 It's the Cube Alonai. Live from San Francisco, it's the Cube, covering Red Hat Summit 2018. Brought to you by Red Hat. Hey, welcome back everyone live here in San Francisco, California, Musconi West. It's the Cube's live coverage of Red Hat Summit 2018. I'm John Furrier, my co-host. John Troyer, our next guest is Denise Dumas, Vice President of Software Engineering, Operating System Group in Red Hat. Welcome back to the Cube. Good to see you. Thank you so much. Great to be here with you. So, operating systems, Linux, the base of everything. Yeah. Now you got all this other goodness going on. You have some acquisitions, permit bit. We were just talking about before we came on. A lot of action going on. Yeah. What's new? Well, you know, you think that the world of operating systems would be boring, but honest to God, it is so not, especially now, right? Because there is a whole generation of change going on in the hardware. And when the hardware changes, the operating system has got to change to keep up, right? You look at the stuff that's going on with GPUs, with FPGA, right? I mean, and that's just like tip of the iceberg. Yeah. And everything has to be programmable. So you need software to keep track of it. So it's not just the patches. You got to keep on top of the DevOps, automations, a big part of it. And security models are changing. With the cloud, there's no perimeter. So you have to have maybe chip level encryption, OS. Way up, right? Yeah. So this is challenging. So what's the impact to Red Hat as these new things come on? Because you got, you know, spishing out there, sphere fishing is a big problem. You got to handle it all. How do you guys handle all the security challenges? Well, you know, it's actually interesting because RELL is the base, the core of Red Hat's product line, which means that we provide the firm underpinning for everything else in the portfolio. So we have the FIP certification. We're doing the common criteria certification. We provide the reliable crypto that everybody else can just expect to have in their world. And we have to be the really firm basis for everything that layers on top. And it's really great to have the additional products in the portfolio working very closely with us to make sure that we can be end to end secure, end to end compliant and that we're looking at the bigger problems because it's not about the operating system. It's about the infrastructure and what you're going to run on top of it, right? A lot of people have been saying security, oh, it's hard to do security. Open source is actually a problem for security. And then the world shifts back and says, wait a minute, open source is better to attack security problem because it's out more people working on it versus the human problem of having proprietary. So obviously open source is a good thing for security. What's the modern approach that you see now that you guys are watching and building around that? Because that's the number one question at KubernetesCon, we saw great things. We saw Kubernetes, we saw Istio service meshes, but security's got to be thought of on the front end of all the application developers. So that means it's on you to put it into the OS. And it's a different world, right? Because the application developers are not accustomed to having to deal with that because that was always the job of the IT guys, right? That was the problem for the infrastructure to deal with. And so clearly we have to provide better security, better tooling available to them. But the operations guys, right? They need help in this new world as well because suddenly there's this explosion of containers in their environment and who knows what's in those containers, right? We've got to have the ability to scan the containers and make sure that they get patched regularly. So it's just a whole different set of problems but it all starts with making sure it's secure underneath all the rest of it. Well, so that brings up the concept of layers, right? There's all the operational things, there's the apps and the containers and then, you know, rel is running underneath that. Underneath that's the hardware and the microcode and all the rest of the stuff. So this year we, the whole entire IT industry took a kind of a gasp with the meltdown inspector problems that surfaced, you know, I guess in January, I think, when they were public. You know what that was? That was how the kernel team spent their Christmas vacation. Oh my goodness. Yeah, the kernel team, the performance team, the security team, the virtualization team, all those guys, so Red Hat shuts down for a week at Christmas time. They didn't. Yeah, that was exciting. Well, how can you prevent the next one? I mean, it's a moving train. Security is one of these things but there's another one coming because the cyber attacks are there. What's the viewpoint? How do you keep on top of it? Well, you know, we have a fabulous security team. So if you happen to get up to the second floor, go talk with Crow Chris Robinson. His guys, they monitor what's going on in the upstreams. They work with MITRE, they work with the organizations, right? And when they discover that something is in the wind, they come to us and disclose people as needed. And then we get to go and figure out how we're going to get fixes in. Usually a lot of this stuff happens, as you know, under embargo. So we really, we can't talk about it. That's a real problem if a lot of the upstream hasn't been read in, right? So for instance, with Meltdown Inspector, a lot of that was going on, not so much in the upstream. So there were kind of divergent patches that we got to bring back together. That was really, we knew, well, we had a really strong suspicion that the embargo was going to break early there. That's why my guys were over Christmas, right? They had to have something ready, secure for when it broke. And then we could worry about the performance afterwards. Yeah, right. And then you had to roll that out into the entire customer base. And that's some fairly standard mechanisms. Was there anything special with that? Because it was fairly high priority, I suppose. Yeah, well, I mean, anything like that, we make available asynchronously because we want to have it available that the day that that embargo goes public, right? Because that's when we're going to be getting the phone calls. That's when people say, oh my God, now what do I do? But the hard part with this one was that you had to have the microcode as well, right? But we had to do a lot of education because this was this, the side channel attacks, it's just a different way of thinking, right? It's not so much a flaw in the code as in the overall hardware architecture that we get to deal with. Yeah, that's tough. What did you learn? What's the learnings? How do you magnify? We have to be as transparent as we can possibly be because security researchers are going to keep on looking for this kind of flaw. And we just have to be able to work as much in the open as we can, but we also have to have an education function, right? This is not an area of core expertise for a lot of people who are working in databases, right? Or who are designing Java apps. And yet, we have to be able to explain to them why there's a performance impact on some of the stuff that they're doing and how we can work together to try to get back some of that performance over time. Now, Meltdown Inspector, that's kind of off my radar now, but I don't think we're completely out of it, right? You people have had to patch and reboot and update, but it sounds like we're not, I don't think we're at 100% for sure of all systems. Yeah, well, a lot of IT infrastructure, right? There's your window in which you can actually afford to reboot your systems. And I think a lot of those are very tightly scheduled. I mean, we have customers who get 10 minutes a year. Yeah, up times of years and years. I mean, rebooting is kind of old-fashioned at this point. Yeah, really, right? As it should be. As it should be, but when it's the microcode, you're kind of stuck. Yeah, I mean, that's a hardware thing. Again, back to the hardware. Still, hardware, even though cloud is extracting away the complexities, hardware still is out there. So you're never going to go away for you. And as you said, it's changing. Look at the GPU side. And you've got all kinds of new things coming on the horizon, like blockchain and decentralized infrastructure that's encrypted. Amen, right? So, you know, this is, you know, systems level code with software guys who don't know microcode. So you guys got to be on top of it. So I guess the big question is, is that operating systems that you guys have is very reliable and the support is phenomenal as you have some industry standard. How do you take the support and the engineering in RHEL and operating systems and bring that operating system mindset to the next level up? As you move up the stack, Kubernetes, open stack as well, open shift and apps, they all want the same reliability. They all want the same kind of robust nature of an ecosystem. At the same time, more people are being certified. So you have a balance of growth and reliability. How do you guys see that? But it's also speed and time to market, right? Which is the other factor, because there's so much pressure on any emerging technology to get the features out there that you end up carrying the technical debt, right? Or you end up not being able to be as hardened as you might like to be the instant that you go out the door. And so it's always going to be a balancing act and a trade off. So I know you guys were just talking with Marco Bill. Peter, and he was probably talking about how we're trying to focus on use cases, right? We need to understand the use cases that our customers have. And now those are clearly across the entire product portfolio, right? But those are the test scenarios that I need to get in flight. And those are also the paths that I need to make sure we've optimized for, right? And so it's a partnership with the rest of the products in the portfolio. And we really do a lot to work together as tightly as we can, which is one of the benefits of being at the core, right? I'm working with everybody. Yeah, and you got the instrumentation too. So the other theme we're hearing. Oh, God, yeah. The automation. The big time theme here is breaking down the two real granular level sets of services, which actually is a good thing. Cause if you can instrument it, then it's just easy to manage. Cause then you can isolate things. So I mean, this is a good thing. And always people love this because you can decouple and make things work well. But the instrumentation. We hope. We love the APIs and you understand us. You need the APIs and you need the instrumentation and the looking in. So how has that created a challenge? Because it's all those great for Red Hat's business. And then you see in the forecast and the analysts are seeing the growth. You guys are seeing the successes, but it makes your job harder a bit. I don't want to say harder, but I mean, it's, you know, you got to write more code and make glue layers, abstraction layers. Yeah, but I wouldn't want it to be boring, right? Well, I do want it to, I want it to be boring for our customers. I want our customers to just be able to pick up. No drama. No drama. Not an exciting, but it's no drama. Nicole's not ringing with no spectra again. It's working like a charm. No problem. Yeah. Dramalama does not live here. Yeah. Yeah. That's an interesting point though. There's a lot of talk about the whole Red Hat stack here, right? And you got, as we've said, you're the base of it. Where does, where does Linux, where does Linux and especially rail go from here? What are you looking at in the next few years? Some different technologies you're looking to pull in, et cetera. There's always, I mean, we have to keep up with the hardware advances clearly, right? But then there's lots, so look at our permabit acquisition. What a great ad, right? So permabit for people who don't know, they do video, virtual data optimizers. So they do DDoop and compression on the fly, on the path to the disk. And with rail 75, as part of your subscription, so we buy companies and we open source their software and we make it available to you as part of your subscription, right? How good is that? So when you deploy 75 in your environment now, suddenly you're going to need a whole lot less storage, right? Depending on, of course, it depends upon your data footprint, right? But you might find that you're able to shrink the amount of all that expensive storage and expensive cloud storage, particularly, that you need significantly. And you get the compression, right? Well, the compression is very popular. We follow the following permabit. Question on permabit for you. Was that open source? Was that, they build their products on open source? No. And are you guys open sourcing that? Gotcha. Okay, so you had to go in and kind of open it up and do a review and clean it up and... Yeah, yeah. And we have to help them get it into an upstream, right? So they actually, they were fabulous. The permabit guys, they have been so fabulous to work with. Best acquisition ever. Well, CoroS is not looking too bad. Well, CoroS is not, yeah, yeah. That's a little good off the tee, as they say, you know, it's right in the middle of the fairway. All good. Yeah, you know, all good. Red Hat seems to be pretty good at acquiring companies and incorporating their tech. That seems to be part of the culture here? Yeah, that's because we're not, you know, people think we're like big and scary, right? I'll tell you, I have worked for companies that are big and scary. Red Hat is not it. We're really open and it's really, in many ways, an engineering culture, which is wonderful. It's a great fit if you happen to be from a startup culture because we don't overwhelm you with process, right? I mean, we... Well, you have a lot of smart people. Again, I can attest to my interactions over the years. Smart people, very humble. A lot of systems people too, which is great operating system. Hello, the world's turning into an operating system. Good for that, but humble and plays the long game. You guys, I've been, you deserve credit for that. And that's attracting and reason why you're successful. But you know, the thing is, we really believe in our core values, right? We really, truly honest to God believe in open source and the power that it has to change the world. That, you know, you say, oh yeah, sure, right? She's part of the management chain. She's going to say that. She's in the Kool-Aid. Yeah, but that's not it. Talk about the growth. You guys are growing. So, I mean, over the years, again, since we started theCUBE nine years ago, we've watched Red Hat, just in that time span, grow significantly. I'll see it's well documented. An alternative to the other proprietary OSes, second tier citizen now running the world, first tier, great job. So it's a huge success. Business model of open sources now mainstream. But you got to onboard more people, more ecosystem partners in a really dynamic, big wave of innovation coming. How do you maintain their recruiting? How do you get the great people? How do you preserve the culture? I'm sure these are questions. How do you get the more inclusion and diversity question? This is all happening right now. We're going to have to catch them at nine years old and grow them, right? I mean, although honest to God, we do a lot of university outreach, right? If you look in the Czech Republic, for instance, we have a huge operation in Brno, which is the second largest city there. And we are so tied into the university system. We bring in lots and lots and lots of interns. And it's wonderful, right? Because we want to teach people about open source. We find people who have passion projects and we bring them in. This is our world, right? We don't, we want non-traditional people as well as traditional computer science majors. Open source is a great leveler. Your CV is online. I mean, imagine, right? You want to change careers. You want a new life. You love to code. You've been working on writing games in your spare time. You are our people. That's the code. Your code is who you are. Your code is, it's your CV. Well, this is what doing things in the open means. It also, it's been great for your business that we had Jim Widers on earlier. There's no A-B testing. They just go into the community and find out what they want and they just, that's A-B-C-Z testing. It's just right there. You guys do the due diligence. Sometimes make big time real time decisions on features based upon what is in demand practically speaking, not just focusing on the new tech. That's a good business model. We hope so because, you know, I mean, as one of our former CFOs said, there are a lot of people, a lot of associates at Red Hat who are dependent on Red Hat for a paycheck and it's very important to us that we remain profitable, stable and really good for our people, right? We've got a lot of people that we need to take care of. That's a good place to be. And the timing's great with Kubernetes and containers. Really taking it up a notch and bringing that extensibility, you know, just beyond standalone Linux. So congratulations. And thanks for coming on and sharing your perspective. As always, we love these conversations in theCUBE talking everything from operating systems to core OS and Kubernetes and culture. This is theCUBE here out in the open on the floor at Moscone West. I'm John Troyer. Stay with us. We'll be back with more day two and three days of live coverage on theCUBE.net. We'll be right back.