 Live from San Francisco, it's theCUBE. Covering IBM Think 2019, brought to you by IBM. Hello everyone, welcome back to theCUBE's live coverage here in San Francisco for IBM Think 2019. I'm John Furrier, Stu Miniman with theCUBE. Stu has been a great day, we're on our fourth day of four days of wall-to-wall coverage, a theme of AI, large-scale compute with cloud and data. It's great, great, great topics. Two great guests here, Rohit Badlani, who's the director of IBM Z as a service, IBM Systems, we're great to see you, and Raj Nagaratham, distinguished engineer and CTO of the, and director of cloud security at IBM and hybrid cloud, thanks for joining us. Glad to be here. So the subtext to all the big messaging around AI and multi-cloud is that you need power to run this, big horsepower, you need big iron, you need the servers, you need the storage, but software's in the heart of all this. So you guys had some big announcements around capabilities. The HyperProtect was a big one on the security side, but now you've got Z as a service, we've seen Linux come on Z. So it's just a note on network now, it's just network computing is now tied in with cloud. Explain the offering, what's the big news? So two major announcements for us this week, one's around our private cloud capabilities on the platform. So we announced our IBM cloud private set of products fully supported on our Linux one systems, and what we've also announced is the extensions of those around hyper secure workloads through a capability called the secure services container, as well as giving a traditional ZOS clients cloud consumption through a capability called the ZOS cloud broker. So truly looking at how do we cloudify the platform for our existing base, as well as clients looking to do digital transformation projects on premise, how do we help them? This has been a key part of it. So we want to just drill down this cloudification because we've been talking about how you guys are positioned for growth, all the reorgs are done and the tables all set, products have been modernized, upgraded, now the path is pretty clear. Kind of like what Microsoft's playbook was, build the core cloudification, get your core set of products cloudified, target your base of customers, grow that and expand into the modern era. This is a key part of the strategy, right? Absolutely, right? A key part of a private cloud strategy is targeted to our existing base and moving them forward on their cloud journey, whether they're looking to modernize parts of the application. Can we start first with where they are on premise is really what we're after. All right, so also you have Hyper Protect. Correct. What is that announcement? Can you explain Hyper Protect? Absolutely, like Rohit talked about taking our Linux on capabilities, now that enterprise trust, the level of assurance, the level of security that they've depended on on premise and now in private cloud, we are taking that further into the public cloud offering us Hyper Protect services. So these are set of services that leverage the underlying set of security hardening that nobody else has, the level of control that you can get and offering that as a service. So you don't need to know Z or Linux one from a consumption perspective. So I'll take two examples. Hyper Protect Crypto Service is about exposing the level of control where you can manage the keys, what we call keep your own keys because encryption is out there but it's all about key management. So we provide that with the highest level of security that Linux one servers from us offer. And another example is database as a service which runs in this hyper secure environment, not only encryption and keys but leveraging the underlying pervasive encryption capabilities. So nobody can even get into the box. Okay, so I get the encryption piece, that's solid, great, and encryption is always good. Containers, there's been discussions at the CNCF about containers, not being part of the security boundaries and putting a VM around it. Different schools of thought there, how do you guys look at the containerization? Does that fit into secure protect? Talk about that dynamic because of the encryption I get but you're doing containers. Great question because it's about the workload, right? When people are modernizing their apps or building cloud native apps, it's built on Kubernetes and containers. What we have done the fantastic work across both the ICP, IBM Cloud Private on Z as well as Hyper Protect, underlying it's all about containers, right? So as we deliver these services and for customers also to build their services as containers or VMs, they can deploy on this environment or consume these as a compute. So fundamentally, it's Kubernetes everywhere. That's a foundational focus for us. When it comes to public, private and multi-cloud and we are taking that journey into the most trusted environment with the performance and scale of Z and Linux one. All right, so Rohit, why don't Cal bring us up to date? When we look at, we've been talking about this hybrid multi-cloud stuff for a number of years and the idea we've heard for many years is I want to have the same stack on both ends. Everything down, I want to encryption all the way down to the chipset. I've heard companies like Oracle, like IBM say we have resources in both. We want to do this. We understand Kubernetes is not a magic layer. It takes care of a certain piece. We've been digging in that quite a bit. Super important, but there's more than that and there's still our differences between what I'm doing in the private cloud and public cloud just naturally. I mean, one thing, public cloud really limited to how many data centers, private cloud, it's everything's different. Help us understand what's the same, what's different, how do we sort that out in 2019? Sure, I mean from a brand perspective we're looking at private cloud and our IBM cloud private set of products and standardizing on that from a Kubernetes perspective but also in a public cloud we're standardizing on Kubernetes. The key secret source is our secure services container under there. It's the same technology that we use under a blockchain platform. It brings the Z differentiation for hyper security lockdown where you can run the most secure workloads and we're standardizing that on that on both public and private cloud. Now, of course there are key differences. We're standardizing on a different set of workloads on premise. We're focusing on containerizing on premise. That journey to move for the public cloud we still need to get there. And the container piece is super important. Can you explain the piece around, have I got multi-cloud going on? Z becomes a critical node on the network because you have an on-premise base. Z's been very popular, Linux one has been really popular but it's been for the big banks and it seems like the big, it's big iron, it's IBM, right? But it's not just a mainframe. It's not proprietary software anymore. It's essentially large scale capability. So now when that gets affected to the pool of resources in cloud how should customers look at Z? How should look at the equation? Because this seems to me like an interesting vector into adding more headroom for you guys at least on the product side. But for a customer it's not just a use case for the big banks or doing big backups. It seems to have more legs now. Can you explain where this fits into the big picture because why wouldn't someone want to have a high performance? Yeah, why don't they use a customer example? I had a great session this morning with Brad Schoen from Shuttle Fund who joined us on stage. They know financial industry. They are building a fintech capability called digital asset custodian services. It's about how you digitize your asset, how do you tokenize them, how you secure it. So when they look at it from that perspective they've been partnering with us. It's a hybrid, classic hybrid workload where they've deployed some of the apps on the private cloud and on-premise with Z Linux one and reaching out to the cloud using the hyper protect services. So when they bring this together they are gaining a built on blockchain under the covers, right? So they're bringing the capability, being agile to the market, the ability for them to innovate and deliver with speed, but with the level of capability. So from that perspective it's a fintech but they are not the largest banks that you may know of. But that's the kind of innovation it enables even if you don't have quote and quote a mainframe or Z. This gives you guys more power and literally sense of being more reach to the market because what containers and now we see Kubernetes, for example, Jeanine Renemene said, Kubernetes twice in her keynote. I'm like, oh my God, the CEO IBM said Kubernetes twice. Who's the joke about it? Only geeks know about Kubernetes. This she is talking about Kubernetes. Good, containers, Kubernetes and now service meshes around the corner give you guys reach into the public cloud to extend the Z capability without foreclosing the benefits of Z. So that seems to be a trend. Who's the target for that? Give me an example of who's the customer use case? What's the situation that would allow me to take advantage of cloud and extend the capability of Z? So I mean, if you just step back what we're really trying to do is create a high assurance zone in our cloud called HyperProtect and it's targeted to our existing Z base who want to move on this enterprise out journey but it's also targeted to clients like shuttle fund and DAX that Raj talked about that are building these hyper secure apps in the cloud and want the capabilities of the platform but wanted more cloud native style, right? So it's the breadth of moving our existing base to the cloud but also these new new new security developers who want to do enterprise development in the cloud. Security is key. That's a big driver. And that's the beauty of Z, right? That's what it brings to the table and to a cloud is the hyper lockdown, the scale, the performance, all those characteristics. All right, so we know that security is always an ongoing journey but one of the ones that has a lot of people concerned is when we start adding IoT into the mix we just increase the surface area by orders of magnitude. How do those type of applications fit into these offerings? Great question, as a matter of fact I didn't give you the question by the way but this morning, Kone joined me on stage. Yeah, we actually talked about it on Twitter. So Kone joined us on stage. It's about in the residential workflow how they are enabling their integration, access and identity into that. As an example, they're building on our IoT platform and then when they integrate with security services. That's the beauty of this. Rohit talked about developers, right? So when developers building, our mission is to make it simple for a developer to build secure application. With security skills shortage you can't expect every developer to be a security geek, right? So we are making it simple so that you can kind of connect your IoT to your business process and your backend application seamlessly in a multi-cloud and hybrid cloud fashion. That's where both from a cloud native perspective comes in and building some of these sensitive applications on HyperProtect or ZLinux one and private cloud enables that into end. I want to get you guys take while you're here because one of the things I've observed here I think which is clearly the theme is cloud AI and developers all kind of coming together. I mean AI, you saw Amazon's event, the AI AI AI in cloud scale. You guys now have that but developer angle is really interesting. And you guys have a product called IBM Cloud Private which seems to be a very big centerpiece of the strategy. What is this product? Why is it important? It seems to be part of all the key innovative parts that we see evolving out of the thing. Can you explain what is the IBM Cloud Private and how does it fit into the puzzle? Yeah, so let me take a pass at it, Raj. You know, Wayne as well. You know, we really see IBM Cloud Private as that key linchpin on premise. It's a platform as a service product on premise, it's built on Kubernetes and Docker containers. But what it really brings is that standardized cloud consumption for containerized apps on premise. We've expanded that of course to our Z footprint and let me give you a use case of clients and how they use it. We have, we're working with a very big regulated bank that's looking to modernize a massive monolithic piece of Webster application server on premise and break it down into microservices. And they're doing that on IBM Cloud Private. They've containerized big parts of the application on Webster on premise. Now they've not made that journey to the cloud, to the public cloud, but they are using, you know, how do you modernize your existing footprint into a more containerized microservice as well? So this is the trend we're seeing, the decomposition of monolithic apps on premise step one. Absolutely. Let's get that down, get the culture in, attract the new younger people who come in, not the older guys like me who know the mini computer days, but really make it ready, right? Composable. Then they're ready to go to the cloud. This seems to be the step. Absolutely. Talk about that dynamic Raj from a technical perspective. How hard is it to do that? How is it a heavy lift? Is it pretty straightforward? Great question. With IBM, we're all about open, right? So when it comes to our cloud strategy, open is centerpiece offered. That's why we are banked on Kubernetes and containers as that standardization layer. This way you can move a workflow from private to public. Even ICP can be on other cloud vendors as well, not just IBM cloud. So it's a private cloud that customers can manage or in the public cloud with IBM Kubernetes that we manage for them. Then it's about the app, the containerized app that can be moved around. And that's where our announcements about multi-cloud manager that we made late last year come into play, which helps you seamlessly move and integrate applications that are deployed in communities across private, public, or multi-cloud. So that abstraction veneer enables that to happen. And that's why the open... So it's an operational construct, not an IBM product, per se, if you think about that way. So the question halfway, I know Stu wants to jump in, he's got a question, but I want to get to this new mindset. The world's flipped upside down. The applications and workloads are dictating architecture and programmability to the DevOps or infrastructure. In this case, Z or cloud, this is changing the game on how the cloud selection is. So we've been having a debate on theCUBE here publicly that in some cases it's the best cloud for the job decision, not a procurement, oh, I need multi-vendor cloud versus I have a workload that runs best with this cloud. And it might be Azure if you're running 365 or G Suite has Google, Amazon's got some things. So it seems to be the trend. Do you agree with that? Do you see, and certainly there'll be many clouds. We think that's true. It's already happened. Your thoughts on this workload driving the requirements for the cloud, whether it's a sole purpose cloud meaning for the app. That's right. So I'll start and go ahead and as well. That's where this chapter two comes into play as we call chapter two of cloud because it is about how do you take enterprise applications, the mission critical complex workloads, and then look for the enablers. How do you make that modernization seamless? How do you make the cloud native seamless? So in that particular journey is where IBM cloud and our multi-cloud and hybrid cloud strategy come into play to make that transition happen and provide the set of capabilities that enterprises are looking for to move their critical workloads across private and public in with much more assurance and performance and scale. And that's where the kind of the work that we are doing with Z, Linux one set of as an underpinning to embark on the journey to move those critical workloads to the cloud. So you're absolutely right. When they look at which cloud to go, it's about capabilities, the tools, the management orchestration layers that a cloud provider or a cloud vendor provides. And in our bet, it's not only just about IBM public cloud, but it's about enabling the enterprises to provide them the choice and in open. So it's not multi-cloud for multi-cloud's sake. It's multi-cloud. That's a reality. Workload drives the functionality. Absolutely. We see that as well. Absolutely. Good. We see clients making choices. We're in the queue by the gurus at IBM. The cloud for the job is the best solution. All right, so I guess to kind of put a bow on this, the journey we're having is, talking about distributed architectures and down in the weeds, we've got microservices architectures and containerization and we're working at making those things more secure. So, obviously there's still a little bit more work to do there, but what's next? As we look forward, what are the challenges customers have? They live in this heterogeneous multi-cloud world. What do we have to do as an industry and where's IBM making sure that they have a leadership position? You know, from my perspective, I think really the next big wave of cloud is going to be looking at those enterprise workloads. It's funny, I was just having a conversation with a very big bank in the Netherlands and they were of course a very big Z-client and asking us about the breadth of our cloud strategy and how they can move forward, right? And really looking at our private cloud strategy, helping them modernize and then looking at which targeted workloads they could move to public cloud is going to be the next frontier. And those 80% of workloads that haven't moved. And integration is key and for you guys, competitive strategy-wise, you got a lot of business applications running on IBM's, a huge customer base, focus on those. And then give them the path to the cloud. Absolutely. And the integration piece is where the linchpin is and obviously secure. Yeah, enterprise out, guys. Love encryption, let them follow more on the secure container thing. I think that's a great topic. We'll follow up after the show, Raj. Robbie, thanks for coming on. Excellent, excellent. theCUBE coverage here. I'm John Furrier with Stu Miniman, live coverage day four here live in San Francisco. Grab you and think 2019. Stay with us. More, our next guest will be here right after this short break.