 Okay, we're back live here at HP Discover 2012 in Frankfurt, Germany. This is Silicon Angles theCUBE, our flagship program, where we go out to the event, extract the signal from the noise, and this is the geek segment that we're going to be geeking out on network virtualization, hottest area, really in the marketplace right now, in my opinion, network virtualization, really at the core level. So now then call it software-defined networking, and now it's being extracted to software-defined data center where the end game will be, and HP has three shipping products in this area and are in great position and are leading this software-defined data center movement, but software-defined networking has been the hottest thing. So Mike Banek of HP, networking, and Walter Kern, our vice president of network services and information security at HBO, pioneering some new developments with HP around some new apps around security. So we're going to have a great conversation and we're going to geek out. Guys, welcome to theCUBE. Mike, welcome back. Thanks a lot, John. And welcome to the first time in theCUBE. Thank you, John. So first, let's just jump right into it. So, Mike, SDN is hot. Nasera got it on the mainstream in terms of the press, the billion dollar acquisition of a startup, amazing number, huge premium. Obviously Silicon Valley was doing handstands, a lot of money flowing in there, but you guys had a product first. This is not new to you. Where are we with SDN? Give us a quick take of SDN market and where you guys are and where you were. You were one of the first ones to have Shipping OpenFlow. That's correct. So HP has been really driving the innovation around software-defined networking. We started back in 2007 when we started working with Stanford University in Berkeley. We were working with Nick McHugh and Stanford around the Ethane Project. And that was what OpenFlow was when it first started before it was even called OpenFlow. Nick contacted HP because he needed to work with an infrastructure vendor. This whole notion of creating an abstracted control layer and programming a network. You need network infrastructure to program. So we reached out to HP Labs and we actually kicked off a development program, started writing the code to make the infrastructure programmable. At the end of 2011, we made available 16 different network switch platforms that supported OpenFlow 1.0. We expanded that in October to a total of 25 platforms. Right now there's 15 million ports in market. Of SDN switches that have ports. Well, they're network switches that support OpenFlow and by nature of supporting OpenFlow, they are now able to be part of an SDN infrastructure. Because remember, there's three parts to an SDN infrastructure, or to an SDN architecture. There's the infrastructure layer which must be programmable in a consistent way, regardless of the vendor. Then there's the control layer where the controller provides the way to program the infrastructure to bring the application to life across the network. And then there's the applications of which we've announced three of them. One for network virtualization, one for security called Sentinel Security App, and one that a partner or customer of ours built, CERN, they built a load balancing application on our RESTful APIs for the controller. So Walter, you're involved in the security app. So network virtualization is an innovation area that's going to speed up the bottlenecks that has been solved in the server virtualization and now with storage. A lot of good stuff happening in storage and servers. Networking was like the last little tweak that needs to be, so this is a key area for a lot of people. So security being one of them. So just give a quick overview of what you guys did and are doing with HP right now, then we'll jump into the Q and A. Sure, John. The conversation began about a year ago with some conversations between us and some HP networking executives around the changing nature of malware and the changing nature of threats and the traditional architecture of putting security devices at the periphery, firewalls, IPSs, and how a world where malware can get into the network via drive by downloads and mobile devices and USB keys and all kinds of ways that evade edge detection, wouldn't it be nice to be able to put security at every network port? A couple of weeks later, we started having follow-up discussions and what we wound up working with HP on is leveraging HP's tipping point IPS software and loading that so that it's available to every single port in the network. And that's what we've been testing over the past several months. So security is interesting. I mean, I first met Mike at another company that's in the networking business and you get Cisco out there. It's kind of this cold war going on between on the security side. Do they all have to work together? I mean, do all the vendors have to work together? And when you do the security, is it specifically just for HP only? Is it multi-vendor? How does that all work in terms of the, in this area of network virtualization? What's your approach for security? And can you guys pull this off? Well, I would answer it two ways. First of all, in some ways there's benefit in having a couple of vendors involved in your security because sometimes you have multiple locks on your door in case one is defeated, you want to have another. So I think that that's a good thing. I think that to Mike's point, the APIs around SDN need to be open. So if other vendors want to write into this space, I'm sure that would be something that HP would be interested in. Absolutely. You guys can pull it off now, but do you need multi-vendor support or they can just come in and support it later? Well, you know, one of the things that we have stated very clearly in our SDN strategy is we are open. We don't believe that closing things off is going to be the right answer for clients because somebody asked me yesterday, what do you think is the number one mistake people make with SDN? And my answer was they're limiting their imagination. We're at the beginning of a possibly 10-year cycle, just like when we started with VoiceOverIP in 1998, it was a 10-year cycle that we got to the point where we have unified communication collaboration. It's going to be very similar with SDN, but much, much bigger. There are so many things that can be simplified and automated with SDN that we can't limit our imagination. So as a key tenant of our strategy, we will stay open. We started that trend with support of OpenFlow and leading the market there. Our open APIs on our controller enable third-party to make it right in application. They allow for third-party integration into orchestration with OpenStack. There's just a tremendous amount of opportunity for an ecosystem to develop around an industry leadership position that we've staked out in the marketplace. And you know, when I look at the innovative thoughts that Walter brought to us about how we could take what we're doing in tipping point, you know, one example I want to leave you with of how HP works in a very open way in the security community. We are one of the leading researchers around threats. We have a group of dedicated employees in HP, but we also have a network of 1,400 of the researchers. And we share these threats with the community so that other people can benefit from that research to provide protection in their products as well. So first of all, I love what you're saying because I agree with you 100%. It feels that way. And I think you're in the trenches. You're leading it. You're leading it. And talking around, we're getting the same feeling that, wow, this is just like not even the first inning. It's like warm up, right? So programmability is the key, right? So we're talking about programmability, right? Software, you've got scale with virtual machines, virtualization, you can do some cool things, but then unimaginable things are coming around the corner. So what does that do from the personnel standpoint? Who's the developer? Who's coding? Is it the DevOps guy? Is it the network guy? How do you guys put this collaboration together just can you just walk us through, Walter, like the steps that you did with HP, like you just wake up one day and say, hey, you know what, I'm going to start programming security app with HP because one, you needed it probably, right? But so how do developer, how do these guys engage? How do people that want to do something engage? I guess that's my question. So where this began was with an idea around most of the current network product, network security products out there and their position at the periphery and the fact that more and more traffic and more and more things go on that those devices can't see. Started some very casual conversations with HP, but just saying, hey, not only do you have some network assets, but you also have some software assets and tipping point and what can you bring together here? What can you do to leverage multiple assets to solve this problem? And we had a lot of conversations about how the product ought to work and how fast it needs to be and what the throughput needs to be and at this point we have a switch running prototype of the app and next month we're going to put it into very, very limited production and we think it'll go from there and the thing that's really interesting to me about it is that the first thing we're doing is proving that you can put IPS on every ethernet port. But I think what we're really proving is that the SDN architecture allows you to make decisions on the fly in the network based on very sophisticated decision criteria whether those decision criteria are against load or against security issues or against authentication or any number of things but the idea is that you can look at traffic in real time make complex programmable decisions and move forward. Who programs those policies? Is it dynamic? Is it threshold? You set up thresholds or? So what we're doing is we're leveraging an existing application. We're not in the business of writing security code. We're leveraging tipping point. So to the degree that tipping point has programmable thresholds and parameters we're working together. So you're using the interface of tipping point on their switches that are open flow supported. That's exactly right. And one of the key benefits is that you make those policy decisions once and you then get the enforcement throughout the entire infrastructure whereas there's a couple of things that SDN is doing in terms of the security application. One is as Walter points out you couldn't bring all this traffic through a single appliance or even a group of single appliances that you band together to get more throughput because you just can't do that. You can reach a physical limit. So here you get the network infrastructure to do the heavy lifting that would normally be all processed by that appliance. The second thing is you get the scale. It goes everywhere and you don't have to program device by device. Whereas you're configuring before this IPS appliance you have to use export that configuration and install some place else. Hey here he gets to do it once and he can actually start to put controllers in multiple office locations and have them all key off each other. So it just trickles down. And that's really powerful in terms of the operational savings it gives him and allows him to be able to make changes without having to schedule the kind of outages or downtime that you might have had to in the past. Yeah now we've talked about network configuration in the past and how this could be it. But Mike I want to ask you a question because you've seen the movies a few times in the networking business, the cycles of innovation. You have leadership, we said the early the 90s, the 80s and the 90s and TCPIP did all that stuff. And then it became a best of breed. How many ports can you have and density, port density, the port wars. And then now this is like a whole new threshold of transformation. So kind of best of breed kind of goes away to the ball can be moved down the field in a big way. So I want to ask you what do you see as the biggest home run here, the biggest advancement from a transformation standpoint that's going to create a new industry? Because that's what people are talking about and I want to get specific if you can. Yeah so I think kind of the bigger picture here is solving the operational complexity. You know you're absolutely right that just a short number of years ago there was still this focus around, you know I've got a new box, it's got more ports, it has more throughput and it's going to help you scale. And we're at the point now where the networks that people have architected they've solved those problems. What they're really trying to address now is how do I get the agility that I need? They see what they can do with server virtualization with policy-based tools, storage virtualization with policy-based tools, and now they're looking at their network and they're back at the stone age of having to copy a file from their C drive to a floppy disk to take it home. They want policy-based tools in the same way. They don't want to be sitting there at command line interfaces because that takes a lot of man hours. We actually sat down with Beery to talk about well what happens in the HP cloud environment when you have to make a certain number of provision changes a day across the number of customers that you're serving. Well you know we calculated the amount of man power you'd have to do it, it's untenable because he wants self-service interfaces. That whole notion of doing that in a cloud is something that customers want across the entire network. They want to be able to have no IT staff in the branch, but be able to have that one touch delivery of service changes, configuration changes, and they want tools that actually start to bring the network guy together with the server and the storage guy for the DevOps benefit, right? Where you work together in the beginning, you define things, you code it up, you deploy it, you find you need to make improvements, you're able to make those changes rapidly, and so SDN for us is an integrated part of our overall virtual application network framework. And that's something we rolled out in June. We have customers using that today and they love it because they came to us with real problems. How do I stand up and exchange instance? I've got eight virtual machines. It takes me weeks to configure the network to deploy that. We have our technology services group in our Italy Innovation Center, short drive from here demonstrating you can provision exchange in five minutes, deprovision in seven, repeatedly. That's saving the human middleware, that's so expensive. Yeah, that's the operational transformation is just amazing, but really what you're talking about is automation in a way that is so game-changingly obvious, like the exchange example. I mean, remember, if you try to move a box from one closet to another building, you get a migration plan for two weeks. What if it goes down, you want to move a router or move a switches around? So I totally get that. Walter, I want to ask you the same question from your standpoint. Mike has a good view of vision there around how the infrastructure's changing and where it's going, but as someone who has to day to day do your and run your infrastructure, you don't have the super geeks at HP right in switches, you got to just run your infrastructure. What's transformative for you? What's the key future game-changing for you? Is it security? Is that the number one thing? I think there are two levels of game-changer. I think that if this architecture does what we think it's going to do, our network is going to be more secure. I think that's clear. I think on a larger basis, going back to Mike's analogy about the Stone Age, networks were designed to be administered in a very structured way. I knew that my servers were here and my workstations were here and these kinds of things happen. But now everybody is mobile and everybody is doing everything from everywhere and people are doing live webcasts from the middle of show floors and even if I could spend enough money for enough administrators to make the changes that I would need, I can't do it fast enough. The networks need to start to figure this stuff out on their own within policy and that's where I think this ultimately goes. You know, speaking of mobile, Walter reminded me of an important thing. When we were talking with him about central security app, one of the points that he made is somebody brings in a device that he may not have issued or even if he issued the device, they let somebody else use it, like their kids. They go off to some place and all of a sudden it's like they've gone to a nefarious website and they bring that into work and that device might not actually be doing anything bad when it's brought into the business but it's now doing things that look fine and aren't captured and what we've talked about in innovating central security app is how do you actually protect against that and make the devices that you have to have, this network switches, help to protect against things like that that don't look dangerous but they happen outside the building. Okay, Mike Bannick and Walter Kerner of HBO. This is a great segment and we went over, we're getting the hook, people yelling at me, we're behind schedule but you know what, I really wanted to get that in there because I was a witness with Bethany Mayer on theCUBE. You guys were first with open flow shipping, you got now 25 switches of millions of millions, 15 million ports, congratulations and look forward to following up. We'll be right back with our next guest after this short break. Next time.