 From Las Vegas, it's theCUBE. Covering VMworld 2018. Brought to you by VMware and its ecosystem partners. Welcome back to theCUBE. We are live day two of VMworld in Las Vegas, Mandalay Bay. It's apparently very hot outside but we're in here getting all the exciting scoop. I'm Lisa Martin with my esteemed co-host, John Ferrier. Hey, John. Good to see you. Welcome back to the set. Thank you so much. We're pleased to be joined by a Fortinet customer, Ken Busby. Keith Busby, excuse me, the executive director of information technology and security at the school district of Philadelphia. Keith, welcome to theCUBE. Thank you, thanks for having me. So the school district of Philadelphia, eighth largest public school district in the United States. You've got over 134,000 students. Over 18,000 staff. If only your IT budget was enormous, right? So you guys, something also interesting this morning, Malala Yusofsi was speaking with Sanjay Poonan, very intriguing on the whole kind of spirit of education. Let's talk about that. You guys gave Chromebooks to over maybe half the student, well, about 50, 60,000? It's not one to one, so they're shared resources. They have carts throughout the schools. But we have between 50,000 or 60,000 Chromebooks on our network right now. So I imagine great for the students and the education, the firewall security may be a bit challenged. So as we started transitioning to the Chromebooks, it overwhelmed our legacy internet firewalls. So we had to go out and do perfect concepts and test multiple vendors. Talk about the security. Pat Gelsinger said on theCUBE, I think four years ago, Dave Vellante, co-host asked him, is security a do-over? And he's like, yes, it's a do-over. We need to do a do-over. I've said Mulligan, all kinds of terms, resetting. How have you guys set up your security architecture? Because I've heard stories of phishing attacks just to get the bandwidth to do Bitcoin mining to crazy things on security front. How are you guys laying out your network security? Honestly, it changes on a day-to-day basis, right? Because as new vulnerabilities come out, you always have to adjust your posture. So over the last year and a half, we redesigned to where we're not, we were routing through web proxies. We're required to do web filtering for the students by the SEPA Children's Internet Protection Act. When we've replaced our legacy firewalls, we were able to transition everything over to that and just use the Fortinet firewall to do web filtering, intrusion prevention, antivirus and traditional firewall. How virtualized are you guys? Pretty much completely virtual. We still have a few legacy physical servers, but pretty much all. So one of the things that we came up in the keynote today with Sanjay Pune, but yesterday Pat Gelsinger referred to was the bridging of the waves, you know, connecting computers together. But he mentioned BYOD, bring your own device as one of the waves and that was really the iPhone kind of generation. Obviously, kids got Instagrams and all kinds of devices, he says. How is that impacting your IT? Is it up and running? Is it solid? What are some of the details? We don't have a traditional BYOD policy. It's more teachers get devices and they bring them in and we just have to find ways to support it. So it stretches us, we're a small staff so we can't always help the end user with their devices. So if they bring their own device, we have issues, they're trying to use applications that we can't support for whatever reason. So it's an issue. So when you had this, obviously, that all the devices that come into the school, in addition to the 60,000 Chromebooks, needing to rethink your security architecture, what were some of the technical requirements that you were looking for that made Fortinet the obvious choice? Performance and cost, right? I mean, as we spoke about, we have budget constraints. So they have an extremely high performing firewall at a reasonable price. So after we did a proof of concept with five different vendors and theirs just outperformed them all. How about automation? Big talk in cloud is automation. How are you guys handling automation? Are you micro-segmenting? What's that? So we're transitioning to the NSX and Fortinet BMX for our server firewall. That's going to allow us, since we're a short staff, if our server team stands up a new server, my policies automatically take effect just through the use of their security tags. That's the FortiGate product, right? If the BMX. How is that working for you guys? We're still in the, we just did the proof of concept. We haven't transitioned our live systems over to it. But so far, all our tests have shown that it does what we expect it to do. What's it like we're in such a huge school district? I mean, it's basically like, I mean, it's probably like a case study in campus-wide networking. It's like, we look at it as we're an ISP, right? So every school comes through us. We always say that we're protecting the internet from our students. Students like to, we have smart kids, and they, they're digitally native. Yeah, they find ways to do things. And then, next thing you know, I'm getting a report by websites, and hey, we got students coming and throwing a tax at us. Yeah, I was talking to a guy in higher ed about the bandwidth, a huge bandwidth. So obviously people gaming, putting gaming servers out, all kinds of IP management issues. Fortinet's pretty hot, I'm sure. I mean, people are playing Fortnite, and you're- Hopefully we don't allow that, right? So. But this is what kids want to do. They're like born hackers. It is. They're curious. Yes. And it's a good thing, but you also want to basically make sure they're safe. Yes. That's pretty much what my job is. I want them to learn, but at the same time don't use it for malicious purposes. Yeah, it's true. One of the things I liked about the public sector is cloud really makes things more efficient. What are some of the things that you've seen with virtualization and with cloud kind of on the horizon? How has tech helped you guys be efficient and be lean and mean? Kind of the 10X IT kind of guy thing. We have, like you said, lean and mean, right? We have a very small staff. The school district's budget is $3.2 billion. And IT's operating budget is $20.8 million. So as you can see, we really have to be cost effective. And that's where virtualization comes into play. What are some cool techs? What's some cool tech that you like on the horizon? We hear a lot about SD-WAN. I'm sure that might be something that's cool for you guys. I like the VPCs, right? AWS Virtual Private Clouds, where you can set up your own network out there in Amazon's world. Attach it to your vSphere so you can have on-premise virtualization and out in the cloud. Oh, thanks, Beth. So one of the things that Pat Gelsinger talked about yesterday, we hear this a lot, John, is tech for good. I liked how he described it as it's essentially neutral. It's up to us, the Mware, everybody else, to shape it for good. I imagine that's challenging. We talked about the Fortnite explosion, which I have only heard of. But you've got so many devices. I imagine there's some amount of security gaps that are probably acceptable. In terms of reducing the maliciousness of some of the things that happen in there, tell us about some of the things that you're achieving there, leveraging such things as the automation. How is that helping you guys to enable the Chromebooks and the BYOD for good? Well, the automation frees up our time so that we can focus on the policies, the education, the different procedures for the district. This is why we're not spending time hitting the keyboard trying to review our traffic logs. You had a session yesterday which you were talking, a breakout session, and you were saying that there were some folks that were so interested in what you had to say. You had limited time in your session. Give us a little bit of an idea of some of the feedback or maybe even people that might be in your similar situation that want to learn from, hey, how did you guys tackle this huge problem? So they were from a school district in Nebraska and they wanted to see how we were handling and they just became a Fortnite customer. They wanted to see what trials and tribulations we had, implementing their equipment, any lessons learned, and we just had a conversation about where we see our programs going. It was about compliance. One of the things that's come up is managing the laws of the land. Luckily, I don't have much compliance, right? So we're not PCI, but SIPA's pretty much at FARPA, but the only reports that we really have to provide are for SIPA, we'll have to prove that we're doing web filtering. That's where the 40 analyzer comes into play. I'm able to just schedule the reports through there, shows that I'm blocking or based on categorization and we're good. What's the biggest thing you've learned over the past couple of years in tech and IT to be effective and to do your job? What's that learning? It's going to sound weird. It's going to sound weird coming from a security guy, but I think it's important to take the risk, right, accept the risk. So most organizations won't try a PCB equipment live, right? So I was the exact opposite. I put every firewall that we were going to try live and push our entire network through it. I mean, if it breaks some things, we figure it out, but I think that's the only way to get a true test of whether or not it's going to fit your needs. One of the things that came up yesterday, I interviewed Annie, a vegetable sign legend. They call the Rembrandt of chips and Pat Gelsman called him that, founder of Arista and other companies. He talked about how NSX has the security wrapped around the application more around NSX. That's freed up as security teams from handling a lot of the network security, which kind of like has been intertwined in the past. Do you, are you seeing that same picture emerge? That's why I'm transitioning to that, to get out of the traditional IP based firewall rules. It's not really what it was designed for. It was more for transport layers. So switching over to the NSX and the BMX, now we're basing it on the application and what its purpose is. What's the impact to you guys? What does that mean for your operations and your benefits or staff or what's the impact? It frees us up. So during the winter months when we're going to have a snowstorm, our server team might have to deploy some more web servers to handle the traffic that's going to come in. Before they would have to reach out to my team to get us some modified policy because they have a new device coming online. Well now they just tag it as a web server and it's automatically in the roles. You know, I love talking with these guys. I have four kids, two of them are still in high school, two are in college. So it's so funny how they all hack the report cards because there's sandboxes out there for testing the new curriculum. So they all get it and they all share it and the school says that I know, well that's not actually officially updated yet. So the kids are smart. Like you said, they get what a sandbox is. They don't know why it's there. They know how to get to it. So you guys, student elections, all kinds of things that go on in the academic world that have been digitized that are vulnerable. You have to handle that. How do you, how do you stand times it? Fortinet help you there or what's the main, main way to keep the secure access? I mean, that's why we're going with the BMX, NSX, the micro segmentation. It really takes the effort off of us and allows the appliances to do what they're intended to do. That's awesome. Well, it's a great case study. Any advice for practitioners out there who are in your seat in their world who might be looking at, okay, I got to reset. I got to start rethinking things. I got to do more with less. I got to be lean and mean. It's kind of come in and control, but you got to manage it. You got a lot going on. The battlefield of IT is changing. So what's your advice? Take the risk. Try it out. I mean, I just recently hired another engineer and on his first day, I pretty much told him, go ahead and break something. It's all right, we'll figure it out. We'll fix it. But so he has his own little lab and I'm like, just go mess around and figure it out. Play, do some R&D, kick the tires. Yeah, that's the best way to do it. Keith, thanks so much for coming on theCUBE. Really appreciate it. Awesome. It's CUBE live here in Las Vegas. Stay with us for more coverage after this short break.