 Live from Orlando, Florida, it's theCUBE, covering Microsoft Ignite, brought to you by Cohesity and theCUBE's ecosystem partners. Welcome back everyone to theCUBE's live coverage of Microsoft Ignite here in Orlando, Florida. I'm your host, Rebecca Knight, along with my co-host, Stu Miniman. We're joined by Joachim Hammer. He is the Principal Product Manager at Microsoft. Thanks so much for coming on the show. You're welcome. Happy to be here. So there's been a lot of news and announcements with Azure SQL. Can you sort of walk our viewers through a little bit about what's happened here at Ignite this week? Oh, sure thing. So first of all, I think it's a great time to be a customer of Azure SQL Database. We have a lot of innovations. And the latest one that we're really proud of and we're just announced GA is SQL Managed Instance. So our family of database offers had so far a single database and then a pool of databases where you could do resource sharing. What was missing was this one ability for enterprise customers to migrate their workloads into Azure and take advantage of Azure without having to do any rewriting or refactoring. And Managed Instance does exactly this. It's a way for enterprise customers to take their workloads, migrate them. It has all the features that they're used to from SQL Server on-prem, including all the security, which is of course, as you can imagine, always a concern in the cloud where you need to have the same or better security that customers are used to from on-prem and Managed with Managed Instance, we have the security isolation, we have private IPV nets, we have all the intelligent protection that we have in Azure. So it's a real package. And so this is a big deal for us and it went to the general purpose version, when she ate yesterday actually. The announcement. Security is really, really interesting because of course, database is at the core of so many customers' businesses. You've been in this industry for a while. What do you see from customers as to the drivers and the differences of going to public cloud deployments versus really owning their database in-house and are security meeting the needs of what customers need now? Yeah, sure. So you're right, security is probably the most important topic or one of the most important topics that comes up when you discuss the cloud. And what customers want is they want a trust, they want this trust relationship that we do the right thing. And doing the right thing means we have all the compliances, all that we adhere to, all the privacy standards, but then we also offer them the state of the art security so that they can rely on Microsoft on Azure for the next however many years they want to use the cloud to develop customer leading edge security. And we do this for example with our encryption technology with Always Encrypted. This is one of those technologies that helps you protect your database against attacks by encrypting sensitive data and the data remains encrypted even though we process queries against it. So we protect against third-party attacks on the database. So Always Encrypted is one of those technologies that may not be for everybody today, but customers get the sense that yes, Microsoft is thinking ahead, they're developing the security offering and I can trust them that they continue to do this and keep my data safe and secure. Trust is so fundamental to this whole entire enterprise. How do you build trust with your customers? I mean, you have the reputation but how do you really go about getting your customers to say, okay, I'm going to board your train? That's a good question, Rebecca. I think as I said, it starts with a portfolio of compliance requirements that we have and that we provide for Azure SQL Database and all the other Azure services as well. But it also goes beyond that. It goes, for example, we have this right to audit capability in Azure where a company can come to us and says we want to look behind the scenes. We want to see what auditors see so that we can really believe that you are doing all the things you're saying like you're updating your virus protection, you're patching and you have all the right administrative workflows. So this is one way for us to say, yeah, our doors are open. If you want to come and see what we do, then you can come and peek behind the scenes, so to speak. And then the third part is by developing features like we do that help customers, first of all, make it easy to secure the database and help them understand vulnerabilities and help them understand the configurations of their database and then implement the security strategy that they feel comfortable with and then letting them move that strategy into the cloud and implement it. And I think that's what we do in Azure and that's why we've had so much success so far. Early this week, we interviewed one of your peers, talked about Cosmos DB. There's a certain type of scale we talk about there. Scale means different things to different sized customers. What does scale mean in your space? Yeah, so you're right. Scale can mean a lot of different things and actually thank you for bringing this up. So we have another announcement that we made namely hyperscale architecture. So far in Azure SQL DB, we were pretty much constrained in terms of space by the underlying hardware. What, how much storage comes on these VMs and thanks to our rearchitectored hardware, sorry, software, we now have the ability to scale way beyond four terabytes which is the current limit of Azure SQL DB. So we can go to 64 terabytes, 100 terabytes and we can, and not only does that free up from, free us from the limitations but it also keeps it simple for customers. So customers don't have to go and build a complicated scale out architecture to take advantage of this. They can just turn a knob in our portal and then we give them as much horsepower as they need to including the storage. And in order for this to happen, we had to do a lot of work. So it doesn't just mean we didn't just rearchitect storage but we also have to make failover faster. We have to continue to invest in our online operations like online index, rebuild and create to make those resumable, pause and resumable so that with bigger and bigger databases, you can actually do all those activities that you used to do without getting in the way of your workloads. So a lot of work but we have hyperscale now in Azure SQL DB and so I think this is another sort of something that customers will be really excited about. Sounds like that could have been a real pain point for a lot of DBAs out there. I'm wondering, I'm sure as a PM, you get lots of feedback from customers. What are the biggest challenges they're facing? What are some of the things they're excited about that Microsoft's helping them with these days? So you're right, this was a big pain point because if you go to big enterprise customer and say, hey, bring your workload to Azure and then they say, oh yeah, great. We've got this big telemetry database here. What's your size limit? And you have to say four terabytes that doesn't go too well. So that's one thing that we removed that blocker, thankfully. Other pain points I think we have by and large, I think the large pain points we've removed, I think we have small ones where we're still working on making our deployments less painful for some customers. There's customers who are really, really sensitive to disconnects or latent variations in latency. And sometimes when we do deployments, worldwide deployments, we are impacting some of these customers. So this is a pain point that we're currently working on. Security, as you said, is always a pain point. And so this is something that will stay with us and we just have to make sure that we're keeping up with the security demands from customers. And then another pain point, or has been a pain point for customers, especially customers SQL Server on-prem, is the performance tuning. I mean, you have to be a really, really good DBA to tune your workloads well. And so this is something that we are working on in Azure SQL DB with our intelligent performance tuning. This is a pain point that we are removing. We've removed a lot of it already. There's still, occasionally, there's still customers who are complaining about performance and that's understood. And this is something that we're also trying to help them with, make it easier, give them insights into what their workload is doing, where are the weights and where are the slow queries and then help them diffuse that. So I think. So thinking about these announcements and the changes that you've made to improve functionality and increase, not have size limits be such a roadblock. When you're thinking ahead to making the database more intelligent, what are some of the things you're most excited about that are still in progress right now, still in development that we'll be talking about at next year's Ignite? Yeah, so personally, for me on the security side, what's really exciting to me is the, so security is a very complicated topic and not all of our customers are fully comfortable figuring out what is my security strategy and how do I implement it and is my data really secure? So understanding threads, understanding all this technology. So I think one of the divisions that gets me excited about the potential of the cloud is that we can make security in the future hopefully as easy as we were able to make query processing with the invention of the relational model where we made this leap from having to write code to access your data to basically a declarative SQL type language where you just say, this is what I want and I don't care how the database system returns it to me. First, if you translate that to security, what would be ideal, the sort of the North Star is to have customers in some declarative policy-based manner say I have some data that I don't have to trust into the cloud. Please find the sensitive information here and then protect it so that I'm meeting ISO or I'm meeting HIPAA requirements or that I'm meeting my internal, every company has internal policies about how data needs to be secured and handled. And so if they could translate that into a declarative policy and then upload that to us and then we figure out behind the scenes, these are the things we need to turn on auditing and these are where the audit events have to go and this is where the data has to be protected but before all that, we actually identify all the sensitive data for you, we'll tag it and so forth. That to me is in a tremendous sort of untapped potential of the cloud. That's where I think this intelligence could go potentially. Yeah, great. Who knows, maybe. We shall see next year's Ignite. We are making inroads there. We have a classification engine that helps customers find sensitive data. We have a vulnerability assessment, a rules engine that allows you to basically test the configuration of your database against potential vulnerabilities and we have threat detection. So we have a lot of the pieces and I think the next step for us is to put these all together into something that can then be much more automated so that a customer doesn't have to think technology anymore. They have to, they can think business, they can think about the kinds of compliances they have to meet. They can think about based on these compliances, this data can go this month and then this data can go maybe next year or in that kind of terms. So I think that to me is exciting. Well Joakim, thank you so much for coming on theCUBE. It was a pleasure having you here. It was my pleasure too, thank you. I'm Rebecca Knight for Stu Miniman. We will have more from theCUBE's live coverage of Microsoft Ignite coming up in just a little bit.