together on a number of new deals also with your sales team. I wanted to remind everyone that we are, yes, we're live here on the Red Hat Blue Jeans platform. It's a wonderful platform. But we're also streaming live on Twitch, on YouTube and on Facebook. So people watching, if you have questions, please feel free to put them into the chat window down below. And then our producers will make sure to pick up those questions and get them over here. And we'd like to have this be as much of a dialogue as possible. I mean, we don't like to have our speakers come on and death by PowerPoint. Okay, here, let me, let me read these 35 slides to you. So we actually did just have a question come in, Ratan. And I think it, I think it's probably something that we should, we should talk about. So Rama says, when you say East West security, are you talking about node to node, pod to pod? Question, Mark? Yeah, it's only both and it's, it's a little bit more than that. So we can actually establish the East West security first at the application level at the container or the VM level. Our technology works across both those, both those form factors and then also at the host level. So we can actually establish East West security and very fine gain controls across all those three levels. And part of the reason is that it's about the defense in depth because you have to assume that at some point, you know, things are going to get compromised. And then the big question is, how do you limit the blast radius at that point? And depending on the sophistication of the customer, they want to, they may want to make it as fine grained as possible. They take it all the way to an application down to segmentation at the HDDB, HDDB as, or maybe even take it down to application protocols like the MongoDB or something like that. And the beauty is you can actually wrap all this into a declarative model where someone upstream the developers or the DevOps teams can actually program the security, so to speak, in high level constructs. And they can decide how granular they'd like to make it. Okay. Just one more question as a follow up to that one. So, and actually you and I were talking about when we were going over this concept and I was asking you, I'm like, okay, well isn't isn't all this just in open shift already and you were like, no, Mike, it's not. And that's one of the reasons why, you know, we have been working so closely with you folks to have this all tested and well integrated. So the next question was, what does Tigera provide? Excuse me. My eyes aren't quite as good as they used to be. Don't have my glasses on. What does Tigera provide other than what is already provided by Red Hat's open shift offering, i.e. Istio, Stack Rocks, so forth. Yeah, so it's really what I had spoken about before when you review and maybe later on, Mike, I can maybe just put up one slide. We don't want to put up slides here, but maybe I'll put up one slide to visually describe that later on. But there's a level of detail in terms of not so security, Istio's security and the compliance and also we've got a purpose built IDS IPS for this and the observability solution. All that is complementary to Red Hat open shift. In terms of Stack Rocks, Stack Rocks is a pretty outstanding solution for container scanning. That's where the routes were and that's an important problem that has to get solved for customers. That is not something we do. So that's the complementary solution Stack Rocks is. Okay. So what do you do? Let's kind of get down to brass tacks. Okay, no, sounds good. So it's pretty straightforward at a 40,000 foot level. We are really solving the problems of security and observability. Mike, this may be easier to describe through just a visual slide. Is it okay if I just put up one slide? Yeah, sure. Please go ahead. Okay, let me see if I can get this to work. Look at that. Good thing we practice this, huh? I know exactly. All right, so let me just kind of get you oriented on this to answer your questions. So, you know, there are different distros. Obviously, we've seen large customers have one of more of these distros open shift being the standard really in the market. So the four pillars I talked about are not soft controls, east-west control, security compliance, observability, and we're just going to walk you through this to answer your question of what do we do. The first thing is as soon as you get an open shift cluster up and running, you've got to be able to establish egress access controls like which of your services do you advertise and which work from outside world can talk to it is a big challenge. And same thing egress is about something sitting on your cluster. It's trying to access external resources. Maybe it's trying to access and SAS application like Salesforce. Maybe it's trying to access an API like Twilio. So you have to make real runtime decisions about what can get access to what an external world. And you have to be able to establish very fine-grained controls. So that's the egress egress controls. And the DNS policy is about being able to configure a lot of these rules based on DNS policies because most customers when they move their applications to Kubernetes, they don't want to refactor them, especially with those applications. And you've got to be able to establish these controls at the DNS level. The other part is whatever your opinion may be about firewalls and sims, the truth is most enterprises, they have firewalls and sims and they're not about to go away. So you have to be able to talk to them and integrate with them. And one of the big challenges in this world is firewalls just speak a different language. They like static IP addresses. So how do you integrate your Kubernetes cluster to talk to firewalls is an enormous challenge enterprises struggle with. So all these problems we still solve under the not-sought control bucket. In egress control, we talked about it a little bit, especially through the regulated industry or anyone who cares deeply about security. Because once a workload is compromised, everything is fair game inside the cluster. So our philosophy is defense in depth. So we can protect at the application level at the service controls. We can do micro-segmentation at the container or VM level. We can also protect at the host level. We can segment at the host level. And as I said before, you know, it's all about limiting the blast radius if something does get compromised. And it really depends on the sophistication of the customer, how fine-grained they want to make these controls. You can go all the way down the dialogue to be a zero-trust model pretty easily. And we have automated tools that can configure policies for customers without them having to do any manual work and then put it in staging. Security compliance, you know, a lot of customers we are seeing, they want to encrypt all data in motion. So we've got a wire guard solution, blazing fast. We've got a purpose-built intrusion detection and prevention. And just to give you a little bit of a teaser on this, on the intrusion detection, we do some pretty creative things. We deploy honey pods, which are really fake pods with applications, services like EngineX running on them. And any traffic we detect to them, we can automatically then inspect the traffic, do a deep packet inspection of that, run a start analysis and figure out if, you know, that is actually being compromised. And if so, we can in near real-time isolate this workload and quarantine them. And when I say near real-time, I'm talking about like 45 milliseconds. And then depending on the customer's industry, they may have compliance requirements, any one or more of these standards of DCI, HIPAA, SOCTRA, GDPR. Observability is really interesting. We are just now starting to see customers get to some level of scale, and most of the solutions of the market were designed for static VMs, and Kubernetes being so powerful, the level of abstraction it provides, the legacy tools are simply not effective. So we've got a purpose-built solution for observability where we can show you literally in a few seconds after you activate our software, a dynamic service graph about which microservice is talking to which other microservice. Just that itself is a geographic movement because most platform engineers running clusters and OpenShift don't know what's going on inside that, and we can show them in real-time what's happening. And we can actually help identify performance hotspots within that to tell people where the problem areas are. Because there's no sense in throwing data at people, it's just overwhelming. Cognitively, it's impossible to make sense of the data. So you need some form of machine learning to identify where the potential issues are. And if necessary, we can give people the ability to double-click and look at the application, the process, the socket, or even crack open a packet and see what's inside a packet. So we give them extremely powerful tools to be able to debug applications. And everything you see here runs across multiple clusters or multiple clouds or hybrid cloud. And this entire thing, our philosophy is that we want to shift left and empower the developers and the DevOps engineers to be able to self-serve any combination of this or better still integrate this into their CI CD chain so that the entire thing is automated. So that's a little bit of a mouthful in terms of what we do, Mike. So Ratan, while you have this up, so what about customers who aren't ready to move into the cloud right now? I mean, there's certainly some people who for various different reasons are like, you know, cloud's interesting, but for right now we're staying right where we are. You list here multi-cluster, multi-cloud, hybrid cloud. What about for those customers who are staying put where they are in their data center right now? That's a good question. You know, a lot of the Fortune 500 customers we work with, they're actually starting in their data center and then maybe they have future plans to move to the cloud. So everything you've spoken about here works on-prem. I thought so. And then as far as... Sorry, Mike, one other thing I'll answer, I didn't mean to interrupt you there. That was fine. There are a unique set of problems that, to your question, when customers are on-prem, especially the larger customers that OpenShift are serving, they're running into a very unique set of challenges that are specific to on-prem that you don't run into in the cloud that have popped up that we are actually effectively addressing. And really those are around high availability, right? And specifically what that means is when they're putting mission-critical applications on OpenShift, they want to be sure they have an SLA they're accountable for, whether it's four minds or five minds. And so they have to guarantee the high availability and they have to be able to sign up for the SLA, which means it has some very specific implications in networking. And we solve those problems for high availability networking through some... Not to take you down a path of fancy acronyms, but there's a door-to-door solution that we provide for our on-prem customers that enables them to deal with these applications for the SLA that they need to. We just had another question come in and I'll bring up their question and I'll hold on to mine because I'm trying to make sure we can take care of the guests of the show here. This is for Ratan. This is from Wallet. If I have a cluster with OpenShift SDN, how easy is it to migrate to Calico? If I already have workloads and pods already have... Excuse me, if I already have workloads and pods already have been allocated IP addresses and space from the original SDN? Let me read the question one more time. Sure. So let me answer the first part of the question. I'd say in general, the first part of the question, we do that all the time. Customers using OpenShift SDN, we help them migrate to Calico. That's pretty straightforward. The second part, I'm going to just have my answer. I don't want to misspeak. It's probably something we can have one of our solution architects look at and answer on that. Okay, fair enough. So my question was going to be, lots of customers are looking at Kubernetes. I think anyone who's not evaluating it or at least thinking about it is probably a little bit behind. OpenShift seems to be one of the mainstream platforms that people are looking at as well. What's involved to get Calico up and running on an OpenShift cluster? Are there teams of professional services people that need to come in and take over someone's labs for a month in order to get this working? And how does the operator that you guys made fit into all of this as far as installation, configuration, and then ongoing usability and configuration change management and stuff like that? So it's kind of a two-part question. Sure, yeah. So I'd say the first part, I want to be careful because in my response, we have common customers who are Fortune 500 customers, so obviously there's quite a bit of complexity given their environment. But in general, to answer your question more generally, for someone trying to get something up and running as a pilot in their lab or something like that, we've actually made that entire experience self-service where someone could come to our website, sign up for a 14-day trial, and we would actually enable them to self-serve and just through a few clicks in a few minutes get Calico Enterprise or Calico Cloud up and running in their OpenShift cluster. Now, if you look at the spectrum of someone running at scale, a Fortune 500 company running OpenShift, mission critical applications, thousands of them across 10,000 nodes, obviously there's a level of complexity associated with that. The second part of your question at an operator, so one of the early adopters of Operator, we've adopted it fully and I mean, you're an expert in the operator, so all the goodness that comes with the operator, so we've embraced that and you know, you get that with Calico Enterprise in terms of being able to make sure that you have the latest and greatest and all the dependencies and all that stuff gets fleshed out. I think it's a great model. We had another question from Rama come in and I think we may have just addressed this because I think my question and his were very similar. Let's just check. Is installing Calico as simple as installing the operator and enabling it for namespaces? Yeah, yeah, no, it is. And again, the proof point is if you're referring to Calico open source or Calico cloud, we've now had people, especially Calico open source, when I opened I said, hey, we have people in the 166 countries use it and trust me, when I tell you they are not calling outside. We will not be able to actually support them if we had to actually hand hold them in the departments. Okay. If there's any other questions, please put them into chat. Otherwise, we can continue on with our regularly scheduled programming here. So we've already talked about, we've already talked about the technology, but you know, when customers are moving from the data center into multi cloud, there's different types of problems that arise, certainly different than just running in a data center. So, can you just kind of share with us like how you folks solve those business problems for customers looking to really fully embrace multi cloud. And I don't know if that's different if we're talking about public cloud as well or a true, you know, multi cloud environment. Yeah, so it's interesting and I'll give you an example I can name the customer, but they started with their on-prem cloud and then they went to AWS, Azure and Google. So they have this four cloud strategy. And so the first business problem is, you know, to implement, let me step back. You know, the reason people choose communities in the first place, what we've seen at least the primary use case for why do people choose communities. It's actually to provide a layer of abstraction on the infrastructure so that it gives them the flexibility to move to different infrastructures and not get locked into a specific cloud vendor. Because, you know, Kubernetes ironically is not getting, the primary use case is not for orchestrating containers at scale that Google is, no one has that kind of a scale. The primary use case is abstraction. So the first problem they run into is, you know, when they are deploying to the cloud. So if they start to use some of the native controls for security or usability or any of that, it kind of defeats the purpose because you're still going to get locked into that specific cloud vendor. So that's the first thing, right? So you not only need to provide abstraction at the compute level, but you also have to be thinking about how do you abstract at the security level, the networking level, the observability level. Because unless you have solved all those problems, you're not going to get the portability and prevent the lock-in that you were seeking in the first place. The second thing is a little bit more of a practical problem, which is if you have different controls for each of these, now you need different teams to operate them. And that's an enormous cost that they have to carry across and not to speak of training their own users. So some of our customers, they've actually taken this all the way to self-service where they give their own internal users the ability to provision clusters through a self-service catalog. So someone can come in and say, hey, I want to provision an EKS cluster, an EKS cluster, and all this is happening through self-service. And when they do that, they also need to enable security. Security then gets baked in as part of that so that when a cluster gets spun up, depending on who it is based on our back, the cluster gets spun up, the right security controls get provisioned, and that will happen across any cloud. So you don't have to have a different user experience depending on which cloud it is. So those are some of the challenges that people are running into that they're trying to solve. And then the same thing applies to observability. It's like if you have a different experience when you go across different clouds to be able to debug your application, it creates complexity. And to provide like a single pane of clouds that it gives you the ability to locate your dynamic service graph across any cloud or on-prem, a mix of them, and to be able to double-click down to the application level, process level, socket level, or even do a packet catcher. I mean, think about it. How wonderful is it where you're going to cluster running somewhere in a cloud in some region and you as a software engineer have the ability to do a packet catcher in real time. I mean, that is so part. Okay. Thank you. We have been jumping around and I do encourage more questions. So thank you for that because we, like I said, we didn't want to just show up and run through some slides. When we were going through our dry run the other day, we were talking about Ingress, egress access, and, you know, frequent security concerns for Kubernetes apps. Can you talk about what that means? Yeah. Yeah. So in really plain English, Ingress is, you know, you've got a bunch of services running in inside your OpenShift cluster. You have to advertise to the outside world who in the outside world would get access to these services. So that's those are the Ingress controls you have to establish. And needless to say my, the firewalls, the technologies we've all used so far for the last 20 to 30 years are not effective because firewalls are really effective dealing with fairly static workloads. They deal with static IP addresses and the world of OpenShift and Kubernetes. Everything is dynamic. You really don't have the notion of a static IP address. So there's an incongruity between, between those two models and you just need a different architecture to solve that. And that is the Ingress part of it. The Ingress part of it is, you know, and some of this in hindsight it feels mindingly obvious, but most customers going into this journey were not aware of it. And let me give you maybe a real life use case. One of our customers two years ago, they actually deployed the Kubernetes cluster and they had to, it was actually a fairly large size company. They had to integrate into Facebook. One of the applications sitting in the Kubernetes cluster had to integrate to Facebook to publish some data. Then they discovered that once they enabled that integration, anything sitting inside the Kubernetes cluster would have access to Facebook. And needless to say that level of access can be quite damaging if there's a mixed alteration of data. So then they realized that they have to provide some extremely fine-grained access control. They say only this specific application gets access to Facebook. So that's a very simple example of egress access controls. And to be able to do that at different levels, maybe at the part level, maybe at the microservice level, or maybe a specific API you want. External access is really, is really about the egress access control. So those are the two problems that customers run into really out of the gate. I know we used to address that back when Linux was the only game in town. I think with SE Linux around fine-grained access control for processes. So it's almost like SE Linux for multi-cloud? Yeah, I know you could say that. I grew up building Linux so I can definitely relate to that. It was a lot simpler then. I mean, right now when you think about it, we are talking about a cluster of Kubernetes running multiple nodes, each node's multiple containers inside running different microservices, making API calls. And there is a distributed operating system, very powerful, managing and orchestrating this whole thing. So yeah, you could say that, take that concept, apply that at a level that's really the challenge we're talking about. And I think probably the big difference between the world maybe you and I just spoke about is the level of dynamism, right? Everything is getting spun up and spun down dynamically and all this is stateless, right? And so that's what causes a lot of these challenges that we're talking about. Okay, we got a couple more questions that came in here. Let me see if I can, let's see. Okay, so let's do Ramas first. Does Tigera provide anything more than open source Calico, other enterprise solidified? Yeah, no, it does. So first with Calico, what we do is we solve the networking problem and also some level of security problem. The slide I put up a few minutes ago that talks about the knots out controls, the east-west controls, the security compliance controls and observability. All that is in the commercial product called, we have two commercial packages, Calico Enterprise and Calico Cloud. So all of that is really in the commercial product built on. So the beauty is someone who's using open source Calico with a click of a button, they can actually activate either Calico or Cloud or Calico Enterprise. And really try it out by themselves without they were talking to us or already paying for it. But yes, this really quite a bit in the commercial packages on top of open source Calico. Okay, and I actually did have a note here. I was reading your press announcements about three weeks ago about Calico Cloud and I did want to bring that up here. But I also want to make sure we address some more of these questions that are coming in. We like to dialogue. While it says, I apologize if I'm mispronouncing your name, I would take your opinion on differences of install environments. Does it make performance differences if I'm installing on top of the hypervisor, e.g. vSphere, public cloud versus installing on-prem or bare metal. All these network layers, do they add latency? Yeah, I mean the simplistic console all of these, I do think they definitely add latency. There is no doubt about it. And this is where we are actually actively working, especially given that we are one of the first players to embrace EVPF and we've got an incredible solution around that. There are optimizations that we are looking at to further reduce some of the latency and cut through some of these layers of abstraction. So the simplistic answer is, I do believe it does create a performance difference. And you have to be mindful about how much of latency some of these issues, some of these layers to create. I know that our engineers came to me, I think it was back in November and Red Hat's working on this network latency project, if you will, called Submariner. I don't know if you've ever heard of that. But that's certainly something maybe, you know, our customers have been coming to our engineers and services team saying, you know, we need to figure out this whole networking latency thing for multi-cloud. Maybe I can connect you up and you can have a conversation with our folks working on Submariner. Because it is, and I can, I don't have the link here. I don't know, Cyrus, if you're on, if you can find that blog that we put together around Submariner project and maybe drop it in chat, that would be pretty cool. Michael, I suspect the Submariner you're talking about is really a standard for multi-clusters, I believe. Yes. Yeah. And if so, I need to go back and check, but I do believe we've actually implemented something, I think it is with Submariner for the multi-cluster. At the same time, I do feel like those standards are starting to still get solidified. The ground is still moving underneath us. Okay. And yeah, it looks like Wallet is also correcting me as well. Thank you for that. Let's see. Thank you. One more question. I would lose my OpenShift support if I install Calico Community Operator. I would lose my OpenShift. I mean, I don't want to speak for the Red Hat team. I don't know the answer to that. That answer would have to come from the Red Hat OpenShift team. Yeah. And I'm not on the OpenShift team, but I have been around here since 2002. And I'll tell you that we get questions like that all the time. The reason why we work with software vendors to test and certify their software is so when it's running in a production environment, you don't have any surprises, right? So we have a collaborative support arrangement in place with Tigera. If you're running Calico with OpenShift, whether it's OpenShift OCP-4 or greater. And there's a defect repair. You know that Red Hat is going to take care of our software and Tigera is going to take care of theirs. If you're running a non-supported community addition and it breaks, well, you get to keep both pieces. So I don't know that you would lose support from Red Hat for OpenShift, but we would ask you to reproduce the problem with one of the certified pieces of software that Tigera provides. And then, you know, if it's still reproducible, then our support teams will work on it together. I hope that answers your question a little bit. And my email address, by the way, is just wait at redhat.com, W-A-I-T-E at redhat.com. I'm more than happy to get anyone on the call or on Facebook or Yahoo or Twitch here today connected with people to talk about that, you know, in more detail with our product teams. I know I'm an expert on TV, but in real life, you know, let's see what I lose. Thank you, Michael and Ratan. Okay, well, I guess they're good there. And again, any more questions, please drop them in. So Calico Cloud, you guys announced that on the end of February, third week in February. Oh, and it looks like Cyrus just linked the Stateful Workloads blog that we did. That's part one, Cyrus. There was a second part that we did around distributed clusters. I think we did it with Cockroach Labs, so it should be part two. Maybe you could drop that in there as well. These are good reads. If anyone wants to read about what we're doing around Submariner, please feel free to check it out. Rafael Spazzoli is a good friend of mine and he's the, he's the services lead on that. So Calico Cloud, three weeks ago, everybody's launching a cloud offering these days. How is yours different? What is it? Yeah, so, you know, let me spend a few minutes about the genesis of why we launched Calico Cloud and our vision for that. So the last couple of years, you know, we've spent focused, our go-to market was focused on going after the Fortune 500 companies. We've had a lot of success with that. They've closed some incredible deals in partnership with the Red Hat OpenShift team. We worked together, we're very proud of that. But when we looked at that, we kind of asked ourselves the question, why are some of the Fortune 500 companies seeing success with both Kubernetes and OpenShift and what's unique about them? It really came down to three things. One is to state the obvious, you know, they have very deep pockets. So they, you know, they were able to invest quite a bit of money just in those projects. Second is they had the ability to attract a lot of great talent. You know, you need the talent to be able to launch these Kubernetes projects and take this to scale. And the third is, at least from our lens, from a security perspective, they had incredible depth. They've accumulated about maybe two decades or three decades worth of expertise around security. Again, mostly because of necessity. They were the targets of every hacker on the planet. If you're a Fortune 500 company, one of the largest banks, it's safe to assume that, you know, you're being attacked thousands of times a day. So they had those three areas of expertise or resources because of which they were able to deploy Kubernetes and take it to scale. So what we did with Calico Cloud and the vision for Calico Cloud is we packaged up a lot of the best practices, the lessons we learned by helping these customers take it to scale. And then our vision is to go make that available package to the next 10,000 companies. You know, maybe you're a small company. Maybe you have 500 employees in the Midwest. You don't have access to technical talent. You don't have millions of dollars. You couldn't write checks for. Wouldn't it be great to get the same level of security and observability that a Fortune 500 company, one of the largest banks on the planet has. And that's our vision for Calico Cloud. And you can activate it in minutes, literally a DevOps engineer with no background in security could activate that in minutes over the lunch break and have it up and running in any cloud, any network, any infrastructure with, you know, with OpenShift or any other Kubernetes distro. And the beauty is they only pay for what they use, right? So they're no long term contracts and they just pay for what they use. So that's the vision for Calico Cloud. And they get to try it before they use it. They don't have to make long term commitments. And it's entirely self-service. We have nine minutes left and we have probably done about three of the prepared questions that we had put together here for talk tracks, which is really good. I'm actually quite pleased that we didn't have to just sit here and I ask you a question. Are you guys hiring? I was looking on your website this morning and there were job postings just kept scrolling off the page and they were in Ireland and Israel. And I'm guessing like, you know, marketing is in California engineering in Israel and Ireland. I mean, what things must be really humming along over there. Oh, yeah. We are literally, you know, compared to where we exited this financial year on January 31st, we are doubling and we're doubling literally in the next like 90 days. So we are hiring at that pace. And the places where we are hiring are Vancouver in Canada and then also in Cork in Ireland. Those are the two places and it's just not and we are hiring for all roles, engineering, customer success, sales, marketing, developer advocacy, you're hiring in every single functional area. So our biggest impediment to growth right now is the ability to really bring on great people. Yeah, no, that's usually the talent thing and I'm guessing everything. I know we have IBM bought us what two years ago now and we've got almost 390,000 employees. The Red Hat piece is about 17,000, but we are 100% remote. Are you guys 100% remote? Right now we are out of out of necessity with the pandemic going on. We are, yes. Okay. We already talked and I'm going to put up a slide at the when we come to the end with the link to downloading your software. If people want to get it, it's easy to go there and just pull it down. What didn't we talk about that we were supposed to talk about here? I kind of wanted to talk about Tiger Summit that's coming up in June. Probably don't have a whole lot. I don't know how interesting that is for the people on the call here. Yeah, and while I can't speak to what IBM is doing, I'm sorry. I'm not an authorized person, but Red Hat is Red Hat, right? So there's IBM and then there's Red Hat and we are definitely running our own things underneath the IBM umbrella. What do you want to talk about given that we've got a couple of minutes here and we can take a couple more questions and actually Wild looks like he's going to be going to your summit. But if you want to talk about the summit, what is it? Yeah, so summit. So we are hosting a Kubernetes Security Observability Summit where we expect to have, it's not going to be a Tiger thing. It's more about bringing in people from the community and talking about best practices from practitioners who have actually deployed implemented things at scale. Fantastic learning opportunity with expecting several thousand people to attend the summit and it's all going to be educational. It's not going to be marketing speed from Tiger, right? So we'd love for you to attend that. The details are on our website. Check it out. The second thing I'd probably talk about is, you know, just, you know, the incredible collaboration we have with the Red Hat sales team. And really the reason for that is given the footprint that the Red Hat team has on the market, they probably are already there in every single account. So they're not going to have trouble landing these accounts. With the common pattern we are seeing across the sales organization in Red Hat days, after you've sold the first set of licenses of OpenShift, the customer then struggles with a bunch of problems. And without solving those problems around security or observability or DevOps, they will not expand. And the real money and the real opportunity for OpenShift is really an expansion and not the land. The land deals are very modest. It could be a $50,000 deal or $100,000 deal. But the expansions usually are in the millions. And what we do at Tiger is effectively unblock those problems and unlock the expansion opportunity. And specifically, that's around high availability is one of the most common use cases we're seeing. And the second thing is security and the third is observability. So that's the thing to highlight. And the last thing else is we're just delighted to be working with incredible people in the Red Hat organization. We partner pretty closely with the sales organizations, Scott Sager and others in the finance vertical. And every day that partnership is getting deeper and better. Right. And when we're done here today and you get that phone call from your VP of marketing and he or she or maybe it's John or someone like that. And they say, I can't believe, Ratan, you were on there for an hour and you didn't say the phone. Is there something that will prevent that phone call that you want to get in here in the last couple of minutes? Yeah. The only thing I'd say is, and one thing we're going to take care of is about education and training the community. We believe that if we actually give to the community, the goodness will come back to us. So we have some fantastic training educational resources. We get great reviews about it. As an example, we have a Calico certification program where someone was trying to reinvent their career or learn new skills and learn about Kubernetes. We take them through the paces, teach them about Kubernetes and networking and security It's a self-paced course and that's one of many we're about to launch. So I'd say check that out. Every week, twice a week, we run training sessions. These are live sessions. So check those out. Those are opportunities to learn. We have a fantastic e-book again that gets rave reviews. It's been downloaded thousands of times. Again, talks about the fundamentals of Kubernetes security. And we're about to launch another e-book at on Kubernetes security and observability. And so our belief is we have to educate and train the market. We don't subscribe to the traditional forms of marketing. We have a fantastic CMO who really embraces developer marketing. So I'd say what he would say is, hey, have you have you called out all the wonderful training resources and education resources on our website. If you haven't had a chance and I think Wajid just made a comment about the e-book. It looks like Wajid has read the e-book and we've got a real-time endorsement here. So check out those resources. They're all free. And trust me when I tell you that they're not trying to do any of the traditional marketing stuff. They're purely meant for education. Okay. Well, very good. Thank you for joining us here. I have the call to action slide here. Let me just start from the current slot. Oh, gosh, dang it. There's got to be a better way in blue jeans to synchronize screen sharing and presenting in open office at the same time. Yeah. There we go. So Ratan, CEO of Tigera, thank you so much for joining here today. Tell John, thanks again. I know that he said he was going to hop on as an attendee, but it's really great to have you on the show. Hopefully you can be part of our podcast series coming up. I don't know if John talked about that, but you folks can check out the Red Hat X podcast series. Send us some ideas if you want to talk about ideas you may have for doing a podcast on our podcast series. You can certainly do that as well. It's just Red Hat X podcast series. And you see we've got hundreds of our software partners all talking technology. Learn more about Red Hat and Tigera partnership. You can see we've got the link on here and presumably the link for downloading it for people to try it out is there as well. And I'm sure that you have some workshops for town where people can do a sort of like a deeper discussion with your team around, you know, Calico and the problems that they're facing in the in the multi-cloud. Absolutely. So we have a lot of those resources on our website. We'd love for you to check those out. We have actual live labs that you can get access to. Okay. Very good. We're done here for today. Thanks everybody for joining. And thank you again, Ratan, for being here and representing your company. Good stuff. Thank you so much, Mike. This was fun. Thanks for the opportunity. Bye-bye.