 Hi, I'm Kit Colbert. I'm running a new team at VMware called Cloud Native Applications. And the focus is really on how do we enable our customers to embrace these next generation applications, you know, as James and Josh were discussing earlier. This is a trend that we're seeing across all our customers. And everyone's thinking about this. It's one of those notions that, you know, Mark Andreessen said a long time ago, right? Software is eating the world. Every company is becoming a software company. And we're seeing this to get in again. I mean, even in this week's issue of the economists, they're talking about how financial institutions are now really worried about tech startups coming and disrupting them, right? So everyone's got to figure out how they can embrace these things and move faster. Let's see. Here we go. So as that's happening, you know, it's kind of these new imperatives for business, right? Given that software is becoming the major way that these companies interact and engage with their users, you know, they, companies don't need to think about how they can create the best experience on those software platforms. This isn't just saying, you know, having a good mobile app or a good web app. It's also doing things like big data, Internet of Things, so on and so forth. So you can get large amounts of data that you can then analyze and give insights back to those customers. It's about engaging them at a deeper level. But it's not just about doing that once, right? We've taught, we've heard this before, how, it's how quickly you can move, right? Ying was just talking about this and, you know, I had certain requirements for how fast and how often they need to be provisioning stuff into production. And so there's, you know, all these technologies out there in the open source world, James and Josh talked about Netflix and all the great stuff they've done and given back. So you actually absolutely have to engage and, you know, leverage those things as much as possible. You want a structured platform, as they said. So the interesting thing from VMware's perspective, you know, we're looking at it from the IT ops data center side, is what we're seeing is that the infrastructure itself is also changing. So traditionally, you know, the focus of IT was all about saving money, right? How can we drive efficiencies and consolidate workloads? This is, you know, something that we really help customers to do, to move all these disparate workloads of many servers, consolidate them down to fewer servers. But as we go to this next generation world, it's not really about efficiency and CAPEX savings, so much as it is about deeper user engagement. It's about reaching those users and actually driving top-line business growth, right? It's how do you actually get more revenue? And so when you think about that, you think about scale, you think about distribution, you think about how quickly you can move. And so it really becomes less about the infrastructure, a lot more about the applications and how you can leverage infrastructure to help those applications scale. So with that in mind, you know, the mission that we have within our team at VMware is really to make developers a first-class user of the data center. And now for many folks in this room, they say, yeah, of course, obviously, that's what we need to do. And yes, it's true. The problem, though, is that today, data centers aren't really optimized for developers. Developers don't want to file a ticket and wait whatever it is, weeks or days or whatever to get that thing done. They want to call an API, have it done in seconds, right? They don't want to be exposed to the complexity of a data center. They want the data center essentially to be fronted by a giant API they can call and get stuff done, right? So all that complexity down the data center should be hidden from them. So that's a lot of what we've been trying to do. I mean, this is the direction of where we've been going in with this whole software-defined data center vision we've had, which is really enabling our customers to get the tooling and the tools to actually build these APIs on top and automate that data center. But we want to do a little bit more. So we're looking at how can we build and really engage with technologies that span the application lifecycle all the way from a developer's laptop to the production stack. We want to empower the ops teams to support these next generation types of applications. We want to move IT to be able to say, yes, we can support that. We want to do that. We want to see how fast we can move here. And finally, we want to do that in an open way, right? Leveraging open source technology, open standards, but also contributing back. Because as we said, this is where a lot of the innovation is happening. It's in the open source world. So specifically, Cloud Foundry, right? Very exciting stuff. I don't need to pitch you guys on how cool Cloud Foundry is. We've incubated Cloud Foundry at VMware for many years, and then when Pivotal was created, we gave a lot of those assets to them, and they've been driving it. Now it's great to see a whole foundation around it in this huge community that's there. And as they were saying, James and Josh were saying earlier, this really is a structured platform for enabling customers to move faster. And that's great. So the question is, what else needs to be done? How can we help Cloud Foundry to accelerate? How can we help our customers embrace Cloud Foundry even more? And so as we start thinking about it, there's, of course, lots of stuff to do. It's still a new space. But probably the biggest issue that we hear and biggest concerns that we hear from customers are around security, right? How do you secure these next generation applications? And when you think about it, there's a lot of challenges. Because we're not talking about apps with just one or two or maybe five instances. A lot of times now, the ability to dynamically scale up this stuff means you're going to have dozens or hundreds or maybe even thousands of instances. And you have a lot of different infrastructure to, you know, changing application to apology. How do you ensure that all these different things can be trusted? Right? How do you ensure they can talk to each other properly? And so in order to do this, you need a few different things. You need sort of this identity infrastructure for these applications. You need good network isolation and dynamic network topology support. And finally, you need a secure and trusted runtime. So I'll kind of walk through what we're doing in each of these different areas. So first kind of a high-level architecture diagram that we'll use to walk through some of this. So what we see here is, of course, you know, Linux hosts, where you're running your containers and container engine living inside Cloud Foundry. Cloud Foundry itself does scheduling and orchestration. You may have a repository, you may not. And then some network underneath to connect all your different Linux hosts. So the thing that's missing is some sort of identity and access management solution that can really tie all these pieces together. You know, it's like, when you think about Cloud Foundry, how can it trust the host that is running on? When you think about that host, how does the host know that the container is about to execute is actually the container that should be executing? Right? The thing I always talk about is it's kind of funny that most folks' iPhones are more secure than most data centers. Right? I mean, think about it. Do you know exactly what apps are allowed to run on that iPhone? I mean, Apple has that ecosystem controlled top to bottom. Everything's cryptographically signed. You can attest to the code. They don't let anything in the App Store, they don't improve. And if your company has an MDM solution, you can further control what apps are actually going about phone. But in a data center, you don't have any of that, right? I mean, you just have a bunch of hosts, a bunch of IP addresses. You can exact whatever process you want and you're off and running. Right? I mean, how does the data center get locked down the same way that our iPhones are now? Well, this is exactly what we want to do. And so this is the idea behind this thing we're calling Project Lightwave. So Project Lightwave is an identity and access management solution or component that's focused on cloud-native applications, containers, and so forth. So the idea there is that we're not really focused on user identity so much as different component, application component, or infrastructure component identity. Now, how do you tie all those different things together so that the hosts can validate the container, so that different containers can validate each other within that application? So the cool part is that this thing supports a bunch of different protocols. You know, the reality is that these new cloud foundry instances you create are not going to be little islands by themselves, but it's actually going to be interacting with a lot of the existing data center services you have. And so you need to support all those different protocols. It needs to be scalable. This thing is multi-tenant. So just like cloud foundry is multi-tenancy, you need multi-tenancy sort of top to bottom. And as I said, we're open sourcing this hopefully this week or next week. It should be going out very soon under the Apache 2 license. So some pretty cool stuff. We've had a lot of different interests from partners working closely with the cloud foundry folks and folks like Pivotal to really integrate this and combine this with the great cloud foundry technologies. So that's the first piece. How do you kind of secure from an identity and authentication standpoint and do that for the components? Now, the second piece is around the Linux host. How do you ensure that you have trust and security there? And so when you're looking at sort of a VMware deployment, what you really want is how do you combine and integrate that Linux distro as much as possible into the hypervisor to really simplify management and to drive up security? So that's why we announced something called Project Photon. So Project Photon is actually a Linux distro from VMware. The idea here is it's optimized around containers, so it's extraordinarily lightweight. We're also optimizing it for our hypervisors, our hypervisors in general for virtualization. So as you can see here, we support a bunch of different containers out of the box, obviously very tightly integrating it to cloud foundry. The thing we wanted to do though is actually, as you can see further down the slide, actually take that a bit further and actually build a stem cell for cloud foundry leveraging photons. So that's in the works. And the idea there is again, when you talk to enterprises and you talk to IT ops, they really, IT security, they really want standard building blocks they can trust in their data centers. So we've been very successful at this over many years working closely with the IT security folks to get their heads wrapped around our vSphere hypervisor. And we want to extend that with Photon. So they have a secure, trusted runtime for cloud foundry and their other applications. So some really cool stuff we're doing there. And the idea is again, from a usability management perspective, the idea is Photon is kind of built in. When you get vSphere, you get vCloud errors, just there, it works. You have integrated support, one throat to choke, one phone call to make, all these great things. And so as we said, we're also open sourcing this one under the GPL v2 license. And this is out today. We've had a bunch of folks testing it out, kicking the tires on it, submitting pull requests. So a lot of good stuff going on there. Okay. So identity access management, the compute runtime, the third piece is the network. And you really want some sort of networking technology that can handle the dynamic network typologies of a cloud native application. You're thinking about, again, dozens or hundreds or thousands of instances of this app all coming and going over time, you want a network technology that can handle that. So we have a network virtualization product called NSX, essentially virtualizes these physical network concepts and allows you to control them through software and via an API. So really cool stuff, right? So if you look at how this stuff works today, basically you're running a container inside of a virtual machine. And so what we do is we have all sorts of support for virtual machine networking. NSX can do something called micro segmentation down to a VM, provides dynamic security, firewall, load balance, etc. for that VM. All the containers inside the VM sort of share that network context. And you may have a NAT or something else you're doing there. And this actually works. It works for many people today, right? But we want to do something a little bit more than that. So we're actually moving forward to do a second level of network virtualization, if you will, actually virtualizing at the container level. So the idea there is you can actually have multiple containers inside a single VM, each of which has its own unique security properties. You can do different firewall settings, different load balancing rules, different routing rules, etc. for each of those containers. So this is really pretty cool. It's something we're looking to extend NSX as well as doing an open source project called OVN, open virtual network, to enable that as well. So a lot of good stuff happening there. Now one question we do get around this notion is, do we still need a hypervisor in this case? Like why can't we just have the containers running on bare metal? So when we talk about security, the really important piece here is multi-tenant security, ensuring that you really have safety between folks you may not trust. And that doesn't have to be different businesses. It may be different organizations within a business. Some of the security folks we talked to at major organizations actually say that their biggest threats in their mind are from their internal employees, not from someone attacking them outside. And probably you're kind of wondering, why are you going to get some new employees? And if that's the biggest problem. But nevertheless, it's true, right? So they're very, very sensitive to this. So that means they want security top to bottom. They want multi-tenancy top to bottom. They want that in the network layer as well. So the problem without using virtual machines, if you can break out of the container, you can get access to the virtual switch or the switch locally on that host there. And then you can go out and kind of go out to the entire network. The beauty of what a hypervisor enables you to do is really protect that. Even if you break out of a container into that local VM, the hypervisor can still protect that VM traffic. It won't have, you know, you can set the, in the VM, you can set your Nick to promiscuous mode. You still won't be able to see any traffic because the hypervisor can protect you from that. So the notion of a VM sort of changes this next generation world, right? It's not about managing VMs anymore. It's about managing applications. But the beauty of virtualization is that it actually offers you a really tried and true and proven security domain. So VMs kind of become software-driven security domains. And so you may say, okay, I have some container, some instances of this app that I trust each other. They can be provisioned within the same security domain, same VM. Others that don't. They need to be separated out. So that's the beauty of what we see kind of better together between virtualization and containers at the network and the compute level. So a bunch of different stuff we're doing, as I said, you know, this goal is to make developers a first-class user of the data center, something that should have been done a long time ago, but it's been very hard for IT to move in that direction. They haven't had the technologies. But now we're seeing those technologies are coming to the forefront. Things like Cloud Foundry are helping to force that discussion. And so what we want to do is help those customers at the infrastructure layer with the compute, with identity and access management, and, of course, with the networking piece. And so you can see some of these different technologies out there, Photon and Lightwave, both open source, both available for you to go kick the tires on and try out. So with that, I want to say that this is just the beginning, right? Don't assume that Photon and Lightwave and NSX by themselves are the solution. There's a lot more work to do. As I said, security is kind of the first piece, but there's a lot more stuff around management, around automation, around governance and so forth, not to mention more infrastructure things we can do. So look for more announcements from us throughout the year and next year. But for the time being, please check us out on GitHub and follow our Twitter. Thank you, guys.