 San Francisco, extracting the signal from the noise. It's theCUBE, covering VMworld 2015. Brought to you by VMworld and its ecosystem sponsors. Now your host, Brian Grace Lee. Hello everybody, welcome back to VMworld 2015. We're here with SiliconANGLE's wall-to-wall coverage of VMworld 2015 here in San Francisco. We're over in Moscone North. This is the director's set. We're doing something a little bit different this week. We're trying to do some more in-depth discussions. Obviously we have tons of the executives here from VMware, all of the ecosystem partners, but we're going to dive into a little more technology today. Really excited for this panel. Shangliang, founder of Rancher Labs. Nick Weaver from Intel. Brandon Phillips from CoreOS. We're going to dive into containers, really get into this stuff. Guys, thanks for being on the show. Really appreciate it. Thanks for having us. So this year was very interesting from VMworld. Literally, if you said, what does VMware think? What did the ecosystem think about containers a year ago? It was looked at as a threat. Is it going to replace VMs? Is it a threat to VMware? This year it's on the keynote. They're talking about it, they're getting into it. Every one of you is involved with containers, whether it's the technology you've developed yourself, whether it's doing things with Docker. Talk about what you're doing with containers, each one of you, and then we'll kind of get into some of the depths of it. Yeah, I mean, I'll start. We have Rancher Labs has two projects. One is called Rancher OS. It's a very small footprint Linux operating system distribution optimized for running containers. So a little bit like VMware Photon and CoreOS. And we have another product called Rancher, and that's a management platform for managing containers in production. Right, right. And your background for folks that don't know you basically were the inventor of what became CloudStack. Right, back in 2008 I started a company called Cloud.com and we developed CloudStack. Right, right. So one of the things I'm excited about with the panel and I need to go through with all, every one of you guys are builders. So Nick, you were obviously a huge part of building vCloud Air, Brandon, you built CoreOS, you were doing things at Rackspace. Talk about, some of this is evolving. I mean, I met Brandon a couple of years ago, he came out and he said, yeah, we're building a new version of Linux or a new distribution of Linux. And I remember thinking, that's crazy. We don't need another one. And now we've got a couple, multiple just enough OSs. Brandon, talk about what you guys saw as the reason for, not only being involved with containers but building that new foundation for, how to run containers in container environments. Right, so the namesake of CoreOS is CoreOS Linux. And we started there, we kind of saw some problems in how very large systems were having to be put together and the problems of maintaining those systems over time. And a lot of that related to the operating system and the application being conflated. And so we saw an opportunity to kind of reinvent how operating systems were put together. And in order to do this, containers are necessary. And what containers enable is this clean separation between what the operating system means and then what the application means and what the application brings along with it. So that was kind of where we started was, we wanted to rebuild an operating system in a world where containers were the first class to be put in for shipping and distributing software. And you guys really kind of pioneered that new space of just enough OS, obviously ranchers building it. Ubuntu's got a version of it. Red Hat's got Atomic and so forth. So taken off, Nick, with Intel, you're with the software defined infrastructure group. You're involved with all of these, both these guys with the projects. What's Intel doing around containers? Because sometimes people think about it as Intel as being the hardware company. What kind of stuff are you guys working on? Well, I mean it's, we are a hardware company but ultimately all that software has to touch hardware at some point. So for us it's a couple of things. One is we look for emerging stuff that's kind of innovative for our customers and then we look at ways that we provide value to that. And a big part of that is having conversations with Core or with Rancher. And if you look back at like the virtualization roadmap, I mean virtualization started out as simple binary translation and these things that didn't exactly work really fast because they didn't use the hardware in the most effective way. And then Intel developed a lot of different things like VTX to offload and to enable those to accelerate to a much faster level. And then you get conferences like this built on that platform, right? So for us it's the same kind of thing. We're looking and saying, okay, what are the problems? Like where are we at right now? What are the gaps and how do we provide value? How do we secure containers in a better form? How do we accelerate the components? Like the schedulers or the distributed storage systems that run on top? Because containers is one story. I like Core OS' story a lot because they look at not just the OS level and Rancher does the same thing but like how do you orchestrate and how do you manage? What does that full stack of components look like? And so for an Intel standpoint we're looking at not just the runtime and the OS but even further up. Like where are the bottlenecks in an entire stack? Yeah, yeah. So for a lot of the VMware community containers are very new. When they heard about Project Photon or vSphere integrated containers it was like, okay I've heard of that stuff but I don't really know about it. You guys are really more on the bleeding edge, the leading edge of that. Talk about how that's evolved. You guys aren't just making a container, it's how do I manage it? How has that evolved from your perspective? Just over the last six months even. Yeah, the way we see the big opportunity of containers is by being a universally available, highly efficient packaging and runtime format we can really build everything optimized around it. Starting from infrastructure like Nick said then even the full stack management. And I think that's a huge opportunity. I think just like say virtualization have had the opportunity to essentially transform the industry and establish a whole new ecosystem. I'm personally extremely bullish about containers as well. I think it's going to be an extremely core part of the computing infrastructure going forward. Right, and you guys obviously you're building not only core technology but how to manage that. Like talk about one of the things that we hear a lot from people that they love containers because they're easy to package applications, they're easy for developers to use. But talk about how important it is to have more structured platforms in place to manage them because you can get into container sprawl. Right, I think again we've seen exactly the same sort of stuff happen with virtualization and eventually you see infrastructure as a service cloud, data center automation tools that came in to help solve the problem. And I think you see very similar things happening with containers. As you know so far I would say majority of the container adoption has been with developers and DevOps teams and continuous build, continuous integration. But as that usage move from that type of environment into large scale production environment then demand for large scale orchestration, large scale management begins to rise. So we're concentrating on that problem. Make it simpler. Now Brandon, one of the misconceptions a lot of times is people tend to think well containers feels like it's infrastructure but it really, the benefits in a lot of cases are really for developers. It's make it easier for them to have consistency, portability. You guys have a unique model because not only do you build technology but you manage it for them as well. Talk about what your interaction is with your customer and who is the customer of CoreOS? What do they expect from you? Right, so I think that the interesting thing with all this new technology around containers is that it is enabling people to start thinking about their applications in a different way. With virtualization, the toolkit was very difficult to work with and so the exciting piece of containers is that I'm able to more rapidly go from this developer has code to it's deployed on top of a production cluster of machines rapidly. And so the packaging piece of the containers kind of what's enabled that but what people are actually looking to do with that they got really excited because as soon as they got that new capability of being able to package the app and move it they're like I want to make sure that my application in case of failure of individual machines or in case of a hard disk going down that my application continues running and so all this orchestration stuff and this distributed system stuff is what they come to CoreOS for is they expect us to have good opinions on well I have my app package in a container but now how do I make it a production thing that has service discovery and load balancing all these pieces over a set of machines. Now one of the big topics this week is Pat Gelsinger talked about hybrid cloud, unified hybrid cloud. VMware's version of that is very VMware technology centric. It's ESX everywhere talk a little bit about when you hear customers and you talk about portability what's their version of what a hybrid cloud looks like when you're talking about containers because it's a different way to deal with portability. You can involve a lot more cloud environments. Right, so what people actually want is they want to be able to essentially have the exact same orchestration thing happen whether they're running it behind their firewall running it in a public cloud somewhere that's always been the goal. The challenge has been that that portability story just never fully clicked together for virtual machines and so the interesting thing here with application containers is for the first time we actually have an opportunity to make that happen and so over the last two years we've been finding what does the container image look like? How does orchestration look between clouds? So things like Google Kubernetes project have started to define generic abstractions that then can plug into the underlying platform whether that be VMware or the public clouds, et cetera and I think that's our actual opportunity that we're seizing there is defining the upper level APIs and then plugging them into the infrastructure that we are that already exists. Yeah, so it gives them a different way of thinking about sort of hybrid because they don't have to think about some of the underlying, so that one of the things you mentioned, Kubernetes, we've talked about some of the other scheduling and orchestration. For some folks, those names in terms may not be super familiar. We just wrote a piece on Wikibon Research sort of builds out what this new container stack look like, we recommend you go take a look at it, we'll post the URLs and so forth. Nick, you've been around the virtualization community a long time, was that VMware? Was that involved with it? Where do you see the container ecosystem right now in terms of maturity, in terms of building out entire systems and so if you had gone back to your customer days, how comfortable do you feel in building out a container environment? If I was a customer right now, I would at a minimum have this heavily in lab use. And I think it depends on the use case. I liked what you said about developers. So if you can go back into VMware days, and I was a customer of VMware, that's where I got my start, I ran a shop where we had eight to 10 different developer workflows for these online web applications, right? It was a startup. And we use VMware because the ability to spin up developer environments was our biggest bottleneck. Production actually wasn't the problem, it was the amount of developers we had working at the same time in all the different staging environments, right? And so it was through the development channel and the software development lifecycle that we actually got tied to virtualization and realized the value. And I think we're kind of in the same game here in that if you look at the issues around trying to make DevOps successful and scale and manage all that change and all those business features coming out, containers provide a really agile way of packaging the application, being really declarative and biased about how you want to do it. And I agree with what the Kubernetes work too. The Kubernetes provides a really interesting and biased application model for how you can build those applications in a way that makes them highly portable. Ultimately, I actually like what the CoreOS guys say on stage a lot, in that it's that whole Google infrastructure for everyone else. Because Google's been doing this for, as far as we know, seven to eight years since the first time they put in a C groups patch to Linux, right? And they run some of the largest, widest scale apps, they're extremely focused on their app developers and on those app services they want to build. And this is the model that works for them. So for me, like CoreOS says, it's this thing where it's an evolution and every shop will take it at different levels and put it at different spots. But I think we're all going to, in some way or another, go down this path. Yeah, yeah. So one of the big topics as you dive into containers more and more and you want to think about putting them into production or other, is security. So I'll throw this out to any of you. Where do you, how do you look at security for containers? Obviously, CoreOS has a way of looking at it. Some people want to look at, do I still need virtual machines? Do they provide a security feature? Do I look at other things? What are you guys looking at from, how do I make things more secure or make people feel more comfortable with them? Chen, go ahead and jump in. Yeah, absolutely. I mean, I think security is certainly a very important issue. I think that's one of the reasons why virtual machines and containers will coexist for a long time. What we see today is for multi-tenant environments, for environments where people want it very good storage, networking, isolation, right? And virtualization is just a great technology for that. Containers just by virtual, very tight coupling between the application and the operating system kernel, the surface area that you need to protect is just much bigger. But there's tons and tons of work going on in the industry to actually improve that. So I'm optimistic in the future, the native security capabilities and isolation capabilities coming out of containers will be dramatically improved. Yeah. What about you guys? So a lot of people use virtualization as a way of just getting the infrastructure up and running. So Nick mentioned working in a web shop, the web shop is deploying their applications on top of virtualization. And I think that's a very common use case for a lot of folks. Essentially the trust domain is the developers running and deploying their own code. And so with containers, it's actually an improvement in the security stance because before it was all these applications running on a single virtual machine without any sort of boundaries of memory consumption or the file systems they were able to consume. And with containers, we're actually setting new boundaries. We're saying there's actually going to be limits on how much of the resources of the machine you can consume. There's going to be isolation of what pieces of the file system and what piece of the operating system you're able to touch. So if the trust domain kind of holds how people were traditionally deploying applications before containers and they have that same trust domain with containers, we've actually improved, I think, overall their stance. Okay. Given a smaller footprint, sort of well-defined roles, the OS becomes smaller, smaller attack domains. Right. Nick, talk for a second. There was an announcement a couple of weeks ago. Well, Intel had announced something called Clear Containers a couple of months ago. And then last week there was a big announcement with CoreOS that I assume may get extended, but talk about what that was and draw some parallels to what it meant back in the virtualization days. So we had our Clear Containers announcement which was out of our open source technology center. So they do a massive amount of work in the Linux kernel, all kinds of open source projects. Intel does a lot of work to contribute and enable open source. And out of that, they built this amazing lightweight Linux OS that boots in microseconds that is highly secure. It attaches to a lot of our VTX stuff. And they went and actually prototyped the ability using Rocket, which is the container runtime CoreOS is built, to stand up a container inside of a very lightweight, tiny VM, like wrapped very thin. And it starts up like 100 milliseconds. It's a super lightweight, super tiny, but you still get the trust boundary of the VMs. You start two of them next to each other, they can't outbreak those things, right? So you avoid some of the interesting security things we're solving with the Linux kernel right now. Out of that, we said, no, this could be really easy to go upstream into the rocket, work directly, instead of being a prototype. We actually worked with CoreOS. We had developers on both sides working together and we wrote a patch, built the thing, and then patched it in, and I believe it was 0.8 is the rocket version that helps support the ability to actually turn on and deploy a regular container. So a Docker image or a AppC image or something into an isolated, tiny, super lightweight VMs. You get all the benefits of the VM isolation, but nowhere near the overhead to do it. So we're relearning from some of the things that we saw in the past, taking advantage of the hardware, and the beauty of it, and every one of you participating in this, every one of you are super active in the open source community. I mean, this is direct projects that you build, but also interoperable projects between different things, whether it's Kubernetes, something Intel's contributing, which you guys are doing. So you talked about clear containers. Some people might immediately go, wait a second, is that yet another container format? Give us a take real quick. You guys been involved with the container format, where that evolution's gone? What is the standard now, or what's evolving with the standard with containers? I'll let you take them. Sure, so the ultimate vision here with the container formats is that a developer is able to build once, sign that with some cryptographic primitives so that another user is able to verify it was this developer who built it, upload it to the internet, ideally in one location that they own, and then any sort of system, whether that is VMware's Photon, or Docker, or Rancher OS, or whatever, is able to download, verify, and execute that payload. Today we have kind of a few different options for this. I think over time, ideally we end up in a place where there's a single shared format. There's ongoing very early work in a standard's body called the Open Container Initiative, which was formed around the LF, the Linux Foundation recently. That work is very early, but I think that over time, ideally we end up in this location as an industry where we're able to share a standard format, and developers are free from having to worry about, oh shoot, sort of this ISV problem of, oh shoot, did I package it into, for REL 5, and then did I also package it into SUSE, and then ideally we actually fix this and enable people to worry, stop worrying about the platform they're running on, and worrying about shipping secure regular updates to their software. I think everybody wants that too. I mean, from an intel perspective, the idea of getting into just a common, open standard is a great way of also figuring out some of the security problems, the performance issues, and being able to really extend that, and so for us, that's why we got involved. It's a huge leverage for what we want to get done. Yeah, yeah, no, I look at this, and I hear what you guys are saying, it's we have the possibility of potentially doing multiple clouds more easily than we did before. We're learning in some extent from the technologies we used before, how to better leverage hardware, how to do things. Things are being done in the open, we've got really vibrant communities. Yeah, yeah. And you've now got VMware and Microsoft really actively caring about containers, both Linux and VMware. It feels very good. So as we sort of start to wrap this up, and I'm going to give you guys each sort of elastic, what are you, as you're talking to your customer base, as you're talking to people, what's your message to them about, what to do with containers, how to engage them, how to make their business more agile by taking advantage of it? You know, what we see is most customers are actually able to adopt containers fairly easily. I think one great thing about containers is you get return on investment very quickly without having to make, you know, unlike say private cloud, or even virtualization. You know, generate quite some hardware, some building some clouds, right? Whereas, you know, for most organizations, you can literally start to repackage, say your JAR files, or your zip files in containers, in application containers. And then all of a sudden, the discrepancy between the building environment, development environment, and production environment largely goes away. And they get benefited immediately. Then eventually, you know, they get exposed to some of the more advanced technologies that we're developing. So we would certainly encourage our people, you know, a lot of enterprise that we talk to, just start using it any way you can. And the barrier for adoption is very low and the return on investment is very high, yeah? Nick, or Brandon? Go ahead, Nick. Sure. I think a very similar story is essentially what we want to enable is for developers to really effectively move from what is on my laptop to in production. And in order to do that, there's some very well-established good patterns that, you know, the large organizations like Google and Twitter and Facebook have established, people get really scared off. They're like, oh my gosh, I'm nowhere at the scale of Facebook or Google. We're not talking about scaling to millions of machines. You don't need a data center in every single county in the country. What we're talking about are the well-established patterns of how do I, you know, do the service discovery? How do I do the machine maintenance so I don't think about and care about all these different failure domains that are going to be very common in the network and the virtualization layer everywhere? And just enable a new way of thinking about how do I go from code to in production? Yep, yep. Nick, last word? I would say three things. One is you really have to look at your operational staff or your people and kind of what he was saying it and give them an opportunity to go look at these new patterns. So there's the people inside Google who run 10,000 servers per person who do a very sophisticated job and use sophisticated tools, sophisticated mechanics that CoreOS and Rancher are trying to bring out in the open for everybody else. Make it simple, yeah. Yeah, man, let's make it simple. And so there's an educational practice on, like he was saying, service discovery becomes different. The way applications are written, ultimately it can become very different. And so exploring those concepts, rocking them and really getting to understand those is really, really important. They're not actually too complex, but you got to kind of step back a bit and take another look at it. And the second thing is, I think it's really, really critical is because of all this open nature and this open conversation as a customer, you have to give feedback. And as much as I like to see us with Intel involved and I like to be on the stage of these guys and cooperating with Google and having conversations with Microsoft, I want to see the big shops who are interested come in and say what their experiences are. What are they not like? What do they do like? And provide feedback in these same exact communities. And my favorite thing to see is when you see like, I don't want to name some big companies. We used to take a Fortune 100 company, joined the same foundation that CoreOS joins and start interacting with it because they're ultimately the user. I love that thing. Because it's the same collaboration that Google does internally, we're going to do externally as a group. And the third thing is basically back to labs, test it. I mean, Intel, we're working very hard to get some reference racks. So we can say, we know this small scale or this rack or two will work. But look for ways to plug it into a shop, buy in a little bit, and find ways to let your people test and play with it. Because ultimately, there's a lot of stuff internally that's not going to work. But there's probably, every shop probably has 10 to 20% of their stuff will pour it over extremely easily to containers and there's a material benefit out of it. The trick is now is trying to find out what that is. Yeah, yeah. No, I think, you know, I mean, three of the biggest takeaways are, you know, this is really the foundation for people talk about DevOps, they talk about cloud native applications. This is at the core of people building those applications. You've got the big guys now getting involved. You've got robust open source communities and startups that are getting well funded. Is it 100% mature where virtualization is no, but it doesn't need to, you know, it doesn't need to be right now. It gives you business agility. It lets you do things very quickly. Guys, I want to thank all of you for being on for this. We're going to wrap this up. This has been live wall-to-wall coverage here on Silicon Angles theCUBE. Here from beautiful San Francisco here in Moscone North in the lobby. VMworld 2015. Stay tuned for more about containers from Wikibon as well as from Silicon Angle. Thank you very much.