 Live from San Francisco, celebrating 10 years of high-tech coverage, it's theCUBE. Covering VMworld 2019, brought to you by VMware and its ecosystem partners. Okay, welcome back everyone, theCUBE coverage here at VMworld 2019, I'm John Furrier, Dave Vellante. Dave, 10 years covering theCUBE, lots changed. The game is still the same when it comes to storage, backup and recovery, got some new stuff too, some great news, got two great guests, CUBE alumni, Shea Baldwin, who's the Senior Vice President of Product Strategy at Rupert, Chris Wall, Chief Technologist at Rupert. Guys, welcome back to theCUBE. Good to be here. So the game always is getting better in terms of modernization, that's a big trend, digital transformation, everyone talks about that, but the cloud impact has been something that you guys have been riding the wave on, you guys had great success. I don't think you guys have been calcified as a startup anymore, you get more in high growth mode. So let's cover the news, what's happening with the announcements here at VMworld, what's the big news? So we announced our new release of Andy's 5.1 and really breaking new ground and expanding our position into new markets around data governance, disaster recovery, and we're also bringing in continuous data protection as a core capability of our product, really excited about it. These are areas that have generally been addressed through sort of separate siloed approaches and we see a lot of synergy with backup recovery and brought it all together as part of this offering. And how's the news going over? Oh it's been great, I mean if you look at data governance, everyone is struggling today with privacy, how do you discover personally identifiable information in your backup archives, very hard problem to solve, generally people do spot audits and checks, we've just made that really easy, streamlined with the backup process, it sort of naturally fits there in some ways, because I'm backing it up, why not process that data discover, send it information and classify it and our customers are really, really excited about that. Chris, talk about the architectural shift, because one of the things that we were observing in our opening day analysis is storage is still a hot startup sector, I mean storage is not storage anymore, it's evolved, we were even joking this morning with Nvidia and Dell EMC guy around VDI, and that's not VDI anymore, it's user experience, so storage specifically with cloud has certainly changed, on-premises, everyone now recognizes hybrid finally as standard, it's not going away, but the operating model is requiring a new architecture, you can't just take the old and recycle it into the new, talk about what that is specifically and why it's important. Yeah, and I'll kind of tie that back to what we're talking here with cloud data management, it's kind of this acknowledgement that the way we did IT back in the day where the storage food group was completely isolated, things went into it, things came out of it, but it wasn't part of that kind of overall architecture, especially when you start talking public cloud and whatnot, that was just a kind of acknowledgement that this model of IT just isn't going to carry us forward, and that's similar to the process of, let's take all this backup data with rubric, let's index it, inventory it, really start to understand what's going on, and use that as the jet fuel that actually powers our Polaris platform and all of our data management applications, and I think that all starts with storage, we have to have that data out of primary into some secondary location, keep it very efficient, figure out how it's going to get from one place to the next, and that used to just be data centers, now it's clouds and back and forth, so. It's fun, these sacred cow categories, you know, backup, recovery, DR, it's data, I mean, this is a data problem, it's data, it's values and data, you're seeing platform kind of thinking coming in, we've talked about this in Palo Alto in our studio when you came in, it's a platform thing, it's not just, you know, this tool or silo approach, this is- Absolutely, and that was, you know, when we spoke last, I had recently joined rubric back then, our vision had always been, you know, this is high value data, yes, we're going to build back up in a way that is quite revolutionary, but how do we create more leverage out of that data, and we're starting to see actual execution to that, both with our radar product, ransomware recovery, sonar for data governance, orchestra, DR, exposing more and more value out of that data, and it's really connecting. So I'd love to come back to the announcement, the Andy's announcement. Yes. He's talking about governance, DR, and CDP, you're right, these oftentimes would be point products, but explain to people sort of the before and the after, that you're trying to, when you walk into an account, you might see, like I say, different point products, how are they transitioning? Maybe you could add some color there. Yeah, absolutely, so with data governance, everybody's, everyone's got to deal with it today at some level, I use privacy as an example, but truly, we all are impacted, if you're in healthcare, you've got HIP, if you're dealing with financial data, you've got PCI. Generally, the backup data has been somewhat of a black box. The only way to really check it is to do a sort of spot audit check, it's labor-intensive and hard. We're streamlining that process for our customers and incorporating it as a value add on top of what they're doing with backup, and I think that's solving a major pain point. On DR, same thing, separate silo today, generally different product lines, but backing up core objects, VMs, databases, and application stacks, which is what you're really trying to do with the DR solution. Yeah, there's a lot of synergy there, and so we're helping to just bring that synergy together into this integrated platform approach. You guys are doing some machine learning, I saw in the news around classification, you mentioned it indexing, it sounds like a search engine, but again, to my point about these categories kind of being broken down, this platform. You guys are using machine learning to do some classification around protecting against breaches, is that right? Could you just drill down on that a little bit, what's that all about? Yeah, so we use machine learning in a variety of ways. In our radar product, our ransomware recovery product, we use it for anomaly detection of change patterns in the data, ransomware attacks generally involve people coming in, updating, deleting, encrypting your data. We look at the changing profile of the data and alert on anomalous behavior, and then recover back to the less stable state. And with our data governance product, we're also using machine learning to discover that PII information and trying to really help find a very, very rich, accurate way of detecting that data. So two killer apps, one, ransomware, which big problem. I mean, you just, you can't look a day without seeing major ransomware, the Texas thing to me jumps out, coordinated attacks. I even speculate that cybersecurity related, someone say there's some, you know, state actors on that or sanctioned groups doing that, but again, I'm a conspiracy theory on this one. But that's ransomware killer app. Compliance, kind of a boring category, but super important because of the penalties. I mean, compliance is an issue. Huge. Absolutely. I mean, you look at GDPR in Europe, compliance policies here in this country across various verticals. Everyone's dealing with it in some form or another. And, you know, there's no reason why that should be a separate sort of process. Why not leverage a data management like what is being provided by Rubrik to deliver on that. Another question on DR. So one of the complaints that you hear, maybe complaints, but observations when you talk to practitioners is they can't test their DR. They can test the failover, but they can't test failback as it's too risky. Yes. How do you address that problem? And you're all about, you know, modern data management, simplicity, cloud. Describe how you solve that problem. That's a very, very powerful question, Dave. And it's so true. Traditionally, customers that are using on-prem DR systems need to set up the infrastructure, the people, the processes. It's very labor intensive and expensive. So you can only do it a few times a year max. And that's how you know that your DR system is operational. You don't want to discover that there's a problem when there's an actual DR happening. Our approach basically takes the full application stack that you want to protect. We convert it for you into a cloud native format and we can instantiate any one of those snapshots that we're taking to that full application at any point in time in the cloud for you to verify and test. And we streamline that process fully orchestrated. If you choose to keep it in the cloud, we have a cloud native approach to protect it and then you can failback to your on-prem system. And so we've just streamlined this process in a way that really helps our customers do DR tests on a much more frequent basis without that operational burden and challenge that they're dealing with today. Talk about, Chris, this rubric build open source initiative because I want, and it's interesting, first explain, take a minute to explain what is rubric build? What's it all about? What's the philosophy behind it? I'll take you back a few years when I was interested in joining rubric. The one major defining characteristic of the product that really tugged my heart strings was a restful set of API endpoints for everything. Doesn't matter what the product does, anything you click, it's always calling a restful API. And that goes to a pain point that I had as a customer was automating, we'll say any kind of backup product, but a lot of things in the infrastructure space was like smashing my face against a hot iron. You know, it's just not pleasant. Bad visual, too. Exactly, so I'm thinking, over. I've never tried that. Do you not do that at home? The analogies, that's my one gift to the world, but... You need restful APIs. Yes. And so finding a product that not only had them but wanted you to consume them, made them available across every feature, click, whatever that existed was very, very powerful for me and a lot of other people that I work with. Fast forward a few years, we developed quite the library of different open source projects for integrating with things like ServiceNow and VRealize and anything that does things from configuration management all the way to infrastructure as code and we would go talk to customers about these things and you had two camps of people, either I need the 100 level stuff, I've never dealt with CI CD pipelines, automation, unit tests, poll requests, what is GitHub, all the way through, I know all that stuff, give me the use cases. What can I do with your API? And so we wanted to develop Rubrik Build as kind of a teach you how to make the champagne and teach you how to drink the champagne. So the idea is all of our software development kits, our ecosystem integrations and our use cases are bundled into this very friendly ecosystem where it's all open source, we have quick start guides, educational materials and a number of folks that are on the engineering and marketing teams that are engaging with people that either don't care much about cloud data management and just want to learn kind of the automation DevOps world of things or are very keen to learn more about CDP. So Rubrik employees donating the code for open source, did you guys create the project? Was it community driven or has it structured? Kind of three slices. It could be from Rubrik, we built this thing like an SDK, we obviously own and support that. It could be someone found our SDK and wanted to write a third party integration at even Microsoft Road, system center ops manager plugin and hosted on their GitHub site or kind of something in the middle we're working with like a red hat on their Ansible integrations as an example. So what are the kind of innovations have come out of that? You mentioned Microsoft doing the give up. Are there sort of things that have come out of it or things that you're hoping to come out of it? It's hard to predict, I know. We've had the predecessor of the DR product that we released or announced is was actually born in open source. Many years ago I had a customer saying I'd really like to be able to automatically do DR tests like every night for these five critical apps and we had the APIs, we have the ability to live mount workloads, we tie into the cloud, it's like there's no reason we can't do this. And so we had that kind of bit more manual process but it does the job years ago that we developed as a use case doing a couple of languages. Fast forward now it's a product. So you can kind of get to see that evolution from idea to sort of hacking on things to get them to work to now it's a full product and you can just push the button and everyone's going to love that. That's one example. Talk about the VMware relationship. What's the status? How long you guys working with VMware and the ecosystem and what are some of the new things that are developing in the relationship? Yeah, I mean we, this is a deep relationship. It's been a critical one from the beginning of the company and we integrate and support and are certified across a variety of solutions. Obviously V center and in this latest release with our continuous data protection we've done that in a way that is a certified approved approach and I think that helps us really build the confidence and deliver this sort of excellent overall experience that our customers are looking for. Absolutely. And they got the open source aspect too. It's pretty hot right now with the cloud native stuff going on. Absolutely. It's pretty relevant. Absolutely. All right, we got to ask, we got to ask the multi cloud everything here. What's your guys point of view on multi cloud? Real, BS, somewhere in the middle. Time will tell, what's your thoughts? Definitely real. I'll add color. I mean, I think- Yeah, thank you. Absolutely. You know, we used to talk about hybrid cloud just a few years ago and that's still real too, but we see a lot of customers looking at leveraging best in class for different workloads and different services across multiple clouds and our vision is to be the data management platform of choice across all of that. Enabling that choice and giving the excellent sort of cloud native experience that they're looking for as they deploy different workloads in these different environments. Just share with you. We've been talking theCUBE, but there's a lot of us believe that certain parts of multi cloud are on the BS side. In other words, that vision that any app can run on anywhere without recompiling, without retest. That's aspirational and you're going to need a lot of homogeneous infrastructure to do that. The one area that I do think that you can standardize on is what you guys call data management or backup, that you can actually say, okay, we're going to mandate that this is the platform that we're going to use across all clouds and that actually will work technically. Some of this other stuff, I'm not so sure, but if you have a control plane, if you will, with data management entities that live on-prem, as well as localities that are available across public cloud, then it's really just a choice of why do you want to put the data there? And we're driving that through our service level agreement domains or SLA domains where you can say, this data needs to live in Germany. It needs to be in this particular data center forever or this one needs to replicate to, between France and London, something like that. You can make those choices based on what you're trying to achieve more around non-technical decision-making than actual technical decision-making. But I think it's really been kind of the, you call the BS versus no BS. It's like, are we trying to do this because we can or because there's actual need to do something? And that's to me the decision between- Well, it's customer-driven too. The use cases will drive it. For instance, a security requirement might be build our own stack. I want to be on this cloud, have a backup cloud or the workload might have certain requirements. But again, I think the data question's a good one. That's going to be independent of- I want to test it with the technologist because if you have, let's say you have Outposts and you got Azure Stack, cloud of customer or whatever. And if you think you're going to run apps anywhere and those, it's not going to happen anytime soon anyway. However, if I want a data management solution across all of those, actually that can work. There's no reason it can't because you'll write to their APIs. You'll take care of that. And today with like Kubernetes deployments, they're not all the same but everybody's got an offering in there and everyone has a full suite of APIs that you can plug into. So I do agree that things like data management not only can, but should be ubiquitous across localities. It shouldn't matter where you're at. The experience should be roughly the same. Yeah, it's not that disruptive to say, okay, rogue division, we're going to swap out and we're going to standardize them. That's usually where the multi-cloud comes in. It's kind of involuntary. You got two teams just chose different things. Well, we got the brain trust on the key bear. I want to pose another question for you that we're going to look at the video to take five years from now. We're going to see how it all turns out. So one of the things we've been kind of talking about here on theCUBE and also leading up to VMworld this year is cloud 2.0. Mainly around the following premise. Cloud 1.0 being defined as AWS, DevOps, Agile, Lean startup, all that stuff that was we all love in DevOps. Compute, storage, scale, all the goodness that came from that. Cloud 2.0 is more of an enterprise cloud kind of configuration. So with that kind of we're networking and security and data are now kind of in the architecture. So I want to ask you guys, if that's the premise of cloud 1.0 was DevOps, pure cloud native born in the cloud, what's your definition of cloud 2.0? Because a lot of people are looking at it from like that simple lens, just trying to simplify that the requirements are changing. The architectures are different. The backup can work multi-cloud, but this can't. So there's a lot of moving parts now in this enterprise hybrid world. So what's your definition guys on cloud 2.0? Well I think increasingly you're seeing the landscape of the infrastructures you pointed out evolving the use of different services across clouds evolving. What's really important is that solutions like data protection don't limit your ability to capitalize on that in our minds. And so we want to build this ubiquitous sort of policy engine and governance around how to protect my assets and enable whether it's containerized application stacks that are being delivered or new private cloud deployments that we are not getting in the way of that in any way at all and along our customers to sort of broaden and leverage best in class services. Chris what's your definition of cloud 2.0? I'll take us back. I mean we saw this with virtualization. We saw everybody go oh my gosh I can get all this capacity used and all these new services and just going bonkers and that's where we had like zombie virtual machines and all these other terms that we don't really throw about anymore but it was the Wild West. Everyone was just land and expand and we kind of did that with cloud in a lot of cases. You're like oh look at these new shinies that I can play with. And now you're absolutely right. It's what about role-based assets control and user security and my S3 bucket got hijacked and ransomware is tearing through like you can now ransomware video cameras and things like that. It's a pretty terrifying world. And I think this is that moment where we take a look back and say well is it highly available? Is it secure? How do I know that? Am I able to recover from availability or even external threat issues? And to me that's where most of the conversation. Yeah it's the transformative opportunities is all intoxicating. Oh this is great but the reality is it's not as clean as going to the cloud. Give me something to do with work. I got to build the system out. It's an operating environment. Totally agree. You guys are doing great. Thanks for the commentary and insight on Cloud 2.0 and multi-clouds. And congratulations on your success at Ruber. Thanks for coming on. Sharing the insights. Cube coverage here at VMworld 2019. More after this short break.