 Live from Miami Beach, Florida, extracting the signal from the noise. It's theCUBE, covering .NEXT conference, brought to you by Nutanix. Now your host, Stu Miniman. Welcome back to SiliconANGLE TVs, live continuous coverage from the Nutanix .NEXT conference here at the Fountain Blue Hotel in Miami. Second day, just had Dr. Condoleezza Rice giving a keynote to an audience of, it's almost a thousand people here at the show talking about geopolitics and the state of security, and it's only appropriate that my first guest for the morning, we're going to talk about the changing state of IT, of networking and security. We've got Alan Cohen, who's the CCO from Alumeo, and we've got JR Rivers, who's the co-founder and CEO of Cumulus Networks. Gentlemen, both cube alums, really appreciate you coming here and joining us for the segment. Thanks for having us this morning. Yeah, fine, look forward to it. Yeah, so before I start, I tell you guys, I was actually a little surprised to hear that both of you were going to be here. When I look at the ecosystem that's at this show, it's not just like, oh yeah, hey, we sent some people to have a booth and have a presence, it's big platinum sponsors putting some dough in to be part of this change, and people instrumental in starting some other companies that are helping to try change IT. Maybe JR, start with you, what brings you and Cumulus to this event? Right, so I have a history and a legacy with reasonably large vendors to customers in the IT space, and what you recognize in that context is it's really, really hard to provide reasonably innovative and broad brush solutions to customers because reality is just too much in-fighting. Everybody's worried about their own issues and concerns and revenue streams. It's hard to do anything thoughtful or broad, whereas if you look at the modern ecosystem that's forming around IT, it's very much a loosely coupled, peer and partner-driven ecosystem where you can work with a company like Lumio on a certain customer base, and maybe there's a slightly different solution than different customer base wants, and it's okay. And we all recognize that this is what's going on. That's what's really exciting to me. I mean, I agree with JR, so from my perspective is we're going through a replatforming of the IT stack, of which I think Nutanix has done a great job of becoming a leading proponent for the change from the last generation of client-server architecture, more of this distributed computing, and funding coming out of the keynote. I think the reason why JR and I and other folks are here today is that we have overlapping interests and making these solutions come together for customers and while they are loosely coupled, and when you get to the customer, they actually have to work together and they have to solve the same challenges, so I think that's why you're here to see more of this. Yeah, so thanks, Alan. You're bringing in some of the words of Dr. Rice talking about that overlap of interest, saying that it's not about fighting over who gets what piece of pie. I mean, we've been talking for a couple of decades on, you need to get over the, I win, you lose. It needs to be partnerships, the advice we always give IT today is you need to find somebody that can be your partner on this journey of transformation. One of the big pieces talked about was cybersecurity, Dave Vellante tweeted out that the next war is a cyber war and boy, global economics and global security is a hot topic, Alan, what's your take? You were in the keynote. Well, I mean, obviously we agree with Dr. Rice, I mean, and then from my, from Loomio's point of view, we live it every day. First of all, the war's already started. We're not coming to a war in cyber. There is an IP war that's been gone on for a long time. Now it has a national security implication. It's interesting if you look at something like the founding of West Point, the first discipline that was taught at West Point was civil engineering. And if I think when you look at where we're going to see our next generation of national, first of all, nothing ever goes away. If you look the next generation of national security, information security is going to probably, information technology is going to be the core technology platform that runs through our military institution. So I think it's not a surprise that you're going to see more conversation and participation between government and private industry folks like us on cybersecurity. But honestly, every day people are fighting this war in the enterprise customer base, everywhere. It's kind of pervasive and do a little bit of research and go back and figure out what happened right around Christmas, this past Christmas time. Sony PlayStation was attacked by, was purported to be a bunch of North Koreans, but it wasn't, it was a bunch of kids. But they brought down one of the most pervasive gaming platforms for three days. And it ends up in the end, it wasn't about, did we have the bad firewall, did we have a bad, whatever it was, their application didn't have the premise, wasn't written with the premise of somebody might come after us and try and take us offline. Companies like Google and others have been dealing with this for a long time, as Alan pointed out. Enterprises in general I think are a bit immature because they think of perimeter security as the way that they're going to solve these problems as opposed to applications whose first stopping point is aware of what you expect and you have application gateways and you distribute security throughout your system. And I think you're going to see a lot more of that coming into play, framework for people to build on that, customers becoming aware of those constructs as they deploy their IT systems. I mean, if I could jump on that, and thanks to JR, because actually he was delivering. I'm sorry, man. No, it's good, I missed it, you picked it up, I think it's great. But it's, you know, when people create applications, right, so one of the things I think that Newtonics guys have been talking about that making infrastructure invisible and putting applications at the front of how you think about your technology. To JR's point, things like security are going to go into the DevOps cycle, right? They're not going to be like somebody builds an app and then they toss it on a bunch of infrastructure and then they secure it later. That model is broken, gone, and you know, in five or 10 years it's going to be over. So you're going to start with the application and the user as the front and all those other elements that are playing security built into it. Yeah, it's interesting, you know, JR, I think in the network space, there was a discussion of Huawei on the question, said, you know, a Huawei wants to be a global leader, but you know, here in the US and a couple other countries, I mean, you know, I always joke, John Chambers, you know, the two things he'd been trying to do the last few years was repatriate his money and make sure that Huawei stays out. You know, he did, he's done okay on the second one, but you know, you guys help great software that can run on lots of hardware. Can I trust hardware from China? Can I trust hardware that could have something baked in by some national security person? There's been, you know, firmware, you know, baked in, we're finding out in certain devices, you know. Where's the trust there? Well, it's interesting because the trust can be layered, but inevitably when you buy an appliance, a piece of hardware with all the operating software that's built into it and you can't change it out, there's a reasonably high probability that whoever developed it could insert a security, you know, intrusion device. They have complete control and they have no requirement to reveal to the world what's going on inside that platform. When you have a piece of hardware that's open, like a server you might buy from Dell, people put hypervisors, applications on top of that, so they have a reasonable amount of control. As you pointed out, you have a BIOS, you have BMCs, there's other ways you might be able to sneak yourself in and I think what happens over time is more and more of that gets peeled away so that it can be replaced by customers with high security risk. Cumulus Networks, our networking stack is built off of open source technology and what's fantastic about it is it allows customers visibilities to what's going inside of there. Everything can be traced back, the code is available, it can be dipped against what's accepted and understood, so customers have a traceability all the way back to source, which is fantastic. Most customers don't want to compile from source, they just want to be able to use this stuff. This is not their top thing, but they can trace back, there's an audit trail. Super, super important. Yeah, Alan, yeah, I'm sure you have some position on open source and you know. Well look, open source is a way of life, right? I mean, we have an open source society, right? That's what Dr. Rice was talking about, but we still manage to keep our country secure so you actually have to live in it. Maybe just to build a little on JR's point, the traditional data center security was built around a choke point firewall, everything went in and everything went out. The threat environment now is shifted, the things actually happen in the interior of the data center or the interior of the public cloud and spread out. So from a security model, as JR said, you're going to need checks and balances at every stage. In our world, from a Lumeo's point of view, is every workload, every computing process actually now needs to be inspected and protected, right? So you're actually in a world that's more open, you actually have to become much more distributed in your ability to enforce security. So if something happens on a piece of hardware that's bad, you want to see it right away, as opposed to waiting until it leaves your data center and goes to the firewall. In most of these hacking incidents that we've seen in the large retailers and the electronics companies, the malware was able to run for weeks and months before anybody caught it. That meant the window, the attack surface was very broad and number one and number two, the window for exfiltration was very long. So the shift's going to be that you're going to have be able to inspect things all of the time and in real time and that should help in some part kind of ameliorate when something bad happens that you can take action right away as opposed to waiting months later when somebody finally tried to pull something outside the firewall. Yeah, you know, you bring up a really good point. We're going to have Alex Colby from CoreOS on a little bit and one of the principles that they do, which I want to get your viewpoint on is, you know, when I install something, it should just upgrade. You know, I shouldn't have to patch it. Just like Chrome, it's like what version am I and I'm on the latest and that then therefore pushes the security fixes and therefore I should be more secure. We think that IT, you know, should, you know, get to that model much more, but there's always some trade-offs of course. Is it going to break something in my environment and, you know, do I need to do testing or can I be, you know, more modern on that? Maybe JR, you know, the networking space, you know, boy, I used to install a switch and I'd leave it sitting there on the same code for years. Set it and forget it. You know, oh my God. There's always this kind of classical trade-off. You know, when we've developed our networking stack and in fairness, a lot of the modern, you know, products in this space, you have the ability to patch the OS. So when there's a security, you know, risk or security opening that's been recognized in the open source community or any community, whatever, you can go through, get the fix, put the patch, make it available on the website. That's interestingly enough in the world that we live in. It's like a four-hour problem nowadays, which is fantastic. The downside is that there was some period in time where that opening existed in customers' environments. So the ability to get that patch, put it on, is pretty high. The downside or the thing to consider inevitably when you look at infrastructure is that when you upgrade Chrome, Chrome will take itself down, upgrade itself, bring itself back up and reopen your web pages. Pretty straightforward exercise. When you look at infrastructure devices, it's not quite as simple. You know, if you have a networking device like the world we live in, you know, there's traffic that's being pushed around and if the upgrade takes three or four minutes, then what are you going to take yourself offline where that's going on? And what you recognize is technologies like Chrome or any other operating system type upgrade, they literally kill themselves. They disable, they shut down other applications. They shut everything down, they come up from a new state. They don't try and do this in sort of a hitless upgrade cycle because that's typically pretty dangerous and fraught with peril. I mean, from a security point of view, our perspective is that security has to be adaptive in real time. It's a little bit different. One of the reasons we built Elumio, not integrated into the infrastructure is two reasons. One is that whether the infrastructure is up or down, your security has to keep running and if it sees an incident in real time, it needs to be adaptive. And the second one is you're not going to own your infrastructure everywhere, so you might be building a data center on top of Nutanix and JR is providing the networking stack for that and it's great, but then you have some of your workload sitting in AWS or Azure, you got to be able to cross those infrastructure boundaries. Putting it obviously, in this case, infrastructure really becomes much more invisible, but you have to adapt in real time. And what we do is we instrument the native security capabilities that are in the operating systems. One of the myths about Elumio is, oh, you guys are an agent. We're not an agent, right? And you know, it's because that's a bad word, right? But it's actually, you have to use your computing technology and as it's running in real time to be able to deal with the security threats. So, you know, you're from storage background and you guys, and this is from our point of view, your database needs to be stream, not batch, from a security point of view. You can't wait to push upgrades, you actually have to deal with things real time. So I think you're going to see the concept of stream, just like you see DevOps and continuous delivery and application, the infrastructure, the security and the rest of the stack is going to also move to more of this stream environment in real time. So, a big announcement this week was the Acropolis hypervisor and really the ability, you know, down the road that Nutanix says we can really give you flexibility in the multi-hypervisor, even multi-cloud world. So if I'm on VM, I might be able to want to go to containers, I might want to do something in Azure or AWS. You know, what's the impact on your guys' world on that? I'll take this one first. We're actually indifferent. We run across all of these platforms. That's the vendor answer, right? Actually, the truth is that, and I think this what's going on this is we're going through this re-platforming as people are finding much more efficient ways to run their compute. To me, the Acropolis announcement suggests that if you're building your security or you're part of your computing stack around a single infrastructure, meaning like a hypervisor, so you're just building it around ESX, you're tying yourself to that and the world's going to be a lot more fluid. What I think the Acropolis announcement did is it took that decision out. So it's not, I'm going to do this and I can't do it. It's like, pick whatever one you want. We're actually going to abstract that and make it simpler. So I actually love that announcement. To me, the hypervisor is kind of like the new Ethernet switch, right? And it's like, it prevarves a really important function. He's actually a new Ethernet switch. I know, I get it. Right, yeah. So, but it's like, it's really like an Ethernet switch. It's not this great control point. I do everything around it. And by allowing it to do what it's supposed to do and do it well and removing all that kind of gorpy control plane overhead and all those other functions, they're actually going to make, I think they're going to make a lot of the computing a lot more efficient and they're going to make it a lot less painful for the users. So whatever innovation you decide to plug in, whether it's CoreOS, whether you decide, hey, I'm going to go with Cumulus for my networking stack, they're going to just make that much more API-centric, much more plug and play. I think it's a great announcement. Yeah, I'm with you, Alan. When you look at infrastructure, it doesn't have to be contained. You don't have to own it in all cases. In some cases, you want to maybe take it off site, use hybrid cloud. In some cases, you might have a workload that works better in an ESX environment or maybe better in a KVM environment. And trying to tie yourself all the layers and assume that it's kind of homogeneous as a flawed model going forward in the new IT buildup. So I think it's fantastic being able to provision hardware platforms to leverage all of the hypervisor layers, the storage layers, and then the applications live on top of them. I mean, you know, Stu, so I would say here first on theCUBE, and I'm going to ask it to you as a question, I'll throw it back to you. What happens if the new enterprise stack is not a stack? It's not a hierarchical construct, which is what the traditional vendors fight over, like how much of that hierarchy they can own and monetize. Once of it to JR's point is a much more loosely coupled, distributed computing stack where I plug in capabilities from who I think is the best partner for the workload or the application that I'm trying to run. So we're going to go from hierarchical to distributed. So to bring it back to Dr. Rice, she's talking about a post hierarchical order that's built on overlapping interests and people are going to mash together and work together on certain things and others will work with somebody else. That's what the computing stack's going to look like. And I think things like Acropolis are going to start to become the gateway drug for allowing that to happen. Yeah, no, we absolutely, we've been talking more about its platforms with extensibility. I mean, you take AWS, you know, we interviewed it there. So when you actually did your launch there, AWS might be a bit controlling and they're tough to partner with, but boy, they are standard out there in the industry. Nutanix is looking to see how they can connect and partner with that. So anybody that thinks they're going to own the whole stack is really fooling themselves because things are changing too fast and to innovate, you need communities, you need ecosystems and open sources playing a big part of that. So. I think this is organizational dynamic that becomes pretty apparent in that by having recently small groups that go out and attack certain pieces of the stack, you know, they're called the broken down or decomposed stack, you're able to get really great solutions that then can live self-contained by themselves, fit in with the other players in this space. Whereas if you have one company trying to deliver the whole thing, suit the nuts, it's almost an impossible task. And you know what, it's funny, we had that company, it was called IBM, right? I mean, they did everything and you know, in a very constrained computing environment, it's terrific. Given the diversity of applications, workloads, devices, customer uses, it's a myth that somebody's going to recompose the stack and own it. And I think the large companies or even small companies that think they're going to do it, they're going to lose. Yeah. I love, my CTO, David Floyer, was watching some of what we're doing and he said, for vendors, when you fill out an RFP or customers, when you build an RFP, he said, have you ever provided in any government the ability to compromise security? Yeah, but we answered that question out loud, it's going to be our IP, right? So I don't think I'm going to answer, it's up to you JR. Yeah, I guess the last piece I want to kind of fill out the discussion with is this big discussion about changing applications. For so long, we've had really infrastructure has been the boat anchor to prevent us from changing our applications. I think back, David Floyer educated me, he worked at IBM many years ago and when you built a database, you knew what infrastructure was there, so when you would, how many processes you could run, what expected wait time you have, your infrastructure was the limit and today you talk about more distributed, cloud native applications, if you will. There's that change, where does that discussion fit in for Nutanix and for you? Well, what's happened, physical infrastructure has gotten to the point now where it's no longer bottlenecked. I've been in IT for quite some time and they're very, very early days. Taking a server and trying to load down an ethernet was next to impossible, you need 10 or 20 to load down a 10 megabit ethernet. Now you can buy a modern server and pump 40 gig, almost 100 gig out of it without a big problem. So, capacity starts to solve a lot of the world's evils. So as you increase compute capacity, increase bandwidth capacity, you allow the applications to interact with each other in a way that they're not, they don't have to know the infrastructure because there's no fundamental infrastructure limit. Sorry, I'll let you give your look off. So, when you look forward, I think it's just only going to continue. You know, you have 10 gig and 40 gig on the ethernet side, you're going to get to 25 and 100, you're going to get to 100 and 400, same thing's true in the context of flash. You're looking at flash, latencies, and capacities that are blowing through the roof. You're making it so that you don't have to worry about your infrastructure. It allows you to simplify the physical part of it. You have transit through the world that's phenomenally fast these days. People are building massive wide kind of WAN backbones, whether it's an AWS or a Google or Apple or any of the carriers. So, you're starting to see infrastructure, physical limits not being important, and what becomes important is, what can the application scale out to and how well do they do it? You know, I'll ask the question a little different. So, I'm a big JR Rivers fanboy, right? And I remember reading an interview with JR Rivers a couple of years ago, and it was somebody describing, the first time JR reached over to their laptop, they were configuring a cumulus switch, and he showed them bash, right? And I remember where it was, it was years ago. And if you think- I think it was a wired interview. It might have been a wired interview. Yeah, and if you think about it, the concept that I would bash over to my networking stack versus CLI, so I think we're going through a rapid modernization program from developers outward into the computing infrastructure, and so the big change is going to be, so yeah, all that capacity is going to be there, all that bandwidth, I mean, Amazon's going to provide you fairly infinite temporal workload if you need it, if you're that, or Nutanix is going to just scale your data center from the inside out. The question is going to be, is how does your application life cycle change in that world from the first time a developer starts to set up an app and they spin up a virtual machine and they start to write those first couple of lines of code against it, and then how does it pervade through? I think it's going to be a lot more streamlines. It's going to be much more API-centric, right? We're starting to see now IPOs of API security companies, right? So the API is actually the new, probably one of the new battlegrounds. So I mean, we're moving kind of to an application in developers' world and from guys like us who've been in the infrastructure world 25 years, like if you're not there to serve them, you're going to be the rear dog in that dog's leg. So I think it's going to change dramatically. So we're getting the hook. I want to give you guys the last word. Tell us kind of, you experience at the show, conversations you're having, give some people some flavor of the first dot next. Yeah, I think Nutanix has done a fantastic job. It's a very customer-centric show. You know, we're running into customers here. I hear them, excuse me, I hear them talking about their challenges, how they're getting past it, how they're building into the new world. And so it's less about, in my view, selling to them, but just listening to what they're talking about. So I love the show. I hope they continue the theme and the spirit around it. I mean, my closing to this, like, dear Raj and the whole team here, they should be incredibly proud of what they've built in a very short period of time. This is not, I mean, this is the beginning of a movement, right? This is not like a ham. This is, I've got some better box or something like we've traditionally seen in the industry. This is going to be about a different approach to computing. And, you know, my suspicion, there's 800 or 1,000 people here. Five years from now, there's going to be 10,000 people at this event. And, you know, it's thrilling to be at one of the early ones with a customer base that absolutely loves what they're doing. And the second thought is like, this is a platform company. We're all kind of participating in that platform with them. So it's just going to get wider and it's going to get bigger. So it's very exciting. All right, I wish we had a little bit of time to go into some of the Wall Street angles, being a startup and what's happening there. Some stuff going on in the Wall Street Journal and, but people will hit you up on Twitter, I'm sure, read some of the stuff that, you know, you're both writing online, but Alan and Jay, I really appreciate you taking time out of your schedule to come here. Great conversation. Always great when we catch up with you. No cube. Thanks for having me. Thanks so much. At least the Kraken and the, you know, Rocket Turtle. Rocket Turtle. Rocket Turtle, yeah, exactly. So we'll be right back. Lots more coverage here from Nutanix.NEXT Conference in Miami. Thanks for watching. We'll be right back.