 This is VMworld2012, this is SiliconANGLE.com and SiliconANGLE.tv's exclusive continuous coverage of VMworld2012, this is day three. I'm John Furrier, the founder of SiliconANGLE.com and I'm joined with my co-host. I'm Dave Vellante at wikibond.org. We're here with Chris Hoff. You know him as App Beaker. Longtime Cube, Gas Cube alum, one of our favorites. Welcome back. Thanks, sirs. Never a dull moment, Chris. So I got to ask you, you're at Juniper now, you're obviously all over the security space. Last year at VMworld, we asked you, what's the security story there? And it was kind of an obvious question at the time. They didn't have much going on. So this year I got to ask the question, what's going on with security? A lot of announcements. What's the signal from the noise on the security? SDN, I mean that's just gonna be scary. I think there's been a huge misunderstanding. It's actually SDM. Okay. Not N, M. It's M. Software-defined marketing. Ah, there we go. Now the truth comes out. Now they're going to. So I'm gonna find data center now. No, no, I'm looking for software-defined software. Because that's gonna be the next big thing. So interesting question, because I think what has obscured a lot of the security messaging is kind of rebuilding or continued effort towards making sure that as the VMworld transition from an infrastructure virtualization-centric play to cloud, right? Can't swing a dead cat without saying the cloud word. We haven't seen a lot of large changes take place in the security space with regard to the portfolio. I mean, there's things and improvements with vShield endpoint. There's some polishing of on access control, but for the most part, no big splashy moves. And I think this is in advance of what we're seeing with, for example, the acquisition of Moosira, what that's gonna do to the underpinnings of virtual networking, which for the most part, whether you like it or not, whether you believe in virtual or physical and interfacing the two from a security perspective, the networking elements are really how the security industry hinges their solution sets. Okay, so they have good marketing. That's great. But I mean, you got to buy the concept that, yeah, moving from the hypervisor to kind of an environment, enabling infrastructure is a good move for VMware. There's just a lot of work to do. Can you tell us in your expert opinion the kinds of areas that they need to hyper-focus on right now? Yes. From a security perspective, you mean? Just in general, the top three. So the transition, meeting with customers, large enterprises is a great weather for how I look at some of the problem sets. And what we're seeing right now is a tremendous push and focus on, again, trying to deal with what new application architectures and the deployment scenarios associated with them and the programmatic languages and the shift in how people are using apps and what that means from a security infrastructure perspective. So what I mean there is if you look at the fact that security really should be protecting applications and information in the first place, we have to get as close to the applications and information as we can. So you start to add in things like software defined networking, where now the workloads, orchestration provisioning thereof or kind of the control and data planes are separated, meaning the way in which you do traffic steering and service insertion to get close to the application to protect it makes for some interesting challenges. Because of the increased vulnerability. Well, just kind of the notion that the landscape itself and where these applications can be parked can be incredibly diverse. We've had conversations a lot about how vMotion stresses environments and while people are starting to use vMotion and DRS and these sorts of things where mobility comes into play for the virtual machines, for the most part you have clusters of machines and there's not a tremendous amount of movement with workloads within those in an enterprise, right? They pretty much, they don't scale and they don't massively distribute because most large enterprises are trying to actually consolidate their data center for prints down. So what that means is that in many cases when we think about how enterprises, large ones are trying to figure out how to reconcile from an operations perspective how to protect applications, they're still kind of, well, I've got this massive operational understanding and set of processes and practices and people well attuned to doing zoning and segmentation of the physical network and I got this other layer albeit very impressive from the perspective of application abstraction but it runs completely separate tools, different processes, different orchestration and operations. So reconciling the two and integrating them is a huge challenge which means if you really want to use the word open and you really want to embrace this notion of ecosystem it's got to be more than a bunch of AV vendors plugging into an endpoint API and a bunch of networking vendors kind of circling nervously around the eclipsing kind of definition of networking and we need tighter, better, more broadly defined access points. Okay, so let me throw another angle at you. One is one of frothiness. I'll see. So if I define marketing, so if I define networking has created a surge of entrepreneurial activity. Arrested went out there when it was kind of hard to raise money, they did a good job and they're doing very well. Jay Shree was on and she's smiling because evaluations are up and everyone's happy. And so now this financing coming in the second. So good news for networking. Okay, good job. It's hot again. So it's hot and that's great because it's hard work. So I want you to share with the audience one, how hard it is to actually do this stuff kind of at a high level and two, network virtualization. What that all really means. Yeah, so we've got the battle of approaches, right? You have the fabrics of the world which are kind of start the networking bottom networking layer and move up. We've got this approach with fabrics which in many cases when you're thinking about how these new cloud scale applications are being written, fabrics whether you're talking about a service provider or in an enterprise will allow you to take advantage more flexibly of how you do application deployment without having to necessarily rely on physical, on the physical infrastructure the same way you used to. It's important, but you've got to tie the physical and virtual together. We kind of juxtapose them as though they're separate and at odds with one another. But if we've learned anything through history we see repetition of cycles that go between infrastructure and software and infrastructure and software. We shouldn't be surprised by the fact that we're seeing this again. But I think operationally people are looking at on the one hand, you get all the awesome benefits of flatness and low latency, high speed interconnectivity for things like HPC or just really low latency applications and data centers. And then what security guys are forced to do less on security and more on compliance as we discussed last panel if you remember is then you go and you chop this beautifully flat high performance fabric enabled network up into VLANs and IP subnets logically and then you have to figure out how to interpose security on top of that as you add a layer of software that then runs the VMs. You're pet peeve of an afterthought. Yeah, it's still very much a bolt on approach because we're very fragmented. Does software defined networking change that a bit? Is it a clean sheet of paper? Is it a do over as Dave always says? And you know, I mean we had Simon Crosswell and he's got a whole startup for me and we can talk about it in a minute but you know, obviously there's new approaches so what's the strategy there? What does it bring in new complexity? You're talking about separating the control and the data planes. Does that bring in new complexity? So it can, right? I think the promise of what virtualization as a whole especially network virtualization at the layer in which it's defined today as well as software defined networking gives you a layer of capability and opportunity to kind of figure out how can I do things like traffic steering and service insertion broadly inserted across this landscape of networking no matter where my workload is. And by separating control and data plane you can in practice and in theory get much better integration between disparate players in the ecosystem by standardizing on API calls, allowing you to basically define from the perspective of security the requirements and then making a call that says instantiate this policy. Now that policy can be interpreted by any number of players in the space but what we don't have as an agreement in the industry for example you can take 10 different security vendors and to do something we've been doing for 20 years define a five tuple ACL, right? Source destination service and what I want to do with it you'll get 10 different answers which is ridiculous. So what the promise of software defined network and software defined security some people don't like those words, hi Edward. The notion is that- We know where you stand on that. We can programmatically get closer to being able to kind of abstract this in meaningful and useful ways but it still comes down to the controlling interest and setting of the agenda by the platform players themselves to allow you to interact with that space. So that's a challenge to VMware directly. Well it is, I mean but at the same point in time it's a challenge they just answered, right? What they just did with the acquisition of Nasir, brilliant. Just disrupted the networking industry for another two years as we sort out what we're going to do to be able to play by their rules in terms of being able to whether you have your own SDN strategy or not if you're in a large enterprise regardless of whether you're going to deploy OpenStack or you're going to deploy VCloud Director which hypervisor you're going to deploy? They're basically- Okay so I got to ask you a question, that brings up images in my mind that look like a cold war. Are we in a cold war of networking? A cold war, you know I like the way you said that. I think we're in a, you know it's been a, when has it not been a cold war of networking? I mean are we in a defrost cycle or a chill cycle? I think the notion here is- The Cuban Missile Crisis maybe? Yeah, that's a good way. Just take off your shoes and bang it on the desk, kushchev style. You know I think that's a very interesting question. I think you know ultimately as ecosystem players whether you're thinking about compute network of storage I think the dark course in this that we haven't brought up yet is actually Intel, right? I think besides the seven billion dollar acquisition of McAfee, I think it was seven billion dollars wasn't it? It's pretty large. The notion here is that if you look at the features and functions from a networking perspective when you look at security capabilities and like the Intel's DPDK, right? Their development kit where you can get massive amounts of throughput of virtualized network and instantiation in the chip sets and the McAfee acquisition and the ability to ultimately then integrate there. Now you've got the foundational compute layer kind of going to war against the foundational abstracted compute layer in the hypervisor players and the stack players and then inserting in the middle of this is the networking vendors, right? It's this three way cold war of intrigue. The Soviet Union broken up into multiple pieces. Okay, so that's awesome. We can riff on that on the cube. I like musicians up here playing different notes but I'm going to go back to developers. So let's get back to the entrepreneurial cycles because obviously it's hard to do networking. You know, I think we talked about this about you got to raise a boatload of money to compete with Juniper and Cisco is just very difficult. It's hard to see a startup come out in the systems game and doing that. It's really difficult. But then again, you see what Nasirah did on the software side. So the question is, and knowing it that it's really hard to do, it's hard science. It's really a lot of geekiness. That's not as trivial as writing some Rails code. So the question is Juniper had this Junos thing going on that was a really great noble mission around getting developers. So talk about the future and your vision of a developer ecosystem in this new environment. So if this is truly a new way, which I argue it is and it's positive, just got to get sorted out. Is there a developer environment that looks like open source or looks like a traditional developer environment? So what I find interesting is, depending upon the types of applications you're defining, if you're talking about things like applications that can directly interact and control the network and vice versa, and they don't have to be bidirectional control. They can be telemetry that allows the network to inform the apps and vice versa, but you have to define who sets the agenda in terms of roles of who can actually instantiate requests to change network topology or change quality service or change the way an application behaves. I think what you're seeing is abstracted environments like Amazon Web Services, where you have folks like Netflix who basically use a service provider's network, which is programmatically orchestrated and interfaced in a way that in some cases, from a security perspective, is completely abstracted from what they do above it. The notion that you can have developers at Netflix writing network-aware applications that can allow the applications to make smarter decisions and where they deploy based on latency, performance, scale, definitely an ecosystem. How quickly a large enterprise can adapt and evolve around, just give me a pipe in an IP address to I want pools of resources, to I want pools of resources that allow my application vendors to take into consideration things that like latency, like performance, like availability of scale, it's a slower pace. So in the long term, when you look at things like Juno's, your ability to write applications on a platform like Juno's space and directly control and interact with the network to do bandwidth calendaring, to do implementation and absorb protocols like OpenFlow without having to change your core routing and switching code, it's extremely valuable, but the definition of a developer and the definition of an application in that space is pretty critical to understand, right? You don't have somebody writing necessarily a game developer writing things that controls the network. They don't necessarily care about that unless they have requirements that require them where the server provider can kind of bubble those that kind of stuff. I think that'll be a driving force to maybe keep the vendors on their toes. I mean, if we can somehow get that definition kind of defined in a way that's not awkward, you mentioned that awkwardness of jamming security into this area, but if we can get to that point, you know, that's nirvana. I mean, that would leverage Juno's, Juniper, Cisco, Arista. I mean, Arista's got to be saying to themselves, hey, you know, I want to get these new stars working on my platform. Yeah. I mean, look, if we can stop being fragmented as an industry, right, and be able to come together to understand that as an architecture, software-defined networking benefits all of us because it actually allows us to add way more value as vendors to the equation. And you know, you can differentiate your products based on what you subscribe to. The challenge is we can't have 15 versions of software-defined networking. Okay, so here's my final question because we got to wrap up and get to our next guest is two questions, two-fold. First, tell the folks out there as lay language possible, what this software-defined networking, Nassir, at which it really means to VMware and to the world, and give you perspective on that. And two, what's your outlook for the next year, year and a half in terms of the market around networking? Yeah, so, right, I'm a security guy, right? So I'll give you the security version of that. So I think what you get with Nassir and software-defined networking is basically a rewrite of the way in which security operators and the ecosystem interact with the very purge that we've enjoyed for a very long time. Whether you consider native API accesses to hypervisors, the way forward or not, or whether it's a combination of virtual and physical networking, I think what the Nassir acquisition, what SDN does in general, is allow us to take the vision of deploying service layers, security, networking, applications, and just in clearly a way more fluid, automated fashion. So I think it was a brilliant move on VMware's part. It also gives them access to things like OpenStack, which is a whole another interesting angle, right? That's a panel, that's an hour right there. Yeah, circling the wagons or a sniper rifle depends on how you look at it. It's saved OpenStack. But I think it's fantastic because actually folks like VMware, to their credit, because I don't want this to come off negative, right, really do get to control and set the agenda and keep networking vendors honest about how we serve our customers and interact with them. Sometimes it makes for that Cold War scenario. Sometimes it also gives us different ways to think about approaching solutions that otherwise we would be more constrained with. So looking forward to answer your second question, I think what's really, really fundamentally interesting is to see now how networking security vendors will navigate this environment to figure out how they can play and offer the same sorts of capabilities. But to do that, we really need a consistent way that we can plan our roadmaps on of interfacing and connecting our solutions to this virtualization layer. Not distracting or abstracting it more and more apart because large enterprises and service providers build their networks first and then they put applications on top of them. And the challenge is if the two don't meet in the middle and it's ugly, all of the benefits that we get out of software to find anything fall through the cracks because you end up in this finger point. In VMware, they've earned that right to provide that consistent view. And they've made it moves. Yeah, but they also, I mean, they've earned that right, but sort of the networking vendors to be able to participate in that discussion. Cisco, Juniper, Brocade, all of them. You can't do it without them. Well, maybe they think they can, but I think that's a tough road to hope. Well, we're going to wrap up, but I got to just get one quick comment because I just thought of it. I wrote out my notes down because Todd Nielsen used the word application server hell. And that one of the things V-Fabric does is gets people out of that hell. So at the application level, is that hell of these older applications? Is it hell? Application servers? So I think the thing is when people look at cloud, you have two schools of thought. You have a camp that says, how can I move my old apps to cloud? Which is kind of a, I think that's a road that just never ends. And I'm not sure that that's the right way to approach things. And that's, you will get into the application server hell. That's an easy road to take, but not necessarily the right road. No, so the other one, which is more difficult, but more prudence take advantage of all of these new capabilities is actually to rewrite applications or think about different ways of serving them. You talked to James Waters from VMware a little while ago, and I think ultimately what the move up the stack from infrastructure focus to platform focus with platform as a server, so just platforms in general, get us closer to merging what we do with the application layer, what we do with the network layer, consolidating providing consistent interfaces that actually makes security a much more interesting story. An infrastructure layer, it's a pain in the ass, it will be for decades, just given the way it's structured, PASS is a huge disruption, and enterprises are adopting it internally as well as externally. I think it's a great opportunity to do things better. Okay, Chris Hoff, always a great guest. Love the insight, high clock speed, like Pat Gelsinger, Rallinoff, physical, virtual, all this stuff, and it's just tough to keep up, I mean. I like his high paycheck to go along with my high clock. We'll be right back with our next guest here inside theCUBE, SiliconANGLE.com's theCUBE. We'll be right back. That's great.