Podcasts about Bitnami

Raj Rikhy is a Senior Product Manager at Microsoft AI + R, enabling deep reinforcement learning use cases for autonomous systems. Previously, Raj was the Group Technical Product Manager in the CDO for Data Science and Deep Learning at IBM. Prior to joining IBM, Raj has been working in product management for several years - at Bitnami, Appdirect and Salesforce. // MLOps Podcast #268 with Raj Rikhy, Principal Product Manager at Microsoft. // Abstract In this MLOps Community podcast, Demetrios chats with Raj Rikhy, Principal Product Manager at Microsoft, about deploying AI agents in production. They discuss starting with simple tools, setting clear success criteria, and deploying agents in controlled environments for better scaling. Raj highlights real-time uses like fraud detection and optimizing inference costs with LLMs, while stressing human oversight during early deployment to manage LLM randomness. The episode offers practical advice on deploying AI agents thoughtfully and efficiently, avoiding over-engineering, and integrating AI into everyday applications. // Bio Raj is a Senior Product Manager at Microsoft AI + R, enabling deep reinforcement learning use cases for autonomous systems. Previously, Raj was the Group Technical Product Manager in the CDO for Data Science and Deep Learning at IBM. Prior to joining IBM, Raj has been working in product management for several years - at Bitnami, Appdirect and Salesforce. // MLOps Swag/Merch https://mlops-community.myshopify.com/ // Related Links Website: https://www.microsoft.com/en-us/research/focus-area/ai-and-microsoft-research/ --------------- ✌️Connect With Us ✌️ ------------- Join our slack community: https://go.mlops.community/slack Follow us on Twitter: @mlopscommunity Sign up for the next meetup: https://go.mlops.community/register Catch all episodes, blogs, newsletters, and more: https://mlops.community/ Connect with Demetrios on LinkedIn: https://www.linkedin.com/in/dpbrinkm/ Connect with Raj on LinkedIn: https://www.linkedin.com/in/rajrikhy/

Erica Brescia, Managing Director at Repoint Ventures, joins Taylor Jones to discuss a wide range of topics including her career as an operator, founder and investor as well as her unique perspective on AI. Prior to Redpoint, Erica was the co-founder and COO of Bitnami and also served as the COO of GitHub. We hope you enjoy this episode. 

In this episode, we speak with Erica Brescia, Managing Director at Redpoint Ventures, and previously COO at GitHub. We discuss what's changed since she started her first DevTools company back in the mid-2000s, how to build tools developers love, whether open source is just a marketing strategy, and what she looks for in software investments. She also sheds light on how to get a new product in front of developers, whether or not more people should be bootstrapping their companies as she did, and how to scale your marketing team as you grow.Hosted by David Mytton (Console) and Jean Yang (Akita Software).Things mentioned:BitnamiRailwayZedHacker NewsDaggerXataY CombinatorReflectChatGPTMacBook ProYeti MicrophoneLG UltraWide MonitorsMicrosoft Ergonomic KeyboardABOUT ERICA BRESCIAErica Brescia is the managing director at Redpoint Ventures, an early-stage venture fund, investing in primarily, enterprise software with a focus on DevTools and open source. Notable developer-first companies that they have invested in include HashiCorp, Snowflake, Stripe,  Twilio, and LaunchDarkly, among others. Prior to this, she spent close to 20 years as a founder and operator. She founded a company called Bitnami where she bootstrapped $1 million in funding. She was also the chief operating officer at GitHub.Highlights:[Erica Brescia]: If you look at the very early days of software development and open source in particular, we've gone from this real DIY kind of bespoke, “The cool thing to do is compile your own kernel,” to a focus on time optimization and “How can you build the best thing possible the fastest?” If I had to look at a theme, that's a theme that I think about a lot. It's no longer about doing everything yourself. Instead, it's about really open source and building on the work of others, right? Over 90% of software developed today is built on top of open source, and most things that you need, from a building blocks perspective, to build a new app already exist in many cases. So now it's about, “Hey, what tools are out there? How can I engage with the community? How can I learn from others? How can I participate in things whether it's Stack Overflow, or building and sharing code on GitHub, or discussing things and issues?” It's much more collaborative and intertwined. I think that allows people to build new things much more quickly.— [0:02:51 - 0:04:10][Erica Brescia]: I think a lot of companies underestimate the amount of effort that is required in building a true open-source community, where you're getting folks contributing to the core of that project. That's a material investment. A good way to think about it is you're actually taking a lot of what you might traditionally spend on marketing and instead investing that in your team that supports the growth and health and engagement of this community, which is no small feat. Then you can use that to build awareness and a bottoms-up adoption of your software in a way that just sheer traditional marketing would never allow you to do. Then you can layer a sales motion on top of that.— [0:16:23 - 0:17:12]Let us know what you think on Twitter:https://twitter.com/consoledotdevhttps://twitter.com/davidmyttonhttps://twitter.com/jeanqasaurOr by email: hello@console.devAbout ConsoleConsole is the place developers go to find the best tools. Our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don't have to. Sign up for free at: https://console.dev

Catch up on the cybersecurity and tech news of the week with Don, Dan, and Sophie as they cover the latest. This week in tech, Microsoft rolled out a feature to dissuade users from using Windows 11 on unsupported CPUs, Ubuntu flavors will no longer support Flatpak installs out-of-the-box, and VMware’s Bitnami began packaging apps for Arm CPUs. In security news this week, Dutch police apprehended 3 hackers involved in the theft and extortion of tens of millions of people’s data. In this week’s “Who Got Pwned?” segment, media conglomerate News Corp revealed that the hackers responsible for its 2022 breach had been in the system since early 2020. Finally, in Deja-News this week we talk about LastPass once again, but this time it’s a new breach. A LastPass employee's home computer was hacked, resulting in a decrypted company vault being compromised.

Catch up on the cybersecurity and tech news of the week with Don, Dan, and Sophie as they cover the latest. This week in tech, Microsoft rolled out a feature to dissuade users from using Windows 11 on unsupported CPUs, Ubuntu flavors will no longer support Flatpak installs out-of-the-box, and VMware’s Bitnami began packaging apps for Arm CPUs. In security news this week, Dutch police apprehended 3 hackers involved in the theft and extortion of tens of millions of people’s data. In this week’s “Who Got Pwned?” segment, media conglomerate News Corp revealed that the hackers responsible for its 2022 breach had been in the system since early 2020. Finally, in Deja-News this week we talk about LastPass once again, but this time it’s a new breach. A LastPass employee's home computer was hacked, resulting in a decrypted company vault being compromised.

There was a lot going on at VMware Explore Europe last week, so we focus in on the Tanzu related stuff. Then: we do our usual check-in on platform engineering; a brief magic quadrant tour; see if there's any lessons to learn from Twitter the company; and close out discussing VMware's recent open source supply chain survey.   VMware Explore EU: Cindy's round-up. Tanzu Kubernetes Grid 2.1 - including support for Oracle Cloud. Tanzu Mission Control - getting air gap stuff working (not out yet?). Tanzu Service Mesh Advanced - roadmap announcements about: auto-discovering kubernetes and VM things; integrating with TAP to do security policy stuff; adding in running config stuff out of git (for, you know, GitOps). Aria Graph, GA (previewed/announced in US): "Today at VMware Explore Europe, VMware is announcing the availability of a new freemium offering of VMware Aria Hub powered by VMware Aria Graph. This new free tier offering enables customers to inventory, map, filter, and search resources from up to two of their native public cloud accounts in either Amazon Web Services or Microsoft Azure." More stuff: Bitnami updates, sovereign cloud stuff (working with partners to stand-up Tanzu in regional clouds). Hear Ben's talk from Explore EU -  “Tutorial: Introduction to VMware Tanzu Application Platform Big Backstage Feels: RedHat joins.  Coté's interview with The Frontside.  Our always good Gartner paper on internal developer platforms, free to read.  Also, more hammering away at "platform engineering." The CNCF's Platforms Working Group are trying to define what a platform would include - details here. We're past the "DevOps is Dead" phase, which is nice. I think we can say "Developer Experience" without feeling dorky too. Even "DX." New public cloud MQ, for IaaS+PaaS. Rank (first to last): AWS, Microsoft, Google, Alibaba, Oracle, IBM, Tencent, Huawei. Transforming Twitter: Finally, an example of the "pathological" column in the Westerum table. Clearly Elon's not a fan of Microservice Architectures - some weird monolith/microservices/de-platform stuff to observe. In the context of the DevOps/cloud native community - planning for a potential loss of the place to talk. Mastodon growing:  Coté in Mastodon: @cote@hachyderm.io. Interesting thoughts from David Heinemeier on the layoffs State Of Supply Chain Survey Devs go faster and are more productive with supply chains New tools: Tanzu Image Builder - for packaging your OSS for enterprise use (amongst other things) Coté did a little video on the study. Check out that Sam Elliott 'stach!

There was a lot going on at VMware Explore Europe last week, so we focus in on the Tanzu related stuff. Then: we do our usual check-in on platform engineering; a brief magic quadrant tour; see if there's any lessons to learn from Twitter the company; and close out discussing VMware's recent open source supply chain survey.   VMware Explore EU: Cindy's round-up. Tanzu Kubernetes Grid 2.1 - including support for Oracle Cloud. Tanzu Mission Control - getting air gap stuff working (not out yet?). Tanzu Service Mesh Advanced - roadmap announcements about: auto-discovering kubernetes and VM things; integrating with TAP to do security policy stuff; adding in running config stuff out of git (for, you know, GitOps). Aria Graph, GA (previewed/announced in US): "Today at VMware Explore Europe, VMware is announcing the availability of a new freemium offering of VMware Aria Hub powered by VMware Aria Graph. This new free tier offering enables customers to inventory, map, filter, and search resources from up to two of their native public cloud accounts in either Amazon Web Services or Microsoft Azure." More stuff: Bitnami updates, sovereign cloud stuff (working with partners to stand-up Tanzu in regional clouds). Hear Ben's talk from Explore EU -  “Tutorial: Introduction to VMware Tanzu Application Platform Big Backstage Feels: RedHat joins.  Coté's interview with The Frontside.  Our always good Gartner paper on internal developer platforms, free to read.  Also, more hammering away at "platform engineering." The CNCF's Platforms Working Group are trying to define what a platform would include - details here. We're past the "DevOps is Dead" phase, which is nice. I think we can say "Developer Experience" without feeling dorky too. Even "DX." New public cloud MQ, for IaaS+PaaS. Rank (first to last): AWS, Microsoft, Google, Alibaba, Oracle, IBM, Tencent, Huawei. Transforming Twitter: Finally, an example of the "pathological" column in the Westerum table. Clearly Elon's not a fan of Microservice Architectures - some weird monolith/microservices/de-platform stuff to observe. In the context of the DevOps/cloud native community - planning for a potential loss of the place to talk. Mastodon growing:  Coté in Mastodon: @cote@hachyderm.io. Interesting thoughts from David Heinemeier on the layoffs State Of Supply Chain Survey Devs go faster and are more productive with supply chains New tools: Tanzu Image Builder - for packaging your OSS for enterprise use (amongst other things) Coté did a little video on the study. Check out that Sam Elliott 'stach!

Kris Bondi is the CEO and Co-Founder of Mimoto. Prior to founding, Mimoto, Kris was a seasoned marketing professional with more than 20 years of international marketing experience. Kris brings her history of creating hockey stick adoption, prominent brand reputation, and substantial mindshare to her role. Kris has served as a marketing leader for companies such as LogDNA, Bitnami, Iron.io, Moka5, TIBCO and Mashery. Prior to that, Kris advised global brands on GTM and strategic positioning where her clients included Visa, Starbucks, NEC and Qlik. Kris holds a BA in communications rhetoric and political science from the University of Pittsburgh. --- Support this podcast: https://anchor.fm/uncharted1/support

Erica Brescia co-founded Bitnami, and later joined GitHub as COO. She's also on the board of directors of the Linux Foundation. This week she talks to Scott about how VC works, where the money comes from, how one moves from idea to funded, and how companies like Redpoint help support founders.

This episode features an interview with Erica Brescia, Managing Director of Redpoint Ventures. At Redpoint, Erica focuses her investing on infrastructure, DevOps, and security.Erica has over 15 years of experience in the open source community and currently serves on the board of directors of the Linux Foundation. Prior to joining Redpoint, Erica was also an angel investor and advisor to companies such as Netlify, Coda, and Xata.In this episode, Sam and Erica discuss the evolution of open source data, what's changed for practitioners, and why you should always listen to your gut.-------------------“I think there is just so much good motivation to make the world a better place, especially during my time at GitHub. When you can see what kinds of opportunity open source can bring to people in developing countries, that's really exciting. You see people whose lives and livelihoods have literally been changed because they were able to participate in a global open source project. And then you can see the way that open source projects, even back when we were packaging things at Bitnami, we'd hear from non-profits in Africa that were never able to use open source until we made it easy to consume. When you feel like you're really making that kind of a difference and you're doing it in a community of great people, it's a really great way to spend your time.” – Erica Brescia-------------------Episode Timestamps:(03:18): What open source data means to Erica(11:31): What's changed in open source data in recent years(18:01): How the journey has evolved for innovators and practitioners(24:11): What stands out as a venture capitalist to Erica(30:03): Don't discount junior investors(31:17): Erica's advice: get quiet and listen to your gut-------------------Links:LinkedIn - Connect with EricaLinkedIn - Connect with Red PointTwitter - Follow EricaTwitter - Follow RedpointVisit RedpointXataDagger

Jedni marzą o drogim samochodzie a drudzy o ekskluzywnych wakacjach w ciepłych krajach. A o czym marzą Tech Writerzy? Odpowiedź znaleźliśmy w newsletterze "Write the Docs" z marca 2022. Okazuje się, że technoskrybowie marzą o tym, żeby pewne elementy ich pracy były zautomatyzowane. Jest to temat bliski naszemu sercu, dlatego postanowiliśmy zmierzyć się z listą życzeń z newslettera. Bazując na swoim doświadczeniu oraz zdobytych informacjach, staramy się zaproponować praktyczne rozwiązania, które przybliżą nasze koleżanki i kolegów po fachu do wymarzonej automatyzacji. Dźwięki wykorzystane w audycji pochodzą z kolekcji "107 Free Retro Game Sounds" dostępnej na stronie https://dominik-braun.net, udostępnianej na podstawie licencji Creative Commons license CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/). Informacje dodatkowe: Newsletter "Write the Docs", marzec 2022: https://www.writethedocs.org/blog/newsletter-march-2022/ TestCafe: https://testcafe.io/ ImageMagick: https://imagemagick.org/index.php "Simplified User Interface: The Beginner's Guide": https://www.techsmith.com/blog/simplified-user-interface/ Screen Capture API: https://developer.mozilla.org/en-US/docs/Web/API/Screen_Capture_API "Sharing Screens with the New Javascript Screen Capture API": https://fjolt.com/article/javascript-screen-capture-api Biblioteka Pillow: https://pillow.readthedocs.io/en/stable/ Selenium WebDriver: https://www.selenium.dev/documentation/webdriver/ Conventional commits: https://www.conventionalcommits.org Vale: https://github.com/errata-ai/vale "Documentation as code: Part 3: A Linting How To - The Vale Linter in action (Demo)", Tag1: https://www.tag1consulting.com/blog/documentation-code-linting-part3 "Documentation testing", GitLab: https://docs.gitlab.com/14.8/ee/development/documentation/testing.html Alex: https://alexjs.com/ LanguageTool: https://languagetool.org/pl Schematron: https://www.schematron.com/ "Creative writing with GitHub copilot", Chris Ward: https://www.youtube.com/watch?v=V_CmYyvaMqE "Lint, Lint and Away! Linters for the English Language", Chris Ward: https://dzone.com/articles/lint-lint-and-away-linters-for-the-english-languag Code Spell Checker: https://marketplace.visualstudio.com/items?itemName=streetsidesoftware.code-spell-checker Gremlins Checker: https://marketplace.visualstudio.com/items?itemName=nhoizey.gremlins "Meet Grazie: the ultimate spelling, grammar, and style checker for IntelliJ IDEA", IntelliJ: https://blog.jetbrains.com/idea/2019/11/meet-grazie-the-ultimate-spelling-grammar-and-style-checker-for-intellij-idea/ Pandoc: https://pandoc.org/ "DITA as code - a modern approach to the classic standard", Tech Writer koduje: https://techwriterkoduje.pl/dita-as-code AutoIt: https://www.autoitscript.com/site/ Bitnami: https://github.com/bitnami

About Betty Betty Junod is the Senior Director of Multi-Cloud Solutions at VMware helping organizations along their journey to cloud. This is her second time at VMware, having previously led product marketing for end user computing products.  Prior to VMware she held marketing leadership roles at Docker and solo.io in following the evolution of technology abstractions from virtualization, containers, to service mesh. She likes to hang out at the intersection of open source, distributed systems, and enterprise infrastructure software. @bettyjunod  Links: Twitter: https://twitter.com/BettyJunod Vmware.com/cloud: https://vmware.com/cloud TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: You know how git works right?Announcer: Sorta, kinda, not really Please ask someone else!Corey: Thats all of us. Git is how we build things, and Netlify is one of the best way I've found to build those things quickly for the web. Netlify's git based workflows mean you don't have to play slap and tickle with integrating arcane non-sense and web hooks, which are themselves about as well understood as git. Give them a try and see what folks ranging from my fake Twitter for pets startup, to global fortune 2000 companies are raving about. If you end up talking to them, because you don't have to, they get why self service is important—but if you do, be sure to tell them that I sent you and watch all of the blood drain from their faces instantly. You can find them in the AWS marketplace or at www.netlify.com. N-E-T-L-I-F-Y.comCorey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Periodically, I like to poke fun at a variety of different things, and that can range from technologies or approaches like multi-cloud, and that includes business functions like marketing, and sometimes it extends even to companies like VMware. My guest today is the Senior Director of Multi-Cloud Solutions at VMware, so I'm basically spoilt for choice. Betty Junod, thank you so much for taking the time to speak with me today and tolerate what is no doubt going to be an interesting episode, one way or the other.Betty: Hey, Corey, thanks for having me. I've been a longtime follower, and I'm so happy to be here. And good to know that I'm kind of like the ultimate cross-section of all the things [laugh] that you can get snarky about.Corey: The only thing that's going to make that even better is if you tell me, “Oh, yeah, and I moonlight on a contract gig by naming AWS services.” And then I just won't even know where to go. But I'll assume they have to generate those custom names in-house.Betty: Yes. Yes, I think they do those there. I may comment on it after the fact.Corey: So, periodically I am, let's call it miscategorized, in my position on multi-cloud, which is that it's a worst practice that when you're designing something from scratch, you should almost certainly not be embracing unless you're targeting a very specific corner case. And I stand by that, but what that has been interpreted as by the industry, in many cases because people lack nuance when you express your opinions in tweet-sized format—who knew—as me saying, “Multi-cloud bad.” Maybe, maybe not. I'm not interested in assigning value judgment to it, but the reality is that there are an awful lot of multi-cloud deployments out there. And yes, some of them started off as, “We're going to migrate from one to the other,” and then people gave up and called it multi-cloud, but it is nuanced. VMware is a company that's been around for a long time. It has reinvented itself in a few different ways at different periods of its evolution, and it's still highly relevant. What is the Multi-Cloud Solutions group over at VMware? What do you folks do exactly?Betty: Yeah. And so I will start by multi-cloud; we're really taking it from a position of meeting the customer where they are. So, we know that if anything, the only thing that's a given in our industry is that there will be something new in the next six months, next year, and the whole idea of multi-cloud, from our perspective, is giving customers the optionality, so don't make it so that it's a closed thing for them. But if they decide—it's not that they're going to start, “Hey, I'm going to go to cloud, so day one, I'm going to go all-in on every cloud out there.” That doesn't make sense, right, as—Corey: But they all gave me such generous free credit offers when I founded my startup; I feel obligated to at this point.Betty: I mean, you can definitely create your account, log in, play around, get familiar with the console, but going from zero to being fully operationalized team to run production workloads with the same kind of SLAs you had before, across all three clouds—what—within a week is not feasible for people getting trained up and actually doing that. Our position is that meeting customers where they are and knowing that they may change their mind, or something new will come up—a new service—and they really want to use a new service from let's say GCP or AWS, they want to bring that with an application they already have or build a new app somewhere, we want to help enable that choice. And whether that choice applies to taking an existing app that's been running in their data center—probably on vSphere—to a new place, or building new stuff with containers, Kubernetes, serverless, whatever. So, it's all just about helping them actually take advantage of those technologies.Corey: So, it's interesting to me about your multi-cloud group, for lack of a better term, is there a bunch of things fall under its umbrella? I believe Bitnami does—or as I insist on calling it, ‘bitten-A-M-I'—I believe that SaltStack—which I wrote a little bit of once upon a time, which tells me you folks did no due diligence whatsoever because everything I've ever written is molten garbage—Betty: Not [unintelligible 00:04:33].Corey: And—so to be clear, SaltStack is good; just the parts that I wrote are almost certainly terrible because have you met me?Betty: I'll make a note. [laugh].Corey: You have Wavefront, you have CloudHealth, you have a bunch of other things in the portfolio, and yeah, all those things do work across multiple clouds, but there's nothing that makes using any of those things a particularly bad idea even if you're all-in on one cloud provider, too. So, it's a portfolio that applies to a whole bunch have different places from your perspective, but it can be used regardless of where folks stand ideologically.Betty: Yes. So, this goes back to the whole idea that we meet the customers where they are and help them do what they want to do. So, with that, making sure these technologies that we have work on all the clouds, whether that be in the data center or the different vendors, so that if a customer wants to just use one, or two, or three, it's fine. That part's up to them.Corey: The challenge I've run into is that—and maybe this is a ‘Twitter Bubble' problem, but unfortunately, having talked to a whole bunch of folks in different contexts, I know it isn't—there's almost this idea that you have to be incredibly dogmatic about a particular technology that you're into. I joke periodically about the Rust Evangelism Strikeforce where their entire job is talking about using Rust; their primary IDE is PowerPoint because they're giving talks all the time about it rather than writing code. And great, that's a bit of an exaggeration, but there are the idea of a technology purist who is taking, “Things must be this way,” well past a point of being reasonable, and disregarding the reality that, yeah, the world is messy in a way that architectural diagrams never are.Betty: Yeah. The architectural diagrams are always 2D, right? Back to that PowerPoint slide: how can I make pretty boxes? And then I just redraw a line because something new came out. But you and I have been in this industry for a long time, there's always something new.And I think that's where the dogmatism gets problematic because if you say we're only going to do containers this way—you know, I could see Swarm and Kubernetes, or all-in on AWS and we're going to use all the things from AWS and there's only this way. Things are generational and so the idea that you want to face the reality and say that there is a little bit of everything. And then it's kind of like, how do you help them with a part of that? As a vendor, it could be like, “I'm going to help us with a part of it, or I'm going to help address certain eras of it.” That's where I think it gets really bad to be super dogmatic because it closes you off to possibly something new and amazing, new thinking, different ways to solve the same problem.Corey: That's the problem is left to our own devices, most of us who are building things, especially for random ideas, yeah, there's a whole modern paradigm of how I can build these things, but I'm going to shortcut to the thing I know best, which may very well the architectures that I was using 15 years ago, maybe tools that I was using 15 years ago. There's a reason that Vim is still as popular as it is. Would I recommend it to someone who's a new user? Absolutely not; it's user-hostile, but back in my days of being a grumpy sysadmin, you learned vi because it was on everything you could get into, and you never knew in what environment you were going to be encountering stuff. These days, you aren't logging in to remote systems to manage them, in most cases, and when it happens, it's a rarity and a bug.The world changes; different approaches change, but you have to almost reinvent your entire philosophy on how things work and what your career trajectory looks like. And you have to give up aspects of what you've considered to be part of your identity and embrace something new. It was hard for me to accept that, for example, Docker and the wave of containerization that was rolling out was effectively displacing the world that I was deep in of configuration management with Puppet and with Salt. And the world changes; I said, “Okay, now I'll work on cloud.” And if something else happens, and mainframes are coming back again, instead, well, I'm probably not going to sit here railing against the tide. It would be ridiculous to do that from my perspective. But I definitely understand the temptation to fight against it.Betty: Mm-hm. You know, we spend so much time learning parts of our craft, so it's hard to say, “I'm now not going to be an expert in my thing,” and I have to admit that something else might be better and I have to be a newbie again. That can be scary for someone who's spent a lot of time to be really well-versed in a specific technology. It's funny that you bring up the whole Docker and Puppet config management; I just had a healthy discussion over Slack with some friends. Some people that we know and comment about some of the newer areas of config management, and the whole idea is like, is it a new category or an evolution of? And I went back to the point that I made earlier is like, it's generations. We continually find new ways to solve a problem, and one thing now is it [sigh] it just all goes so much faster, now. There's a new thing every week. [laugh] it seems sometimes.Corey: It is, and this is the joy of having been in this industry for a while—toxic and broken in many ways though it is—is that you go through enough cycles of seeing today's shiny, new, amazing thing become tomorrow's legacy garbage that we're stuck supporting, which means that—at least from my perspective—I tend to be fairly conservative with adopting new technologies with respect to things that matter. That means that I'm unlikely to wind up looking at the front page of Hacker News to pick a framework to build a banking system in, and I'm unlikely to be the first kid on my block to update to a new file system or database, just because, yeah, if I break a web server, we all laugh, we make fun of the fact that it throws an error for ten minutes, and then things are back up and running. If I break the database, there's a terrific chance that we don't have a company anymore. So, it's the ‘mistakes will show' area and understanding when to be aggressive and when to hold back as far as jumping into new technologies is always a nuanced decision. And let's be clear as well, an awful lot of VMware's customers are large companies that were founded, somehow—this is possible—before 2010. Imagine that. Did people—Betty: [laugh]. I know, right?Corey: —even have businesses or lives back then? I thought we all used horse-driven carriages and whatnot. And they did not build on cloud—not because of any perception of distrust; because it functionally did not exist at the time that they were building these things. And, “Oh, come out into the cloud. It's fine now.” It… yeah, that application is generating hundreds of millions in revenue every quarter. Maybe we treat that with a little bit of respect, rather than YOLO-ing it into some Lambda-driven monster that's constructed—Betty: One hundred—Corey: —out of popsicle sticks and glue.Betty: —percent. Yes. I think people forget that. And it's not that these companies don't want to go to cloud. It's like, “I can't break this thing. That could be, like, millions of dollars lost, a second.”Corey: I write my weekly newsletters in a custom monstrosity of a system that has something like 30-some-odd Lambda functions, a bunch of API gateways that are tied together with things, and periodically there are challenges with it that break as the system continues to evolve. And that's fine. And I'm okay with using something like that as a part of my workflow because absolute worst case, I can go back to the way that my newsletter was originally written: in Google Docs, and it doesn't look anywhere near the same way, and it goes back to just a text email that starts off with, “I have messed up.” And that would be a better story than most of the stuff I put out as a common basis. Similarly, yeah, durability is important.If this were a serious life-critical app, it would not just be hanging out in a single region of a single provider; it would probably be on one provider, as I've talked about, but going multi-region and having backups to a different cloud provider. But if AWS takes a significant enough outage to us-west-2 in Oregon, to the point where my ridiculous system cannot function to write the newsletter, that too, is a different handwritten email that goes out that week because there's no announcement they've made that anyone's going to give the slightest toss about, given the fact that it's basically Cloud Armageddon. So, we'll see. It's about understanding the blast radius and understanding your use case.Betty: Yep. A hundred percent.Corey: So, you've spent a fair bit of time doing interesting things in your career. This is your second outing at VMware, and in the interim, you were at solo.io for a bit, and before that you were in a marketing leadership role at Docker. Let's dive in, if you will. Given that you are no longer working at Docker, they recently made an announcement about a pricing model change, whereas it is free to use Docker Desktop for anyone's personal projects, and for small companies.But if you're a large company, which they define is ten million in revenue a year or 250 employees—those two things don't go alike, but okay—then you have to wind up having a paid plan. And I will say it's a novel approach, but I'm curious to hear what you have to say about it.Betty: Well, I'd say that I saw that there was a lot of flutter about that news, and it's kind of a, it doesn't matter where you draw the line in the sand for the tier, there's always going to be some pushback on it. So, you have to draw a line somewhere. I haven't kept up with the details around the pricing models that they've implemented since I left Docker a few years ago, but monetization is a really important part for a startup. You do have to make money because there are people that you have to pay, and eventually, you want to get off of raising money from VCs all the time. Docker Desktop has been something that has been a real gem from a local developer experience, right, giving the—so that has been well-received by the community.I think there was an enterprise application for it, but when I saw that, I was like, yeah, okay, cool. They need to do something with that. And then it's always hard to see the blowback. I think sometimes with the years that we've had with Docker, it's kind of like no matter what they do, the Twitterverse and Hacker News is going to just give them a hard time. I mean, that is my honest opinion on that. If they didn't do it, and then, say, they didn't make the kind of revenue they needed, people would—that would become another Twitter thread and Hacker News blow up, and if they do it, you'll still have that same reaction.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: It seems to be that Docker has been trying to figure out how to monetize for a very long time because let's be clear here; I think it is difficult to overstate just how impactful and transformative Docker was to the industry. I gave a talk “Heresy in the Church of Docker” that listed a bunch of things that didn't get solved with Docker, and I expected to be torn to pieces for it, and instead I was invited to give it at ContainerCon one year. And in time, a lot of those things stopped being issues because the industry found answers to it. Now, unfortunately, some of those answers look like Kubernetes, but that's neither here nor there. But now it's, okay, so giving everything that you do that is core and central away for free is absolutely part of what drove the adoption that it saw, but goodwill from developers is not the sort of thing that generally tends to lead to interesting revenue streams.So, they had to do something. And they've tried a few different things that haven't seemed to really pan out. Then they spun off that pesky part of their business that made money selling support contracts, over to Mirantis, which was apparently looking for something now that OpenStack was no longer going to be a thing, and Kubernetes is okay, “Well, we'll take Docker enterprise stuff.” Great. What do they do, as far as turning this into a revenue model?There's a lot of the, I guess, noise that I tend to ignore when it comes to things like this because angry people on Twitter, or on Hacker News, or other terrible cesspools on the internet, are not where this is going to be decided. What I'm interested in is what the actual large companies are going to say about it. My problem with looking at it from the outside is that it feels as if there's significant ambiguity across the board. And if there's one thing that I know about large company procurement departments, it's that they do not like ambiguity. This change takes effect in three or four months, which is underwear-outside-the-pants-superhero-style speed for a lot of those companies, and suddenly, for a lot of developers, they're so far removed from the procurement side of the house that they are never going to have a hope of getting that approved on a career-wide timespan.And suddenly, for a lot of those companies, installing and running Docker Desktop just became a fireable offense because from the company's perspective, the sheer liability side of it, if they were getting subject to audit, is going to be a problem. I don't believe that Docker is going to start pulling Oracle-like audit tactics, but no procurement or risk management group in the world is going to take that on faith. So, the problem is not that it's expensive because that can be worked around; it's not that there's anything inherently wrong with their costing model. The problem is the ambiguity of people who just don't know, “Does this apply to me or doesn't this apply to me?” And that is the thing that is the difficult, painful part.And now, as a result, the [unintelligible 00:17:28] groups and their champions of Docker Desktop are having to spend a lot more time, energy, and thought on this than it would simply be for cutting a check because now it's a risk org-wide, and how do we audit to figure out who's installed this previously free open-source thing? Now what?Betty: Yeah, I'll agree with you on that because once you start making it into corporate-issued software that you have to install on the desktop, that gets a lot harder. And how do you know who's downloaded it? Like my own experience, right? I have a locked-down laptop; I can't just install whatever I want. We have a software portal, which lets me download the approved things.So, it's that same kind of model. I'd be curious because once you start looking at from a large enterprise perspective, your developers are working on IP, so you don't want that on something that they've downloaded using their personal account because now it sits—that code is sitting with their personal account that's using this tool that's super productive for them, and that transition to then go to an enterprise, large enterprise and going through a procurement cycle, getting a master services agreement, that's no small feat. That's a whole motion that is different than someone swiping a credit card or just downloading something and logging in. It's similar to what you see sometimes with the—how many people have signed up for and paid 99 bucks for Dropbox, and then now all of a sudden, it's like, “Wow, we have all of megacorp [laugh] signed up, and then now someone has to sell them a plan to actually manage it and make sure it's not just sitting on all these personal drives.”Corey: Well, that's what AWS's original sales motion looked a lot like they would come in and talk to the CTO or whatnot at giant companies. And the CTO would say, “Great, why should we pick AWS for our cloud needs?” And the answer is, “Oh, I'm sorry. You have 87 distinct accounts within your organization that we've [unintelligible 00:19:12] up for you. We're just trying to offer you some management answers and unify the billing and this, and probably give you a discount as well because there is price breaks available at certain sizing.” It was a different conversation. It's like, “I'm not here to sell you anything. We're already there. We're just trying to formalize the relationship.” And that is a challenge.Again, I'm not trying to cast aspersions on procurement groups. I mean, I do sell enterprise consulting here at The Duckbill Group; we deal with an awful lot of procurement groups who have processes and procedures that don't often align to the way that we do things as a ten-person, fully remote company. We do not have commercial vehicle insurance, for example, because we do not have a commercial vehicle and that is a prerequisite to getting the insurance, for one. We're unlikely to buy one to wind up satisfying some contractual requirements, so we have to go back and forth and get things like that removed. And that is the nature of the beast.And we can say yes, we can say no on a lot of those questionnaires, but, “It depends,” or, “I don't know,” is the sort of thing that's going to cause giant red flags and derail everything. But that is exactly what Docker is doing. Now, it's the well, we have a sort of sloppy, weird set of habits with some of our engineers around the bring your own device to work thing. So, that's the enterprise thing. Let me be very clear, here at The Duckbill Group, we have a policy of issuing people company machines, we manage them very lightly just to make sure the drives are encrypted, so they—and that the screensaver comes out with a password, so if someone loses a laptop, it's just, “Replace the hardware,” not, “We have a data breach.”Let's be clear here; we are responsible about these things. But beyond that, it's oh, you want to have some personal thing installed on your machine or do some work on that stuff? Fine. By all means. It's a situation of we have no policy against it; we understand this is how work happens, and we trust people to effectively be grownups.There are some things I would strongly suggest that any employee—ours or anyone else—not cross the streams on for obvious IP ownership rights and the rest, we have those conversations with our team for a reason. It's, understand the nuances of what you're doing, and we're always willing to throw hardware at people to solve these problems. Not every company is like that. And ten million in revenue is not necessarily a very large company. I was doing the math out for ten million in revenue or 250 employees; assuming that there's no outside investment—which with VC is always a weird thing—it's possible—barely—to have a $10 million in revenue company that has 250 employees, but if they're full time they are damn close to a $15 an hour minimum wage. So, who does it apply to? More people than you might believe.Betty: Yeah, I'm really curious to how they're going to like—like you say, if it takes place in three or four months, roll that out, and how would you actually track it and true that up for people? So.Corey: Yeah. And there are tools and processes to do this, but it's also not in anyone's roadmap because people are not sitting here on their annual planning periods—which is always aspirational—but no one's planning for, “Oh, yeah, Q3, one of our software suppliers is going to throw a real procurement wrench at us that we have to devote time, energy, resources, and budget to figure out.” And then you have a problem. And by resources, I do mean resources of basically assigning work and tooling and whatnot and energy, not people. People are humans, they are not resources; I will die on that hill.Betty: Well, you know, actually resource-wise, the thing that's interesting is when you say supplier, if it's something that people have been able to download for free so far, it's not considered a supplier. So, it's—now they're going to go from just a thing I can use and maybe you've let your developers use to now it has to be something that goes through the official internal vetting as being a supplier. So, that's just—it's a whole different ball game entirely.Corey: My last job before I started this place, was a highly regulated financial institution, and even grabbing things were available for free, “Well, hang on a minute because what license is it using and how is it going to potentially be incorporated?” And this stuff makes sense, and it's important. Now, admittedly, I have the advantage of a number of my engineering peers in that I've been married to a corporate attorney for 11 years and have insight into that side of the world, which to be clear, is all about risk mitigation which is helpful. It is a nuanced and difficult field to—as are most things once you get into them—and it's just the uncertainty that befuddles me a bit. I wish them well with it, truly I do. I think the world is better with an independent Docker in it, but I question whether this is going to find success. That said, it doesn't matter what I think; what matters is what customers say and do, and I'm really looking forward to seeing how it plays out.Betty: A hundred percent; same here. As someone who spent a good chunk of my life there, their mark on the industry is not to be ignored, like you said, with what happened with containers. But I do wish them well. There's lot of good people over there, it's some really cool tech, and I want to see a future for them.Corey: One last topic I want to get into before we wind up wrapping this episode is that you are someone who was nominated to come on the show by a couple of folks, which is always great. I'm always looking for recommendations on this. But what's odd is that you are—if we look at it and dig a little bit beneath the titles and whatnot, you even self-describe as your history is marketing leadership positions. It is uncommon for engineering-types to recommend that I talk to marketing folks.s personally I think that is a mistake; I consider myself more of a marketer than not in some respects, but it is uncommon, which means I have to ask you, what is your philosophy of marketing because it very clearly is differentiated in the public eye.Betty: I'm flattered. I will say that—and this goes to how I hire people and how I coach teams—it's you have to be super curious because there's a ton of bad marketing out there, where it's just kind of like, “Hey, we do these five things and we always do these five things: blah, blah, blah, blah, blah.” But I think it's really being curious about what is the thing that you're marketing? There are people who are just focused on the function of marketing and not the thing. Because you're doing your marketing job in the service of a thing, this new widget, this new whatever, and you got to be super curious about it.And I'll tell you that, for me, it's really hard for me to market something if I'm not excited about it. I have to personally be super excited about the tech or something happening in the industry, and it's, kind of like, an all-in thing for me. And so in that sense, I do spend a ton of time with engineers and end-users, and I really try to understand what's going on. I want to understand how the thing works, and I always ask them, “Well”—so I'll ask the engineers, like, “So… okay, this sounds really cool. You just described this new feature and you're super excited about it because you wrote it, but how is your end-user, the person you're building this for, how did they do this before? Help me understand. How did they do this before and why is this better?”Just really dig into it because for me, I want to understand it deeply before I talk about it. I think the thing is, it shows a tremendous amount of respect for the builder, and then to try to really be empathetic, to understand what they're doing and then partner with them—I mean, this sounds so business-y the way I'm talking about this—but really be a partner with them and just help them make their thing really successful. I'm like the other end; you're going to build this great thing and now I'm going to make it sound like it's the best thing that's ever happened. But to do that, I really need to deeply understand what it is, and I have to care about it, too. I have to care about it in the way that you care about it.Corey: I cannot effectively market or sell something that I don't believe in, personally. I also, to be clear because you are a marketing professional—or at least far more of one than I ever was—I do not view what I do is marketing; I view it as spectacle. And it's about telling stories to people, it's about learning what the market thinks about it, and that informs product design in many respects. It's about understanding the product itself. It's about being able to use the product.And if people are listening to this and think, “Wait a minute, that sounds more like DevRel.” I have news for you. DevRel is marketing, they're just scared to tell you that. And I know people are going to disagree with me on that. You're wrong. But that's okay; reasonable people can disagree.And that's how I see it is that, okay, I'll talk to people building the service, I'll talk to people using the service, but then I'm going to build something with the service myself because until then, it's all a game of who sounds the most convincing in the stories that they tell. But okay, you can tell an amazing story about something, but if it falls over when I tried to use it, well, I'm sorry, you're not being accurate in your descriptions of it.Betty: A hundred percent. I hate to say, like, you're storytellers, but that's a big part of it, but it's kind of like you want to tell the story, so you do something to that people believe a certain thing. But that's part of a curated experience because you want them to try this thing in a certain way. Because you've designed it for something. “I built a spoon. I want you to use that to eat your soup because you can't eat soup with a fork.”So, then you'll have this amazing soup-eating experience, but if I build you a spoon and then not give you any directions and you start throwing it at cars, you're going to be like, “This thing sucks.” So, I kind of think of it in that way. To your point of it has to actually work, it's like, but they also need to know, “What am I supposed to use it for?”Corey: The problem I've always had on some visceral level with formal marketing departments for companies is that they can say that a product that they sell is good, they can say that the product is great, or they can choose to say nothing at all about that product, but when there's a product in the market that is clearly a turd, a marketing department is never going to be able to say that, which I think erodes its authenticity in many respects. I understand the constraints behind, that truly I do, but it's the one superpower I think that I bring to the table where even when I do sponsorship stuff it's, you can buy my attention but not my opinion. Because the authenticity of me being trusted to call them like I see them, for lack of a better term, to my mind at least outweighs any short-term benefit from saying good things about a product that doesn't deserve them. Now, I've been wrong about things, sure. I have also been misinformed in both directions, thinking something is great when it's not, or terrible when it isn't or not understanding the use case, and I am thrilled to engage in those debates. “But this is really expensive when you run for this use case,” and the answer can be, “Well, it's not designed for that use case.” But the answer should not be, “No it's not.” I promise you, expensive is in the eye of the customer not the person building the thing.Betty: Yes. This goes back to I have to believe in the thing. And I do agree it's, like not [sigh]—it's not a panacea. You're not going to make Product A and it's going to solve everything. But being super clear and focused on what it is good for, and then please just try it in this way because that's what we built it for.Corey: I want to thank you for taking the time to have a what for some people is no doubt going to be perceived as a surprisingly civil conversation about things that I have loud, heated opinions about. If people want to learn more, where can they find you?Betty: Well, they can follow me on Twitter. But um, I'd say go to vmware.com/cloud for our work thing.Corey: Exactly. VM where? That's right. VM there. And we will, of course, put links to that in the [show notes 00:30:07].Betty: [laugh].Corey: Thank you so much for taking the time to speak with me. I appreciate it.Betty: Thanks, Corey.Corey: Betty Junod, Senior Director of Multi-Cloud Solutions at VMware. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a loud, ranting comment at the end. Then, if you work for a company that is larger than 250 people or $10 million in revenue, please also Venmo me $5.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

VMware est une société bien connue pour ses outils d'infrastructure tels que ESX, vSphere ou NSX. Mais ce qu'on connaît moins sans doute, c'est le virage vers l'open source qu'a pris VMware ces dernières années. Et Kubernetes n'y est peut-être pas pour rien dans cette histoire. En effet, si elle s'appuie toujours sur son cœur de métier, l'offre Tanzu fait aussi la part belle à des projets open sources tel que Spring, Harbor ou Antrea. Bien sûr, ce virage s'appuie en partie sur le rachat de Pivotal, d'Heptio et de Bitnami, mais il semblerait qu'il est en train de changer l'ADN même de VMware pour en faire une société plus tournée vers sa communauté, même s'il elle n'en délaisse pas pour autant les entreprises qui lui font confiance depuis des années. Dans cet épisode je reçois Alexandre Caussignac, Senior Solution Engineering Manager chez VMware et Alexandre Roman, Tanzu Senior Solution Engineer, qui me parlent de l'offre Tanzu et du virage de VMware vers l'open source. Notes de l'épisode Spring : https://electro-monkeys.fr/41-les-defis-de-java-et-du-cloud-natif-spring-boot-avec-stephane-nicoll/ Cloud Native Buildpacks : https://buildpacks.io/ Open Policy Agent (OPA) : https://www.openpolicyagent.org/ Antrea : https://electro-monkeys.fr/65-antrea-un-sdn-dans-votre-kubernetes-avec-antonin-bas/

Guest Jono Bacon Panelists Justin Dorfman | Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we have as our special guest, Jono Bacon, a self-employed Community and Collaboration Consultant, author, speaker, and Founder of Jono Bacon Consulting. Jono tells us about his interesting journey with his career, the diversity of his clients, a concern he has with chat channels, and why community is the most important thing in open source. He talks about developers and how to help them see their value and potential to achieve their goals. We learn more about some of the things Jono wrote, including his most recent book, People Powered: How Communities Can Supercharge Your Business, Brands, and Teams, _and how he got the _“star power” behind it. Also, he also shares an awesome story when he worked at XPRIZE, and something that made him realize how unique the open source world really is. Go ahead and download this episode to hear much more! [00:01:46] Jono tells us how he ended up doing what he does. [00:03:36] We find out the type of clients Jono has and how he gets them often through referrals. [00:06:34] Jono talks about how he feels about Discord, Discourse, Gitter, and the open source IRC replacements that are going on right now. [00:09:42] Richard asks Jono what he thinks the value is of having these side conversations, and how does that help community members have better engagement and build value for them. [00:13:28] Jono shares his opinion on one of the flaws with individuals in open source and why community is the most important thing. [00:16:46] Richard wonders how Jono balances the needs of emotionally connecting to everyone in your group and how he makes sure that developers know there is a balance to be met to have the community thrive. [00:20:30] We learn about some things Jono wrote and he tells us about his most recent book, _People Powered: How Communities Can Supercharge Your Business, Brands, and Teams. _Justin wonders how he got the “star power,” such as Jamie Hyneman and Joseph Gordon-Levitt, in his book. [00:28:01] We hear an awesome story when Jono worked at XPRIZE and how personalities of people made him realize how unique the open source world really is. [00:31:42] Richard asks Jono if there are any challenges, anything open source needs help with, and what is down the road for us. [00:36:44] Find out where you can follow Jono online and learn more about what he does. Quotes [00:07:25] “The second priority that I've got is by extension, that anybody who joins the community should get amazing value out of it.” [00:07:32] “As far as I concerned, if you join a community and you don't get value out of it, that community hasn't earned you.” [00:07:56] “One of the concerns I have with chat channels and chat services in general and I'd include Slack, Mattermost, Discord, Git, all of these, is that by definition, it's a linear stream of consciousness. So Slack claims that they've got history and you can kind of unlock history for example if you pay for it. It just doesn't work.” [00:08:41] “That's why I think even Slack, don's say this is for community building, it's for building teams.” [00:10:00] “So, to me what brings people into communities is they're there to solve a problem. They're there to improve their future state, such as they're using pieces of open source software, and they want to make better use of it and solve their problems or build their applications.” [00:10:16] “I think what people stay for in the community is an intrinsic sense of belonging and a sense that this is just a good place for me to be.” [00:13:26] “My take on this is I think one of the flaws of a lot of open source communities, not so much communities but more individuals, is that they always talk about the most important thing is code, is getting code that can be created and shared with a group of people.” [00:13:57] “But to me, I'm engineering for impact here, whether you're building a little project to just make certain types of unit testing easier, or whether you're building a replacement for a major piece of proprietary software.” [00:14:48] “ The reason why I'm so passionate about community is because if you take a hundred people inside of those hundred people, there are so many ideas and insights and experiences and skills, and so much time available. Then when we can get all of that out into the open, it makes us the best we can be as people.” [00:17:28] “But, I think most people, a much more kind of, I guess you could say practical than that, and they will do something if they can see the value, and it's worth it, and they can achieve their broader outcomes.” [00:18:36] “You need to be inclusive, not just in terms of a rich demographic of people, which is always important, diversity of race and sexuality and all those wonderful things.” [00:18:48] “But just a diversity of ideas and letting people come in and take your little baby, which is this project, and just put new clothes on it and see what it can do.” [00:19:21] “It's kind of like someone says I'd like to learn to cook and I basically give them everything they need to be a Michelin Star Chef.” [00:27:31] “Eric Holscher probably has had a larger impact on the world. Read the Docs is amazing, and you know he's a really down to earth guy who's not famous who you wouldn't recognize.” [00:33:01] “The platform should be holding your hand and showing you how to do.” [00:33:47] “I would also go as far to say that I think we, as a community, need to get over this obsession with metrics.” [00:34:14] “I would much rather say, okay, what are the things we don't know today and what are the three metrics that we can use to figure that out?” [00:34:37] “Sure, I can see, for example, all of these metrics about how a project in GitHub is performing, but I think what most developers want to know is what does normal look like?” [00:35:00] “I think if we really want to build scale with open source, which I think we can, and we've seen scale happening, open source is real in the world, but the platforms have got to help that long tail of projects succeed more with community building.” [00:35:42] “So to me, diversity is not just a great code of conduct, but also it's great leadership, and it's great moderation, and it's inspiring diverse collaboration as well.” Spotlight [00:37:46] Justin's spotlight is Bitnami. [00:38:14] Richard's spotlight is The Book of Knights by Yves Meynard. [00:38:48] Jono's spotlight is a project called Arches. Links Jono Bacon Website (https://www.jonobacon.com/) Jono Bacon Twitter (https://twitter.com/jonobacon) Jono Bacon Linkedin (https://www.linkedin.com/in/jonobacon/) [People Powered: How Communities Can Supercharge Your Business, Brand, and Teams by Jono Bacon](https://www.amazon.com/People-Powered-Communities-Supercharge-Business/dp/1400214882/ref=sr11?dchild=1&keywords=people+powered&qid=1621619908&sr=8-1) [The Art of Community: Building the New Age of Participation by Jono Bacon](https://www.amazon.com/Art-Community-Building-New-Participation/dp/1449312063/ref=sr14?dchild=1&keywords=jono+bacon&qid=1621620040&sr=8-4) Bitnami (https://bitnami.com/) [The Book of Knights by Yves Meynard](https://www.amazon.com/Book-Knights-Yves-Meynard/dp/0312864825/ref=sr11?crid=W2ZBQ8JJ2WPQ&dchild=1&keywords=the+book+of+knights+by+yves+meynard&qid=1621633116&sprefix=the+book+of+knights%2Caps%2C162&sr=8-1) Arches Project (https://www.archesproject.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Jono Bacon.

About SanjaySanjay Poonen is the former COO of VMware, where he was responsible for worldwide sales, services, support, marketing and alliances. He was also responsible for the Security strategy and business at VMware. Prior to SAP, Poonen held executive roles at SAP, Symantec, VERITAS and Informatica, and he began his career as a software engineer at Microsoft, followed by Apple. Poonen holds two patents as well as an MBA from Harvard Business School, where he graduated a Baker Scholar; a master's degree in management science and engineering from Stanford University; and a bachelor's degree in computer science, math and engineering from Dartmouth College, where he graduated summa cum laude and Phi Beta Kappa.Links: VMware: https://www.vmware.com/ leadership values: https://www.youtube.com/watch?v=lxkysDMBM0Q Twitter: https://twitter.com/spoonen LinkedIn: https://www.linkedin.com/in/sanjaypoonen/ spoonen@vmware.com: mailto:spoonen@vmware.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It’s an awesome approach. I’ve used something similar for years. Check them out. But wait, there’s more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It’s awesome. If you don’t do something like this, you’re likely to find out that you’ve gotten breached, the hard way. Take a look at this. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That’s canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I’m a big fan of this. More from them in the coming weeks.Corey: Let’s be honest—the past year has been a nightmare for cloud financial management. The pandemic forced us to move workloads to the cloud sooner than anticipated, and we all know what that means—surprises on the cloud bill and headaches for anyone trying to figure out what caused them. The CloudLIVE 2021 virtual conference is your chance to connect with FinOps and cloud financial management practitioners and get a behind-the-scenes look into proven strategies that have helped organizations like yours adapt to the realities of the past year. Hosted by CloudHealth by VMware on May 20th, the CloudLIVE 2021 conference will be 100% virtual and 100% free to attend, so you have no excuses for missing out on this opportunity to connect with the cloud management community. Visit cloudlive.com/coreyto learn more and save your virtual seat today. That’s cloud-l-i-v-e.com/corey to register.Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. I talk a lot about cloud in a variety of different contexts; this show is about the business of cloud. But, fundamentally, where cloud comes from was this novel concept, once upon a time, of virtualization. And that gave rise to a whole bunch of other things that later became, then containers, now it becomes Kubernetes, and if you want to go down the serverless path, you can.But it’s hard to think of a company that has had more impact on virtualization and that narrative than VMware. My guest today is Sanjay Poonen, Chief Operating Officer of VMware. Thank you for joining me.Sanjay: Thanks, Corey Quinn, it’s great to be with you and with your audience on this show.Corey: So, let’s start with the fun slash difficult questions. It’s easy to look at VMware as a way of virtualizing existing bare-metal workloads and moving those VMs around, but in many respects, that is perceived by some—ehem, ehem—to be something of a legacy model of cloud interaction where it solves the problem of on-premises, which is I’m really bad at running data centers so I’m just going to treat the cloud like a data center. And for some companies and some workloads, where, great, that’s fine. But isn’t that, I guess, a V1 vision of cloud, and if it is, why is VMware relevant to that?Sanjay: Great question, Corey. And I think it’s great to be straight up on a topic [unintelligible 00:02:01]. Yeah, I think you’re right. Listen, the ‘V’ in VMware is virtualization. The ‘VM’ is virtual machines.A lot of what is the underpinning of what made the private cloud, as we call it today, but the data center of the past successful was this virtualization technology. In the old days, people would send us electricity bills, before and after VMware, and how much they’re saving. So, this energy-saving concept of virtualization has been profound in the modernization of the data center and the advent of what’s called the private cloud. But as you looked at the public cloud innovate, whether it was AWS or even the SaaS applications—I mean, listen, the most popular capability initially on AWS was EC2 and S3, and the core of EC2 is virtualization. I think what we had to do, as this happened, was the foundation was certainly those services like EC2 and S3, but very quickly, the building phenomenon that attracted hundreds of thousands and I think now probably a few million customers to AWS was the large number of services, probably now 150, 200-odd services, that were built on top of that for everything from data, to AI, to a variety of other things that every year Andy Jassy and the team would build up.So, we had to make sure that over the course of the last, I’d say, certainly the last five to maybe eight years, we were becoming relevant to our customers that were a mix. There were customers who were large—I mean, we have about half a million customers—and in many cases, they have about 80, 90% of their workloads running on-prem and they want to move those workloads to the cloud, but they can’t just refactor and re-platform all of those apps that are running in the on-premise world. When they will try to do it by the end of the year—they may have 1000 applications—they got 10 done.Corey: Oh, and it’s not realistic and it’s unfair. I mean, there’s the idea of, “Oh, that’s legacy,” which is condescending engineering speak for it actually makes money because it’s been around for longer than six months. And sure you can have Twitter For Pets roll stuff out every day that you want; when you’re a bank, you have different constraints forced upon you. And I’m very sympathetic to folks who are in scenarios where they aren’t, for whatever reason, able to technically, culturally, or for regulatory reasons, be able to do continuous deployment of everything. I want to be very clear that I’ve in no way passing judgment on an entire sector of enterprise.Sanjay: But while that sector is important, there was also another sector starting to emerge: the Airbnbs, the Pinterests, the modern companies who may not need VMware at all as they’re building native, but may need some of our container in a new open-source capabilities. SaltStack was one of them; we will talk about that, I’m sure. So, we needed to be relevant to both customer communities because the Airbnbs of today, will be the Marriotts of tomorrow. So, we had to really rethink what is the future of VMware, what’s our existence in a public cloud phenomenon? That’s really what led to a complete watershed moment.I called publicly in the past sort of a Berlin Wall moment where Amazon and VMware were positioned pretty much as competitors for a long period of time when AWS was first started. Not that Andy was going around talking negatively about VMware, but I think people view these as two separate doors, and never the twain would meet. But when we decided to partner with them—I then quite frankly, the precursor to that was us divesting our public cloud strategy. We’d tried to build a competitive public cloud called vCloud Air between the period of 2012 and 2015, 2016—we had to reach an end of that movement, and catharsis of that, divest that asset, and it opened the door for a strategic partnership. But now we can go back to those customers and help them move their applications in a way that’s highly efficient, almost like a house on wheels, and then once it’s in that location in AWS—or one of the other public clouds—you can modernize it, too.So, then you get to both get the best of both worlds: get it into the public cloud, maybe retire some of your data centers if that’s what you want to do, and then modernize it with all the beautiful services. And that’s the best of both worlds. Now, if you have 1000 applications, you’re moving hundreds of them into the public cloud, and then using all of the powerful developer services on that VMware stack that’s built on the bare metal of AWS. So, we started out with AWS, but very quickly then, all the other public clouds, maybe the five or six that are named in the Gartner Magic Quadrant, came to us and said, “Well, if you’re doing that with AWS, would you consider doing that with us, too?”Corey: There’s definitely been an evolution of VMware. I mean, it’s in the name; you have the term VM sitting there. It’s easy to, at least from where I sit, think of, “Oh, VMware, back when running virtual machines was novel.” And there was a lot of skepticism around the idea. I’m going to level with you; I was a skeptic around virtualization. Then around cloud. Then around containers.And now I’m trying—all right I’m going to be in favor of serverless, which is almost certain to doom it because everything else that I’ve been skeptical of in this sense beyond any reasonable measure. So, there is this idea that VMs are this sort of old-school thinking. And that’s great if you have an existing workload that needs to be migrated, but there are a finite number of those in the world. As we turn towards net-new and greenfield build-outs, a lot of things are a lot more cloud-native than just hosting a bunch of—if you take the AWS example—EC2 instances hanging out in the network talking to other EC2 instances. Taking advantage of native offerings definitely seems to be on the rise. And there have been acquisitions that VMware has made. You talk about SaltStack, which was a great example, given that I wrote part of that very early on, and I don’t think the internet’s ever forgiven me for it. But also Bitnami—or BittenAMI, as I insist on pronouncing it—and you also acquired Wavefront. There’s a lot of interesting stuff that feels almost like a setting up a dichotomy of new VMware versus old VMware. What are the points of commonality there? What is the vision for the next 15 years of the company?Sanjay: Yeah, I think when we think about it, it’s very important that, first off, we acknowledge that our roots are what gives us sustenance because we have a large customer base that uses us. We have 80 million workloads running on that VMware infrastructure, formerly ESX, now vSphere. And that’s our heritage, and those customers are happy. In fact, they’re not, like, fleeing like birds into there, so we want to care for those customers.But we have to have a north star, like a magnet that pulls us into the modern world. And that’s been—you know, I talked about phase one was this really charting of the future of VMware for the cloud. Just as important has been focused on cloud-native and containers the last three, four years. So, we acquired Heptio. As you know, Heptio was founded by some of the inventors of Kubernetes who left Google, Joe Beda, and Craig McLuckie.And with that came a strong I would say relevancy, and trust to the Kubernetes, we’ve become one of the leading contributors to open-source Kubernetes. And that brain trust now, some of whom are at VMWare and many are in the community think of us very differently. And then we’ve supplemented that with many other moves that are much more cloud-native. You mentioned two or three of them: Bitnami, for that sort of marketplace; and then SaltStack for what we have been able to do in configuration management and infrastructure automation; Wavefront for container-based workloads. And we’re not done, and we think, listen, there will be many, many more things that the first 10, 15 years of VMware was very much about optimizing the private cloud, the next 10, 15 years could be optimizing for that app modernization cloud-native world.And we think that customers will want something that can work in a multi-cloud fashion. Now, multi-cloud for us is certainly private cloud and edge cloud, which may have very little to do with hardware that’s in the public cloud, but also AWS, Azure, and two or three other clouds. And if you think of each of these public clouds as mini skyscrapers—so AWS has 50 billion in revenue; I’m going to guess Azure is, like, 30, and then Google is I don’t know 12, 13; and then everyone else, and they’re all skyscrapers are different—it’s like, if we can be that company that fills the crevices between them with cement that’s valuable so that people can then build their houses on top of that, you’re probably not going to be best served with a container Stack that’s trapped to just one cloud. And then over time, you don’t have reasonable amount of flexibility if you choose to change that direction. Now, some people might say, “Listen, multi-cloud is—who cares about that?”But I think increasingly, we’re hearing from customers a desire to have more than just one cloud for a variety of reasons. They want to have options, portability, flexibility, negotiating price, in addition to their private cloud. So, it’s a two plus one, sometimes it might be a two plus two, meaning it’s a private cloud and the edge cloud. And I think VMware is a tremendous proposition to be that Switzerland-type company that’s relevant in a private cloud, one or two public clouds, and an edge cloud environment, Corey.Corey: Are you seeing folks having individual workloads that they want to flow from one cloud to another in a seamless way, or is it more aligned along an approach of having workload A lives in this cloud and workload B lives in this cloud? And you’re in a terrific position to opine on that more than most, given who you are.Sanjay: Yeah. We’re not yet as yet seeing these floating workloads that start here and move around, that’s—usually you build an application with purpose. Like, it sits here in this cloud and of course. But we’re seeing, increasingly, interest at customers’ not tethering it to proprietary services only. I mean, certainly, if you’re going to optimize it for AWS, you’re going to take advantage of EC2, S3, and then many of the, kind of, very capable [unintelligible 00:11:24], Aurora, there are others that might be there.But over time, especially the open-source movement that brings out open-source data services, open-source tooling, containers, all of that stuff, give ultimately customers the hope that certainly they should add economic value and developer productivity value, but they should also create some potential portability so that if in the future you wanted to make a change, you’re not bound to that cloud platform. And a particular cloud may not like us saying this, but that’s just the fact of how CIOs today are starting to think much more so as they build these up and as many of the other public clouds start to climb in functionality. Now, there are other use cases where particular SaaS applications of SaaS services are optimized for a particular [unintelligible 00:12:07], for example, Office 365, someone’s using a collaboration app, typically, there’s choices of one or two, you’re either using a G Suite and then it’s tied to Google, or it’s Office 365. But even there, we’re starting to see some nibbling around the edges. Just the phenomenon of Zoom; that wasn’t a capability that Microsoft brought very—and the services from Google, or Amazon, or Microsoft was just not as good as Zoom.And Zoom just took off and has become the leading video collaboration platform because they’re just simple, easy to use, and delightful. It doesn’t matter what infrastructure they run on, whether it’s AWS, I mean, now they’re running some of their workloads on Oracle. Who cares? It’s a SaaS service. So, I think increasingly, I think there will be a propensity towards SaaS applications over custom building. If I can buy it why would I want to build a video collaboration app myself internally, if I can buy it as a SaaS service from Zoom, or whoever have you?Corey: Oh, building it yourself would be ludicrous unless that was one of your core competencies.Sanjay: Exactly.Corey: And Zoom seems to have that on lock.Sanjay: Right. And so similarly, to the extent that I think IT folks can buy applications that are more SaaS than custom-built, or even on-prem, I mean, Salesforce—the success of Salesforce, and Workday, and Adobe, and then, of course, the smaller ones like Zoom, and Slack, and so on. So, it’s clear evidence that the world is going to move towards SaaS applications. But where you have to custom build an application because it’s very unique to your business or to something you need to very snap quickly together, I think there’s going to be increasingly a propensity towards using open-source types of tooling, or open-source platforms—Kubernetes being the best example of that—that then have some multi-cloud characteristics.Corey: In a similar note, I know that the term is apparently, at least this week on Twitter, being argued against, but what about cloud repatriation? A lot of noise has been made about people moving workloads from public cloud back to private cloud. And the example they always give is Dropbox moving its centralized storage service into an on-prem environment, and the second example is basically a pile of tumbleweeds because people don’t really have anything concrete to point at. Does that align with your experience? Is there a, I guess, a hidden wave of people doing a reverse cloud migration that just doesn’t get discussed?Sanjay: I think there’s a couple of phenomenons, Corey, that we watch here. Now, clearly a company of the scale of Dropbox has economics on data and storage, and I’ve talked to Drew and a variety of the folks there, as well as Box, on how they think about this because at that scale, they probably could get some advantages that I’m sure they’ve thought through in both the engineering and the cost. I mean, there’s both engineering optimization and costs that I’m sure Drew and the folks there are thinking through. But there’s a couple of phenomena that we do—I mean, if you go back to, I think, maybe three or four quarters ago, Brian Moynihan, the CEO of Bank of America, I think in 2019, mid to late 2019 made a statement in his earnings call, he was asked, “How do you think about cloud?” And he said, “Listen, I can run a private cloud cheaper and better than any of the public clouds, and I save 240%,” if I remember the data right.Now, his private cloud and Bank of America is a key customer [unintelligible 00:15:04] of us, we find that some of the bigger companies at scale are able to either get hardware at really good pricing, are able to engineer—because they have hundreds of thousands—they’re almost mini VMware, right, [unintelligible 00:15:18] themselves because they’ve got so many engineers. They can do certain things that a company that doesn’t want to hire those many—companies, Pinterest, Airbnb may not do. So, there are customers who are going to basically say, even prior to repatriation, that the best opportunity is a private cloud. And in that place, we have to work with our private cloud partners, whether it’s Dell or others, to make sure that stack of hardware from them plus the software VMware in the containers on top of that is as competitive and is best cost of ownership, best ROI. Now, when you get to your second—your question around repatriation, what we have found in certain regions outside the US because of sovereign data, sovereign clouds, sometimes some distrust of some of those countries of the US public cloud, are they worried about them getting too big, fear by monopoly, all those types of things, lead certain countries outside the US to think about something that they would need that’s sovereign to their country.And the idea of sovereign data and sovereign clouds does lead those to then investing in local cloud providers. I mean, for example in France, there is a provider called OVH that’s kind of trying to do some of that. In China, there’s a whole bunch of them, obviously, Alibaba being the biggest. And I think that’s going to continue to be a phenomenon where there’s a [federated said 00:16:32], we have a cloud provider program with this 4000 cloud providers, Corey, who built their stack on VMware; we’ve got to feed them. Now, while they are an individual revenue way smaller than the public clouds were, but collectively, they represent a significant mass of where those countries want to run in a local cloud provider.And from our perspective, we spent years and years enabling that group to be successful. We don’t see any decline. In fact, that business for us has been growing. I would have thought that business would just completely decline with the hyperscalers. If anything, they’ve grown.So, there’s a little bit of the rising tide is helping all boats rise, so to speak. And the hyperscaler’s growth has also relied on many of these, sort of, sovereign clouds. So, there’s repatriation happening; I think those sovereign clouds will benefit some, and it could also be in some cases where customers will invest appropriately in private cloud. But I don’t see that—I think if anything, it’s going to be the public cloud growing, the private cloud, and edge cloud growing. And then some of these, sort of, country-specific sovereign clouds also growing. I don’t see this being in a huge threat to the public cloud phenomena that we’re in.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself. Make one of them go away. To learn more, visit lumigo.io. Corey: I want to very clear, I think that there’s a common misconception that there’s this, somehow, ongoing fight between all the cloud providers, and all this cloud growth, and all this revenue is coming at the expense of other cloud providers. I think that it is simultaneously workloads that are being migrated from on-premises environments—yes—but a lot of it also feels like it’s net-new. It’s not just about increasingly capturing ever larger portions of the market but rather about the market itself expanding geometrically. For a long time, it felt like that was what tech was doing. Looking at the global IT spend numbers coming out of Gartner and other places, it seems like it’s certainly not slowing down. Does that align with your perception of it? Or are there clear winners and losers that are I guess, differentiating out?Sanjay: I think, Corey, you’re right. I think if you just use some of the data, the entire IT market, let’s just say it’s about $1 trillion, some estimates have it higher than that. Let’s break it down a little bit. Inside that 1 trillion market it is growing—I mean, obviously COVID, and GDP declined last year in calendar 2020 did affect overall IT, but I think let’s assume that we have some kind of U-shape or other kind of recovery, going into the second half of certainly into next year; technology should lead GDP in terms of its incline. But inside that trillion-dollar market, if you add up the SaaS market, it’s about $115 billion market.And these are companies like Salesforce, and Adobe, and Workday, and ServiceNow. You add them all up, and those are growing, I think the numbers were in the order of 15 or 20% in aggregate. But that SaaS market is [unintelligible 00:19:08]. And that’s growing, certainly faster than the on-prem applications market, just evidenced by the growth of those companies relative to on-premise investments in SAP or Oracle. And then if you look at the infrastructure market, it’s slightly bigger, it’s about $125 billion, growing slightly faster—20, 25%—and there you have the companies like AWS, Azure, and Google, and Alibaba, and whoever have you. And certainly, that growth is faster than some of the on-premise growth, but it’s not like the on-premise folks are declining. They’re growing at slower paces.Corey: It is harder to leave an on-premise environment running and rack up charges and blow out the bill that way, but it—not impossible, I suppose, but it’s harder to do than it is in public cloud. But I definitely agree that the growth rate surpasses what you would see if it were just people turning things on and forgetting to turn them off all the time.Sanjay: Yeah, and I think that phenomenon is a shift in spending where certainly last year we saw more spending in the cloud than on-premise. I think the on-premise vendors have a tremendous opportunity in front of them, which is to optimize every last dollar that is going to be spent in the data centers, private cloud. And between us and our partners like Dell and others, we’ve got to make sure we do that for our customer base that we’ve accumulated over last 10, 15 years. But there’s also a significant investment now moving to the edge. When I look at retailers, CPG companies—consumer packaged good companies—manufacturers, the conversation that I’m having with their C-level tech or business executives is all about putting compute in the stores.I mean, listen, what is the retailer concerned about? Fraud, and some of those other things, and empowering a quick self-service experience for a consumer who comes in and wants to check out of a Safeway or Walmart really quickly. These are just simple applications with local compute in the store, and the more that we can make that possible on top of almost like a nano data center or micro data center, running in the store with those applications resident there, talking—you know, you can’t just take all of that data, go back and forth to the cloud, but with resident services and capability right there, that’s a beautiful opportunity for the VMware and the Dells of the world. And that’s going to be a significant place where I think you’re going to see expansion of their focus. The Edge market today is I think, projected to be about $6 or $8 billion this year, and growing to $25 billion the next four or five years.So, much smaller than the previous numbers I shared—you know, $125, $115 billion for SaaS and IaaS—but I think the opportunity there, especially these industries that are federated: CPG, consumer packaged goods, manufacturing, retail, and logistics, too—you know, FedEx made a big announcement with VMware and Dell a few months ago about how they’re thinking about putting compute and local infrastructure at their distribution sites. I think this phenomenon, Corey, is going to happen in a number of different [unintelligible 00:21:48], and is a tremendous opportunity. Certainly, the public cloud vendors are trying to do that with Outposts and Azure Stack, but I think it does favor the on-premise vendors also having a very strong proposition for the edge cloud.Corey: I assumed that the whole discussion with FedEx started by someone dramatically misunderstanding what it meant to ship code to production.Sanjay: [laugh]. I mean, listen, at the end of the day, all of these folks who are in traditional industries are trying to hire world-class developers—like software companies—because all of them are becoming software companies. And I think the open-source movement, and all of these ways in which you have a software supply chain that’s more modernized, it’s affecting every company. So, I think if you went into the engineering product teams of Rob Carter, who runs technology for FedEx, you’ll find them and they may not have all of the sophistication as a world-class software company, but they’re getting increasingly very much digital in their focus of next generation. And same thing with UPS.I was talking to the CEO of UPS, we had her come and speak at our kickoff. It’s amazing how much her lingo—she was the former CFO of Home Depot—I felt like I was talking to a software executive, and this is the CEO of UPS, a logistics company. So, I think increasingly, every company is becoming a software company at their core. And you don’t need to necessarily know all the details of containers and virtualization, but you need to understand how software and digital transformation, how technology can power your digital transformation.Corey: One thing that I’ve noticed the more I get to talk to people doing different things in different roles was, at first I was excited because I get to talk to the people where they’re really doing it right and everything’s awesome. And I’ve increasingly of the opinion that those sites don’t actually exist. Everyone talks about the great thing is that they’re doing and aspirationally in certain areas in the terms of conference-ware, but you get down into the weeds, and everyone views their environment as being a burning tire fire of sadness and regret. Everyone thinks other people are doing it way better than they are. And in some cases they’re embarrassed about it, in some cases they’re open about it, but I feel like we’re still in the early days where no one is doing things in the quote-unquote, “Right ways,” but everyone thinks everyone else is.Sanjay: Yeah, I think, Corey, that’s absolutely right. We are very much early days in all of this phenomenon. I mean, listen, even the public cloud, Andy himself would say it’s [laugh]—he wouldn’t say it’s quite day one, but he would say it’s very early [unintelligible 00:24:03], even though they’ve had 15 years of incredible success and a $50 billion business. I would agree. And when you look at the customers and their persona—when I ask a CIO what percentage of—of an established company, not one of the modern ones who are built all cloud-native—but what percentage of your workloads are in a public cloud versus private cloud, the vast majority is still in a data center or private cloud.But with the intent—if it’s 90/10, let’s say 90 private 10—for that to become 70/30, 50/50. But very rarely do I hear a one of these large companies say it’s going to be 10/90 the opposite way in three, five years. Now, listen, I think every company as it grows that is more modern. I mean the Zooms of the world, the Modernas, the Airbnbs, as they get bigger and bigger, they represent a completely new phenomenon of how they are building applications that are all cloud-native. And the beautiful thing for me is just as a former engineering and developer, I mean, I grew up writing code in C, and C++ and then came BEA WebLogic, and IBM WebSphere, and [JGUI 00:25:04].And I was so excited for these frameworks. I’m not writing code, thankfully, anymore because it would create lots of problems if I did. But when I watched the phenomena, I think to myself, “Man, if I was a 22 year old entering the workforce now, it’s one of the most exciting times to write code and be a developer because what’s available to you, both in the combination of these cloud frameworks and open-source frameworks, is immense.” To be able to innovate much, much faster than we did 25, 30 years ago when I was a developer.Corey: It’s amazing there’s the pace of innovation, if cloud has changed nothing else, from my perspective, it’s been the idea that you can provision things without these hefty waiting periods. But I want to shift gears slightly because we’ve been talking about cloud for a bit in the context of infrastructure, and containers, and the rest, but if we start moving up the stack a little bit, that’s also considered cloud, which just seems to have that naming problem of namespace collision, just to confuse folks. But VMware is also active in this space, too. You’ve got things like Workspace ONE, you’ve got a bunch of other endpoint options as well that are focused on the security space. Is that aligned?Is that just sort of a different business unit? How does that, I guess, resonate between the various things that you folks do? Because it turns out, you’re kind of a big company, and it’s difficult to keep it all straight from an external perspective.Sanjay: Well, I think—listen, we’re roughly a little less than $12 billion in revenue last year. You can think of us in two buckets: everything in the first bucket is all that we talked about. Think of that as modernization of applications and cloud infrastructure, or what people might think about PaaS and IaaS without the underlying hardware; we’re not trying to build servers and storage and networking at the hardware level, you know, and so and so. But the software layer is about, that’s the first conversation we had for the last 15, 20 minutes. The second part of our business is where we’re touching end-users and infrastructure, and securing it.And we think that’s an important part because that also is something through software, and the cloud could be optimized. And we’ve had a long-standing digital workspace. In fact, when I came to VMware, it was the first business I was running in terms of all the products and end-user computing. And our thesis was many of the current tools, whether it’s the virtual desktop technology that people have from existing vendors, or even today, the security tools that they use is just too cumbersome. It’s too heavy.In many cases, people complain about the number of agents they have on their laptops, or the way in which they secure firewalls is too expensive and too many. We felt we could radically—VMware gets involved in problems where we can radically simplify thing with some disruptive innovation. And the idea was, first in the digital workspace was to radically reduce cost with software that was built for the cloud. And Workspace ONE and all of those things radically reduce the need for disparate technologies for virtual desktops, identity management, and endpoint management. We’ve done very well in that.We’re a leader in that segment, if you look at any of the analysts ratings, whether it’s Gardner or others. But security has been a more recent phenomenon where we felt like it leads us very quickly into securing those laptops because on those same laptops, you have antivirus, you have a variety of tools, and on the average, the CSOs, the Chief Security Officers tell me they have way too many agents, way too many consoles, way too many alerts, and if we could reduce that and have a single agent on a laptop, or maybe even agentless technology that secure this, that’s the Nirvana. And if you look at some of the recent things that have happened with SolarWinds, or Petya, WannaCry in the past, security’s of top concern, Corey, to boards. And the more that we could do to clean that up, I think we can emerge—which we’re already starting to—as a cybersecurity layer. So, that’s a smaller part of our business, but, I mean, it’s multi-billion now, and we think it’s a tremendous opportunity for us to take what we’re doing in workspace and security and make that a growth vector.So, I think both of these core areas, the cloud infrastructure, and modern applications—topic number one—workspace and security—topic number two—I’m both tremendous opportunities for VMware in our journey to grow from a $12 billion company to one day, hopefully, a $20 billion company.Corey: Would that we all had such problems, on some level. It’s really interesting seeing the evolution of companies going from relatively small companies and humble beginnings to these giant—I guess, I want to use the term Colossus, but I’m not sure if that’s insulting or [laugh] not—it’s phenomenal just to see the different areas of business that VMware has expanded into. I mean, I’ve had other folks from your org talking about what a Tanzu is or might be, so we aren’t even going to go down that rabbit hole due to time constraints at this point, but one thing that I do want to get into, slightly, has been a recurring theme in the show, which is where does the next generation of leaders come from? Where do the next generation engineers come from? And you’ve been devoting a bit of time to this. I think I saw one of your YouTube videos somewhat recently about your leadership values. Talk to me a little bit about that.Sanjay: Yeah. Corey, listen, I’m glad that we’re closing out this on some of the soft topics because I love talking to you, or other talented analysts and thought leaders around technology. It’s my roots; I’m a technical person at heart. I love technology. But I think the soft stuff is often the hard stuff.And the hard stuff is often the soft stuff. And what I mean by that is, when all this peels away, what your lasting legacy to the company are the people you invest in, the character you build. And, I mean, as an immigrant who came to this country, when I was 18 years old, $50 in my pocket, I was very fortunate to have a scholarship to go to a really nice University, Dartmouth College, to study computer science. I mean, I grew up in India and if it wasn’t for the opportunity to come here on a scholarship, I wouldn’t have [been here 00:30:32]. So, everything I consider a blessing and a learning opportunity where I’m looking at the advent of life as a growth mindset: what can I learn? And we all need to cultivate more and more aspects of that growth mindset where we move from being know-it-alls to learn-it-alls.And one of the key things that I talk about—and all of your listeners on this, listening to this, I welcome to go to YouTube and search Sanjay Poonen and leadership, it’s a 10-minute video—I’ll pick one of them. Most often as we get higher and higher in an organization, leaders tend to view things as a pyramid, and they’re kind of like this chief bird sitting at the top of the pyramid, and all these birds that are looking—below them on branches are looking up and all they see is crap falling down. Literally. That’s what happens when you look at the bird up. And our job as leaders is to invert that pyramid.And to actually think about the person who is on the front lines. In a software company, it’s an engineer and a sales rep. They are the folks on the frontline: they’re writing code or selling code. They are the true people who are making things happen. And when we as leaders look at ourselves as the bottom of the pyramid—some people call that, “Servant leadership.”Whatever way you call it, the phrase isn’t the point—the point is, invert that pyramid and to take obstacles out of people from the frontline. You really become not interested as much around what your own personal wellbeing, it’s about ensuring that those people in the middle layers and certainly at the leaf levels of the organization are enormously successful. Their success becomes your joy, and it becomes almost like a parent, right? I mean, Corey, you have kids; I’ve got kids. Imagine if you were a parent and you were jealous of your kid’s success.I mean, I want my three children, my daughter, my two children to do better than me, running races or whatever it is that they do. And I think as a leader, the more that we celebrate the successes of our teams and people, and our lasting legacy is not our own success; it’s what we have left behind, other people. I’ve say often there’s no success without successors. So, that mindset takes a lot of work because the natural tendency of the human mind and the human behavior is to be selfish and think about ourselves. But yeah, it’s a natural phenomenon.We’re born that way, we live in act that way, but the more that we start to create that, then taking that not just to our team, but also to the community allows us to build a better society. And that’s something I’m deeply passionate about, try to do my small piece for it, and in fact, I’m sometimes more excited about these topics of leadership than even technology.Corey: It feels like it’s the stuff that lasts; it has staying power. I could record a video now about technology choices and how to work with those technologies and unless it’s about Git, it’s probably not going to be too relevant in 10 years. But leadership is one of those eternal things where it’s, once you’ve experienced a certain level of success, you can really see what people do with that the people that I like to surround myself with, generally make it a point to send the elevator back down, so to speak.Sanjay: I agree, Corey, it’s—glad that you do it. I’m always looking for people that I can learn from, and it doesn’t matter where they are in society. I mean, I think you often—I mean, this is classic Dale Carnegie; one of the books that my dad gave to me at a young age that I encourage everyone to read, How to Win Friends and Influence People, talked about how you can detect a person’s character based on the way they treat the receptionist, or their assistants, the people who might be lower down the totem pole from them. And most often you have people who kiss up and kick down. And I think when you build an organization that’s that typical.A lot of companies are built that way where they kiss up and kick down, you actually have an inverted sense of values. And I think you have to go back to some of those old-school ways that Dale Carnegie or Steven Covey talked about because you don’t have to build a culture that’s obnoxious; you can build a company that’s both nice and competitive. It doesn’t mean that anything we’ve talked about for the last few minutes means that I’m any less competitive and I don’t want to beat the competition and win a deal. What you can do it nicely. And even that’s something that I’ve had to grow in.So, I think when we all look at ourselves as sculptures, work in progress, and we’re perfecting our craft, so to speak, both on the technical front, and the product front and customer relationship, but then also on the leadership and the personal growth front, we actually become both better people and then we also build better companies.Corey: And sometimes that’s really all that we can ask for. If people want to learn more about what you have to say and get your opinion on these things, okay can they find you?Sanjay: Listen, I’m very approachable. You can follow me on Twitter, I’m on LinkedIn [unintelligible 00:34:54], or my email spoonen@vmware.com. I’m out there.I read voraciously, and probably not as responsive, sometimes, but I try—certainly, customers will hear from me within 24 hours because I try to be very responsive to our customers. But you can connect with me on social media. And I’m honored to be on your show, Corey. I’ve been reading your stuff since it first came out, and then, obviously, a fan of the way you’re thinking about things. Sometimes I feel I need to correct your opinion, and some of that we did today. [laugh]. But you’ve been very—Corey: Oh, I would agree. I come out of this conversation with a different view of VMware than I went into it with. I’m being fully transparent on that.Sanjay: And you’ve helped us. I mean, quite frankly, your blogs and your focus on this and, like, is the V in VMware, like, a bad word? Is it legacy? It’s forced us to think, so I think it’s iron sharpens iron. I’m very delighted that we connected, I don’t know if it was a year or two years ago.And I’ve been a fan; I watch the stuff that you do at re:Invent, so keep going with what you’re doing. I think all of what you write and what you talk about is hopefully making an impact on people who read and listen. And look forward to continuing this dialogue, not just with me, but I think you’re talking to other people in VMware in the future. I’m not the smartest person at VMware, but I’m very fortunate to be [laugh] surrounded by many of them. So hopefully, you get to talk to them, also, in the near future.Corey: [laugh]. I will, of course, will put links to all that in the [show notes 00:36:11]. Thank you so much for taking the time to speak with me today. I really appreciate it.Sanjay: Thanks, Corey, and all the best of you and your organization.Corey: Sanjay Poonen, Chief Operating Officer of VMware, I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice, along with a condescending comment telling me that in fact, it is a best practice to ship your code to production via FedEx.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.This has been a HumblePod production. Stay humble.

En Tercos Inédito, te traemos los mejores segmentos nunca publicados de nuestras entrevistas. Hoy, grandes lecciones del inversionista argentino de Zoom, Santi Subotovsky; la emprendedora belga fundadora de Woom, Laurence Fontinoy; y el fundador español de Bitnami y tras su venta hoy ejecutivo de VMWare, Daniel López.  SÚMATE A LA COMUNIDAD TERCA ¡No nos abandones, que nuestros gastos siguen! Aporta unos dólares por mes y participa en la Videoconferencia Terca y el Slack Terco. Súmate aquí. RECOMIÉNDANOS Escribe una reseña en Apple Podcasts. Síguenos en Spotify. ESTAMOS EN ELVALLEDELOSTERCOS.COM Y en Twitter, Facebook y LinkedIn. MÚSICA Pablo Calvi y su banda Demon Verlaine. LOCUCIÓN Alejandra Delimia EDICIÓN MULTIMEDIA Mariano Graglia LOS #TERCOS SOMOS Fernando Franco y Diego Graglia ¡TE QUEREMOS! #startups #emprendedores #latinos #SiliconValley #innovación #inspiración

Kris is a leading CMO whose sweet spot has been getting companies into a position so they can be acquired or IPO: she has contributed to seven acquisitions and two IPO filings. This expertise requires moving fast and aligning quickly the marketing teams to new objectives. In this episode, she shares the playbook she used at LogDNA and Bitnami. This playbook includes: a full day offsite to map the team's new roles, have distributed teams act as one, and send grocery cards! Don't wait for an exit or IPO to apply this battle-tested strategy and start aligning your team now! Follow Kris here on LinkedIn! And let's connect and continue the conversation here on LinkedIn too!

Kris Bondi is a seasoned marketing professional with more than 20 years of international marketing experience. Kris brings her history of creating hockey stick adoption, prominent brand reputation, and substantial mindshare to her role. Kris has served as a marketing leader for companies such as LogDNA, Bitnami, Iron.io, Moka5, TIBCO and Mashery. Prior to that, Kris advised global brands on GTM and strategic positioning where her clients included Visa, Starbucks, NEC and Qlik. Kris holds a BA in communications rhetoric and political science from the University of Pittsburgh. Connect with Kris: https://www.linkedin.com/in/krisbondi/ https://twitter.com/kbondi Connect with Poya Osgouei: LinkedIn: https://www.linkedin.com/in/poyaosgouei/ Twitter: https://twitter.com/IamPoya Connect with Robby Allen: Linkedin: https://www.linkedin.com/in/robbyallen/ Twitter: https://twitter.com/_RobbyAllen --- Support this podcast: https://anchor.fm/uncharted1/support

Bootstrapear en Silicon Valley como extranjero, sin inversionistas, alcanzando ventas por millones de dólares y terminar siendo adquirido por un gigante. Esta historia ni Disney la imaginó. El español Daniel López y su cofundadora, Erica Brescia, vendieron su startup, Bitnami, a VMware.  Fue un recorrido lleno de incertidumbre.  En este episodio Daniel nos cuenta la historia y que hubiera hecho diferente, aún cuando tuvo un final feliz.   SÚMATE A LA COMUNIDAD No estaríamos acá sin la Comunidad Terca, las personas que aportan unos dólares por mes en Patreon. ¡Gracias por estar ahí! Súmate para tener acceso a la Comunidad Terca en Slack y la videoconferencia mensual. Súmate aquí. RECOMIÉNDANOS Escribe una reseña en Apple Podcasts. ESTAMOS EN ELVALLEDELOSTERCOS.COM Y en Twitter, Facebook, LinkedIn, Instagram. MÚSICA Pablo Calvi y su banda Demon Verlaine. EDICIÓN MULTIMEDIA Mariano Graglia LOS #TERCOS SOMOS Fernando Franco y Diego Graglia ¡TE QUEREMOS! #startups #emprendedores #latinos #SiliconValley #innovación #inspiración  

It sounds pretty basic, but getting your infrastructure ready for modern apps, and centrally managing your clouds and cluster requires a modernized app platform. And that's exactly what we explored with Dell Technologies in our series of five recordings scheduled to start tomorrow. Dell Technologies and VMware are making continued investment in the cloud native market. It's perhaps most apparent with the acquisition of companies such as Heptio, Wavefront, Bitnami, and most recently Pivotal. It's now transformed into initiatives using Dell Technologies' and VMware's Tanzu solution portfolio. VMware Tanzu is built upon the company's infrastructure products and technologies that Pivotal, Heptio, Bitnami, Wavefront, and other VMware teams bring to this new portfolio of products and services.

Docker y Kubernets son dos tecnologías que permiten automatizar el despliegue de aplicaciones tanto en la nube como localmente ofreciendo un control absoluto de toda la infraestructura de forma sencilla y compacta. Para saber cómo dar los primeros pasos con Docker y Kubernetes contamos con Carlos Sánchez Cazorla, Director de ingeniería en Bitnami (ahora VMWare), […] Lee la entrada completa en Docker y Kubernetes 101.

Si chacun à son rôle à jouer dans le paysage des nouvelles technologies, il y a les Robin, et les Batman. Parmi ceux-ci, on peut sans contester citer VMware qui a considérablement bouleversé le monde de la machine virtuelle. Enfin, je vous parle de ça, c'était hier, et c'était il y a 20 ans.Critiqué par certains pour son modèle économique, VMware n'en reste pas moi un acteur majeur de l'open source, et ses contributions y sont innombrables. Ce n'est pas non plus une société qui reste sur ses acquis : son intérêt pour les conteneurs, puis pour Kubernetes ; les achats d'Heptio, de Bitnami et de Pivotal sont autant de signes qui nous laissent présager que le vent tourne !Et c'est d'ailleurs bien le cas : au travers du projet Pacifique et de Tanzu, VMware est en train de se transformer et de se réinventer. Projet Pacifique, Tanzu, pourquoi tant de noms mystérieux qui nous invitent au voyage ? Et plus important encore : qu'est-ce qui se cache derrière ces projets aux noms si évocateurs ?Dans cet épisode je reçois Eric de Witte. Eric est solution architecte chez VMware, et vient (un peu) lever le voile sur ce que cache Tanzu. Prêt à entrer dans le terrier du lapin vert ?Support the show (https://www.patreon.com/electromonkeys)

Depuis 2014, les applications Serverless conçues autour des fonctions (du FaaS pour Function as a Service) sont de plus en plus populaires. Et pour cause, nos infrastructures sont de plus en plus fréquemment capable de réagir à des évènements.S'ils sont récents, les frameworks de Function as a Service n'en connaissent pas moins une rapide évolution, et si Amazon Lambda reste leader du marché, Google, Microsoft, VMware et d'autres ne sont pas en reste.Parmi eux, Knative, créé par Google et soutenu par Redhat, IBM, Pivotal, Dropbox et bien d'autres semble devenir un concurrent sérieux dans le paysage. Knative est open source, il est construit sur Kubernetes, n'a pas de lock-in, et peut donc être utilisé à même votre centre de données.Dans cet épisode je reçois Sébastien Goasguen. Sébastien a été le créateur de Kubeless, la plateforme de Function as a Service de Bitnami, et il est aujourd'hui le co-fondateur de Triggermesh, une plateforme serverless d'intégration de services cloud basée sur Knative.Support the show (https://www.patreon.com/electromonkeys)

We debate the dangers and advantages of one-click deployments. Then Dan from elementary OS shares an AppCenter for Everyone update. Plus a big batch of feedback that kicks off some wide-ranging discussions. Special Guests: Daniel Fore and Neal Gompa.

Solid releases from GNOME and Firefox, bad news for custom Android ROM users, and a new container distro from Amazon. Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Solid releases from GNOME and Firefox, bad news for custom Android ROM users, and a new container distro from Amazon. Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Solid releases from GNOME and Firefox, bad news for custom Android ROM users, and a new container distro from Amazon. Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Descubrimos los aspectos fundamentales de Laravel, un framework PHP que nos hará la vida más fácil a la hora de construir aplicaciones web. Y para hacernos fácil nuestro aprendizaje, contamos con Carlos Sánchez Cazorla, Director de ingeniería en Bitnami (ahora VMWare), que nos ayudará a dar los primeros pasos con el framework y a empezar […] Lee la entrada completa en Laravel 101.

A warm welcome to John Harris who will be joining us for his first time on the show today to discuss our exciting topic, CI and CD in cloud native! CI and CD are two terms that usually get spoken about together but are actually two different things entirely if you think about them. We begin by getting into exactly what these differences are, highlighting the regulatory aspects of CD in contrast to the future-focussed nature of CI. We then move on to a deep exploration of their benefits in optimizing processes in cloud native space through automation and surveillance from development to production environments. You’ll hear about the benefits of automatic building in container orchestration, the value of make files and local test commands, and the evolution of CI from its ‘rubber chicken’ days with Martin Fowler and Jez Humble. We take a deep dive into the many ways that containers differ from regular binary as far as deployment methods, build speed, automation, run targets, realtime reflections of changes, and regulation. Moreover, we talk to the challenges of transitioning between testing and production environments, getting past human error through automation, and using sealed secrets to manage clusters. We also discuss the benefits and drawbacks of different CI tools such as Kubebuilder, Argo, Jenkins X, and Tekton. Our conversation gets wrapped up by looking at some of the exciting developments on the horizon of CI and CD, so make sure to tune in! Follow us: https://twitter.com/thepodlets Website: https://thepodlets.io Feeback: info@thepodlets.io https://github.com/vmware-tanzu/thepodlets/issues Hosts: Bryan Liles Nicholas Lane Key Points From This Episode: • The difference between CI and CD.• Understanding the meaning of CD: ‘continuous delivery’ and ‘continuous deployment’.• Building an artifact that can be deployed in the future is termed ‘continuous integration’.• The benefits of continuous integration for container orchestration: automatic building.• What to do before starting a project regarding make files and local test commands.• Kubebuilder is a tool that scaffolds out the creation of controllers and web hooks.• Where CI has got to as far as location since its ‘rubber chicken’ co-located days.• The prescience of Martin Fowler and Jez Humble regarding continuous integration.• The value of running tests in a CI process for quality maintenance purposes.• What makes containers great as far as architecture, output, deployment, and speed.• The benefits of CD regarding deployment automation, reflection, and regulation.• Transitioning between testing and production environments using targets, clusters, pipelines.• Getting past human error through automation via continuous deployment.• What containers mean for the traditional idea of environments.• How labeling factors into the simplicity of transitioning from development to production.• What GitOps means for keeping track of changes in environments using tags.• How sealed secrets stop the need to change an app when managing clusters.• The tools around CD and what a good CD system should look like.• Using Argo and Spinnaker to take better advantage of hardware.• How JenkinsX helps mediate YAML when installing into clusters.• Why the customizable nature of CI tools can be seen as negative.• The benefits of using cloud native-built tools like Tekton.• Perspectives on what is missing in the cloud native space.• A definition of blue-green deployments and how they operate in service meshes.• The business abstraction elements of CI tools that are lacking.• Testing and data storage-related aspects of CI/CD that need to be developed. Quotes: “With the advent of containers, now it’s as simple as identifying the images you want and basically running that image in that environment.” — @bryanl [0:18:32] “The whole goal whenever you’re thinking about continuous delivery or continuous deployment is that any human intervention on the actual moving of code is a liability and is going to break.” — @bryanl [0:21:27] “Any time you’re in developer tooling, everyone wants to do something slightly differently. All of these tools are so tweak-able that they become so general.” — @johnharris85 [0:34:23] Links Mentioned in Today’s Episode: John Harris — https://www.linkedin.com/in/johnharris85/Jenkins — https://jenkins.io/CircleCI — https://circleci.com/Drone — https://drone.io/Travis — https://travis-ci.org/GitLab — https://about.gitlab.com/Docker — https://www.docker.com/Go — https://golang.org/Rust — https://www.rust-lang.org/Kubebuilder — https://github.com/kubernetes-sigs/kubebuilderMartin Fowler — https://martinfowler.com/Jez Humble — https://continuousdelivery.com/about/David Farley — https://dfarley.com/index.htmlAMD — https://www.amd.com/enIntel — https://www.intel.com/content/www/us/en/homepage.htmlWindows — https://www.microsoft.com/en-za/windowsLinux — https://www.linux.org/Intel 386 — http://www.computinghistory.org.uk/det/6192/Introduction-of-Intel-386/386SX — https://www.computerworld.com/article/2475341/flashback--remembering-the-386sx.html386DX — https://en.wikipedia.org/wiki/Intel_80386Pentium — https://www.intel.com/content/www/us/en/products/processors/pentium.htmlAMD64 — https://www.webopedia.com/TERM/A/AMD64.htmlARM — https://en.wikipedia.org/wiki/ARM_architectureTomcat — http://tomcat.apache.org/Netflix — https://www.netflix.com/za/GitOps — https://www.weave.works/technologies/gitops/Weave — https://www.weave.works/Argo — https://www.intuit.com/blog/technology/introducing-argo-flux/Spinnaker — https://www.spinnaker.io/Google X — https://x.company/Jenkins X — https://jenkins.io/projects/jenkins-x/YAML — https://yaml.org/Tekton — https://github.com/tektonCouncourse CI — https://concourse-ci.org/ Transcript: EPISODE 11 [INTRODUCTION] [0:00:08.7] ANNOUNCER: Welcome to The Podlets Podcast, a weekly show that explores Cloud Native one buzzword at a time. Each week, experts in the field will discuss and contrast distributed systems concepts, practices, tradeoffs and lessons learned to help you on your cloud native journey. This space moves fast and we shouldn’t reinvent the wheel. If you’re an engineer, operator or technically-minded decision maker, this podcast is for you. [EPISODE] [00:00:41] BL: Back to the Kubelets Podcast, episode 11. I’m Bryan Liles, and today we have Nicholas Lane. [00:00:50] NL: Hello! [00:00:51] BL: And joining us for the first time, we have John Harris. [00:00:55] JH: Hey everyone. How is it going? [00:00:56] BL: All right! So today we’re going to talk about CI and CD in cloud native. I want to start this off with this whole term CI and CD. We talk about them together, that are two different things almost entirely if you think about them. But CI stands for continuous integration, and then we have CD. What does CD stand for? [00:01:19] NL: Compact disk. [00:01:20] BL: Right. True, and actually I’ve used that term before. I actually do agree. But what else does CD stand for? [00:01:28] NL: It’s continuous deployment right? [00:01:30] BL: Yeah, and? [00:01:31] JH: Continuous delivery. [00:01:32] NL: Oh! I forgot about that one. [00:01:35] BL: Yeah, that’s the interesting thing, is that as we talk about tech and we give things acronyms, CD is just a great one. Change in directories, compact disk, continuous delivery and continuous deployment. Here’s the bonus question, does anyone here know the difference between continuous delivery and continuous deployment? [00:01:58] NL: Now that’s interesting. [00:01:59] JH: I would go ahead and say continuous delivery is the ability to move changes through the pipeline, but you still have the ability to do human intervention at any stage, and usually deployments production and continuous delivery would be a business decision, whereas continuous deployment is no gating and everything just go straight to product. [00:02:18] BL: Oh, John! Gold start for you, because that is one of the common ones. I just like to bring that up because we always talk about CI and CD as they are just one thing, but they’re actually way bigger topics and we’ve already introduced three things here. Let’s start at the beginning and let’s talk about continuous integration, a.k.a CI. I’ll start off. We have CI, and what is the goal of CI? I think that we always get boggled down with tech terms and all these technology and all these packages from all these companies. But I’d like to boil CI down to one simple thing. The process of continuous integration is to build an artifact that can be deployed somewhere at some future date at some future time by some future person, process. Everything else is a detail of the system you choose to use. Whether you use Jenkins, or CircleCI, or Drone, or you built your own thing, or you’re using Travis, or any of the other online CI tools. At the end of the day, you’re building either – If you’re doing web development. Maybe you’re building out Docker files, because we’re in cloud native. I mean docker images, because we’re in cloud native. But if you’re not, maybe you’re just building JARs, WARs, or EARs, or a ZIP file, or a binary, or something. I’d just like to start off, start this off with there. Any more thoughts on continuous integration? [00:03:48] NL: Yeah. I think the only times that I’ve ever used something that’s like continuous integration is when I’ve been doing like more container orchestration, like development, things on top of like things like Kubernetes, for instance. The thing I really like about it is like the concept of being able to like, from my computer, save and do an automatic save and push to a local repo and have all of the pieces get built for me automatically somewhere else, and I just love that so much because it saves so much brain thinky juice to run every command to make the binary you need. [00:04:28] BL: So did you actually create those scripts yourself? [00:04:30] NL: Some of them. When I’ve used things like GitLab, I use the pipeline that exists there and just fiddled around with like a little bit of code, like some bash there, but like not too much because GitLab has a pretty robust pipeline. Travis — I don’t think I needed to actually. Travis had a pretty good just go make Docker build, scripts already templated out for you. [00:04:53] JH: Yeah. I’d like to tell people whenever you start any project, whether it’s big or small, especially if it’s on – Not on Windows. I’ll tell you something different if it’s on Windows. But if you’re developing on a Mac or developing on Linux, the first thing you should do in your project is create a make file or your programming language equivalent of a make file, and then in that make file what you should do is write a command that will build your software that runs its tests locally, and also builds – whatever the process is. I mean, if you’re running in Go, you do a Go build. If you’re using Rust, build with Rust, or C++, or whatever before you even write any code. The reason why is because the hardest part is making your code build, and if you leave that to the end, you’re actually making it harder on yourself. If your code build works from the beginning, all you have to do is change it to fit what you’re doing rather than thinking about it when it’s crunch time. [00:05:57] NL: I actually ran into that exact scenario recently, because I’ve been building some tooling around some Kubernetes stuff, and the first one I did, I built it all manually by hand. Then at the end I was like – I gave it to the person who wanted it and they’re like, “So, where’s the make file?” I’m like, “Where’s the what?” So I had go in and like fill in the make file, and that was a huge pain in the butt. Then recently the other thing I’ve been using is Kubebuilder. John, you and I have been talking about Kubebuilder quite a bit, but using Kubebuilder, and one of the things it does for you is it scaffolds out and a make file for you, and that was like going from me doing it by myself to having it already exist for you or just having it at the beginning was so much better. I totally agree with you, Brian. [00:06:42] BL: So quick point of order here. For those of us who don’t know what Kubebuilder is. What is Kubebuilder? [00:06:48] NL: Kubebuilder is a tool that was created by members of the Kubernetes Community to scaffold out the creation of controllers and web hooks. What a controller is in Kubernetes is a piece of software that waits, sort of watches a specific object or many specific objects and reconciles them. If they noticed that something has changed and you want to make an action based on that change, the controller does that for you. [00:07:17] JH: Okay. So it actually makes the action of working with CRDs and Kubernetes much easier than creating it all yourself. [00:07:26] NL: Correct. Yeah. So, for instance, the one that I made for myself was a tool that watched, updated and watched a specific CRD, but it wasn’t necessarily a controller. It was just like flagging on whether or not a change occurred, and I used the dynamic client, and that was a huge headache on of itself. Kubebuilder has like the ability to watch not just CRDs, but any object in Kubernetes and then reconcile them based on changes. [00:07:53] NL: It’s pretty great. [00:07:54] BL: All right. So back to CI. John, do you have any opinions on CI or anecdotes or anything like that? [00:07:59] JH: Yeah. I think one of the interesting things about the original kind of philosophy of CI outside of tooling was like trunk-based development that every develop changes get integrated into trunk as soon as possible. You don’t get into integration hell and rebasing. I guess it’s kind of interesting when you apply that to a cloud native landscape where like when that stuff came out with like Martin Fowler or Jez Humble probably 10, 15 years ago almost now, a lot of dev teams were co-located. You could do CI. I think there was a rubber chicken method where you didn’t use a tool. It was just whoever had the chicken that’s responsible for the build. Just to pull everyone else’s changes. But now it seems like everything is branch-based. When you look at a project like Kubernetes, there’s a huge number of contributors all geographically displaced, different time zones, lots of different branches and features going on at the same time. It’s interesting how these original principles of continuous integration from the beginning now apply to these huge projects in the cloud native landscape. [00:08:56] BL: Yeah, that’s actually a great point of how prescient Martin Fowler has been for many, many years, and even with Jez Humble being able to see these problems 10, 15 years ago and be able to describe them. I believe Jez Humble wrote the CD book, the continuous delivery book. [00:09:15] JH: Yeah, with David Farley, I think. [00:09:18] NL: Yeah. Yeah, he did. So, John, you brought up some good things about CI. I try to simplify everything. I think the mark of someone who really knows what they’re talking about is being able to explain everything in the simplest words possible, and then you can work backwards when people understand. I started off by saying that CI produces an artifact. I didn’t talk about branches or anything like that, or even the integration piece. But now let’s go into that a little bit. There are a lot of misconceptions about CI in general, but one of the things that we talk about is that you have to run test. No, you don’t have to run test, but should you? Yes, 100% of the time. Your CI process, your integration process should actually build your software and run the test, because running the test on this dedicated service or hardware wherever it is ensures that the quality of your software is there at least as much as your developers have insured the quality in the test. It’s very important those run, and a lot of bugs of course can be spotted by running a CI. I mean, we are all sorts of developers here, and I tell you what, sometimes I forget to run the test locally and CI catches me before a commit makes it into master and it has a huge typo or a whole bunch of print lines in there. Moving on here, thinking about CI and cloud native. Whenever you’re creating a cloud native app, have you ever thought about the differences between let’s say creating just a regular binary that maybe runs on a server, but not in a container on somebody’s cloud native stack, i.e. Kubernetes? Have you ever thought about the differences of things to think about? [00:11:04] BL: Yeah. So part of it is – I would imagine or I believe it’s like things like resource, like what resources you need or what architecture you’re deploying into. You need the binary to make like run in this – With containerization, it’s easy because you’re like, “I know that the container is going to be this architecture,” but you can’t necessarily guarantee that outside of a containerized world. I mean, I suppose you can being like with the right tooling setup you can be like, “I only want to run on this.” But that isn’t necessarily guaranteed, because any computer that runs on could be just whatever architecture that happens to land on, right? Also, something to – I think of is like how do you start processes on disparate computers in a controlled fashion? Something like, again, with containers, you can trust that the container runtime will run it for you. But without that, it seems like a much harder task. [00:12:01] NL: Yeah, I would agree. Then I said that containers in general just help us out, because most of our workloads go on some AMD or Intel 64 bit and it’s Linux. We know what our output is going to be. So it’s not like in the old days where you had to actually figure out what your run target was. I mean, that’s even on Intel stacks. I mean, I’m updating myself here where you had like – When the 386 was out and then you had the 386SX and the 386DX, there were different things there, and you actually compile your code different. Then when the 46 came out and then when we had introduction of Pentium chips, things were different. But now we can pretty much all target AMD64, and in some cases, I mean, there are some chip things like the bigger encryption things that are in the newer chips. But for the most part, we know what our deployed target is going to be. But the cool thing is also that we don’t have to have Intel or AMD64. It could be ARM32 or ARM64, and with the addition to a lot of the work that has been going on in Windows land lately, we can have Windows images. I don’t know so many people were doing that yet. I’m not out and part of the field, but I like that the opportunity is there. [00:13:25] JH: Oh! I think one of the interesting things is the deployment method as well. Now with containers, everything is kind of an immutable rip and replace. Like if we develop an application, we know that the old container is going to stop when I deploy a new one. I think Netflix were doing a little bit of this before containers and some other folks with like baking AMIs and using that immutable method. But I think before that it was if we had a WAR file, we had to throw it back into Tomcat, let Tomcat pick it up or whatever. Everything was a little bit more flaky in terms of deployment. We had to do a lot of checks around deployment rather than just bring something out, bring something back in blue/green, whatever. [00:13:59] BL: Well, I actually like that you brought that up, because that’s actually one of the greatest parts of this whole cloud native thing, is that when we’re using containers and we’re deploying with containers, we know what our file system is going to look like, because we created it. There would not be some rogue file or another configuration there that will trip up our deployment, because at build time, we’ve created the environment. It’s much better than that facility that Netflix was doing with baking AMIs. In a previous life, I actually ran the facility for baking AMIs at a large company where we had thousands of developers on more than a thousand dev teams, and we had a lot of spyware. Whenever you had to build an image, it was fine in one account, but if you had let’s say a thousand accounts with the way that AWS works and encrypted images, you actually had to copy all the images to all the accounts. It couldn’t actually boot it from your account. That process would literally take all night to get it done across all of our accounts. If you made a mistake, guess what? You get to do it again. So I am glad that we actually have this thing called a container and all these things based on CRI, the container runtime, that we are able to quickly build containers. I don’t want to just limit this conversation to continuous integration. Let’s get into the other parts too with deployment and delivery. What is so novel about CD and the cloud native world? [00:15:35] NL: I think to me it’s the ability to have your code or your artifact or whatever it is, whatever you’re working on. When you make a change, you can see the change reflected in reality, whatever your reality looks like, without your intervention. I mean, you might have had to set up all the pipelines and all that jargon, but when you press save in VS code and it creates a branch and runs all your tests and then deploys it for you or delivers it for you into what you’d define as reality, that’s just so nice, because it really kind of sucks having to do the like, “Okay, I’ve got a new deployment. Destroy the old deployment. Put in the new one or like rev the new image tag or whatever in the deployment you’re doing.” All these manual steps, again, thinky-brain juice, it takes pieces of your attention away, and having these pieces like added for you is just so nice. [00:16:30] BL: Yeah, what do you think, John? [00:16:32] JH: Yeah. I think just something in the state of DevOps we’ve bought one of the best predictors for a company’s success is like cycle time of feature from ideation to production. I think like the faster we can get that cycle – It kind of gets me interested. How long does an application take to build? If it takes two hours, how good are you at getting features out there quickly? Maybe one of the drivers with microservices, smaller pieces independently deployed, we can get features out to production quicker, because I think the name of the game is just about enabling developers to put the decision in the hands of the business to decide when the customer should see that feature. I think the tighter we can make that cycle, the better for everyone. [00:17:14] BL: Oh, no! I agree. I love and hate web services, but what I do like is the idea of making these abstractions smaller, and if the abstractions are smaller, it’s less code. A lot of the languages we use now are faster compiling, let’s say, a large C++ project. That could take literally two hours to compile. But now when we have languages like Go, and Rust is not as fast, but it’s not slow as well. Then we have all of our interpret languages, whether it’d be Python, or JavaScript, or TypeScript, where we can actually go from an idea, run the test in a few minutes and build this image that we can actually run and see it almost in real-time. Now with the complexity of the tools, I mean, the features that are built in the tools, we can now easily manage multiple deployment environments, because think about before, you would have a dev environment, and that would be the Wild West. That would be literally where it would be awful. You might have to rebuild it every couple of months. Then you would have staging, and then maybe you would have some kind of pre-prod environment just as like your final smoke test, and then you would have your production. Maintaining all the software on all those was extremely hard. But now with the advent of containers, now it’s as simple as identifying the images you want and basically running that image in that environment. I like where we’ve ended up. But with all power comes new problems, and just because we can deploy quicker means we just run into a lot of different problems we didn’t run into before. The first one that I’ll bring up is the complexity. Auto conversion between environments, so moving code between test staging and production. How do we do that? Any ideas before I throw some out there? [00:19:11] NL: I guess you would have different, or maybe the same pipeline but different targets for like if say you’re using something like Kubernetes. You could have one part of your pipeline deploy initially to this Kubernetes context, which points to like one cluster. It’s building up clusters by environment type and then deploying into those, running your tests, see if it runs properly and then switch over to the next context to apply that image tag and that information and then just go down the chain until you go to production. [00:19:44] BL: Well, that’s interesting. One thing I’d like to throw out there, and I’m not advocating any particular product. But the idea of having pipelines for continuous integration and your CD process is great, where you can now have gates and you can basically automate the whole thing. Code goes into CI and we built an artifact, and a message can go out automatically to an approver or not, and that message could say, “Hey! This code is going to be integrated into our trunk or our master branch.” They can either do it themselves manually as a lot of people do or they can actually maybe click on a link or check a checkbox and this gets integrated in. Then what automatically could happen at this point is, and I’ve seen a lot of companies doing this, is now we take that software and we spin up a new whole environment and we just install that software. For that one particular feature that you worked on, you can actually get an automatic environment for that. Then what we can do is we can take that environment itself and we can now merge this maybe into a staging branch or tag it with a staging label, and that automatically gets moved to staging. Depending on how complicated you are, how advanced you are, now you can actually have it go out to your product people or people who make decisions, maybe your executives, and they can view the software in whatever context it happens to be in. Then they can say, “Okay.” Now that’s when we’re talking about now we can hit okay and the software just keeps on moving to the pipeline and it gets into production. The whole goal here, and this is actually where your goal should be just in general whenever you’re thinking about continuous delivery or continuous deployment is that any human intervention on the actual moving of code is a liability and is going to break, and it’s going to break because on Friday afternoon at 5:25 PM, someone’s thinking about the weekend and they’re not thinking about code, and they’re going to break your build. Our goal is to build these delivery systems that are Friday afternoon proof. We can push code anytime. It doesn’t matter. We trust our process. [00:22:03] JH: I think it’s a great point about environments. I think back in the day, an environment used to be a set of machines, and then test used to be – staging was where there were kind of more stable versions of APIs and folks were more coordinated pushing things into them. What really is an environment? Like you said, when we push micro services or whatever service, we can spin up an entire Kubernetes cluster just for that service. We can set it up. We can run whatever tests we want. We could tear it down. With the advent of Elastic compute, and now containers, they really enabled this world where like the traditional idea of an environment and what constitutes an environment is starting to get a bit kind of sloppy and blend into each other. [00:22:42] BL: I like it though. I think it’s progress. [00:22:45] NL: I totally agree. The one that scares me but I also find like really interesting, is the idea of having all of your environments in one set of machines. So clusters. Having a multi-tenanted set of machines for like dev staging and production, they’re all running in the same place and they’re all just separated by like what configuration of like connectivity from different networking and things like that set up. When a user hits your website, bryanliles.com, they should go to the production images, but those are binaries, and those binaries should be running in the same space essentially as the development ones. It’s scary, but it’s also like allows for like some really fast testing and integration. I find it to be very fascinating. [00:23:33] BL: I mean that’s where we want to be. I find more often than not that people have separate clusters for dev and staging and production. But using the Kubernetes API, you don’t have to do that, because what we can do is we can force deployment or workload to a set of machines based on their label. That’s actually one of the very strong positives for Kubernetes. Forget all the complexity. One of the things that makes it easy is to say that I want this particular deployment to only live on my development machines. Well, which development machine? I don’t care. What if we increase our development pool size? We just re-label nodes. It doesn’t matter. Now we can just control that. When it comes down to controlling cost and complexity, this is actually one idea that Kubernetes is leading and just making it easier to actually use more of your hardware. [00:24:31] NL: Yeah. Absolutely. That’s so great because if you think about it from a CI/CD standpoint, at that point all you have to do is just change the label to where you’re applying this piece of code. So you’re like, “Node selector, label equals dev. Okay, now it’s staging. Okay, now it’s prod.” [00:24:47] BL: So this brings me into the next part of what I want to talk about or introduce to you all today. We’re on a journey as you probably can tell. Now whenever we have our CI process and we’re building and we’re deploying, where do we store our configurations? [00:25:04] NL: [inaudible 00:25:04]. [00:25:06] BL: Ever thought about that? [00:25:08] NL: Okay. I mean, in a Kubernetes perspective, you might be using something like etcd to sort of – But like everything else, what if you’re using Travis? [inaudible 00:25:16] store everything. Everything should be versioned, right? Everything should be – [00:25:20] BL: Yeah, 100%. [00:25:24] NL: I would store everything these as much as possible. Now, do I do that all the time? God, no! Absolutely not. I’m a human being after all. [00:25:32] BL: I mean, that’s what I actually want to bring up, is this concept of GitOps. GitOps was a coined term by my friend, Alexis, who works at Weave. I think Weave created this. Really what it’s about is instead of having – basically, Kubernetes is declarative, and our configurations can be declarative too, because what we can do is make sure is we can have tech space configurations, and for one reason it’s because tech space means it can be versioned. It can be diffs. We take those text versions and we put them in our same repository we put our code in. How do we know what’s in production at any given time or any given time in the past? We just look at the tags of what we did. We had a push at 5:15 on August 13th. Of course, this is 5:15, you could see time, because any other time doesn’t exist in the computer land. So what we could do is we could just basically tag that particular version as like 2019-08-13. If I said 5-17-55, and we call 01 just so we could have 100 deploys in a day. If we started doing that, now not only can we control what we have, but we can also know what was on in any given environment at any given time. Because with Git and with Mercurial and any other of these – Well, only the popular ones, with Git and Mercurial, you can definitely do this. Any given commit can have multiple tags. You could actually have a tag that hit dev and then a tag that, let’s say, hits staging, and then a tag that hit production, the exact same code but three different tags. So you know at any given time what happened. [00:27:18] JH: Yeah, the config thing is so important. I think that was another Jez Humble quote where it was like, “Give me three hours access to your code and I’ll break it. But give me 5 minutes with your configurations and I’ll break it.” Almost like every big bug is, right, someone was accidentally pointing the prod server to the staging database like, “Oops! Their API was pointing to the wrong port, and everything came down,” or we changed the wrong versions or whatever. I think that’s one of the intersections of developers and operations folks. We kind of talked about like Dev Ops and things like that. I really love the idea of everything being kept in Git and using GitOps, but then we’ve got things like secrets and configuration that shouldn’t be seen or being able to be edited by developers, but need to be for ops folks. But we still want to keep the single point of truth. Things like sealed secrets have really enabled us to move along in this area where we can keep everything in text-based version. [00:28:08] BL: All right. Quick point of order here. Sealed secrets is a controller/CRD created by Bitnami. What it allows you do is, John – [00:28:23] JH: It allows you – It creates a CRD, which is sealed secret, which is a special resource type in your cluster and also creates a key, which is only available to that operator running in your cluster. You can submit a sealed secret in plain text or you can submit a secret in plain text and it will throw it back out as an encrypted secret with that key and then you can check that into version control. Then when you go to deploy your software, you can deploy that encrypted secret into the cluster. The operator will pick it up, decrypt it using only the key that it has access to and then put it back in the cluster as a regular secret. Your application just interacts with regular Kubernetes secrets. You don’t need to change your app. They deal with all the encryption outside of the user intervention. [00:29:03] BL: I think the most important part of what you said is that this allows us to have no excuses about what we can store in our repositories for our configuration, because someone is going to make the argument, “No, we can’t store secrets, because someone’s going to be able to see them.” Well, guess what? We never even stored an unencrypted secret in our repository. They’re all encrypted, and it’s still secrets. It’s [inaudible 00:29:25]. I don’t know if anyone’s cracked yet. I’m sure maybe a state level actor has thought of it. But for us regular people, even our companies, like even at VMware, or even at Google, they have not done it yet. So it’s still pretty safe. Thinking even further now, and really what I’m trying to paint the picture of is not just how do you do CD, but really what CD could look like and how it can actually make you happy rather than sad. The next item I wanted to think about was tools around CD and creating tools and what does a good continuous delivery system look like. I kind of hinted about this earlier whenever I was talking about pipelines. The ability to take advantage of your hardware, so we’re deploying to let’s say 100 servers. We’re pulling 5 or 6 services to 100 node cluster. We can do those all at once, and what we can do is you want to have a system that can actually run like this. I could think of a couple. From Intuit, there is Argo, and they have Argo CD. There is the tool created by Google and maybe Netflix. I want to have to look that one up. It’s funny, because they quoted – [00:30:40] JH: Spinnaker? [00:30:42] BL: Spinnaker. They quoted me in their book, and I don’t remember their name. I’m sorry anyone from Spinnaker product listening. Once again, not advocating any products, but they have the concept of doing pipelines. Then you also have other things for your projects, like if you’re using open source, Drone. Another X Google – I think it was X-Googler that made this. Basically, they have ways you can do more than one thing at a time. The most important piece about this is not only can you do more than one thing at a time, is that you have a programmatic check that it’ll make sure that you can verify that whatever you did was successful. We deployed to staging or we deployed to our smoke test servers for our smoke test, and that requires our testing people and an executive signoff. They can actually just wait until they get their signoff or maybe if it goes over a day or so, they can actually – It just fails, and now the build is done. But that part is pretty neat. Any other topics over here before I start throwing out more? [00:31:45] NL: I think I just have thoughts on some of the tools that we’ve used. Everyone Jenkins. Jenkins can do anything that you want it to do, but you really have to tighten the screws on it. It is super powerful. It’s kind of like Bash, like Bash scripting. It’s super powerful, but you have to know precisely what you’re doing, otherwise it can really hurt you. Actually, I have used Spinnaker in the past, and I’ve really liked it. It has a good UI, very good pipelines. Easy blue/green or canary deployment mechanism, I thought that was great. I’ve looked at Drone, believe it or not, but Drone is actually pretty cool. Check out Drone. I really liked it. [00:32:25] BL: Well, since we’re throwing out products, Jenkins, does have JenkinsX. I have not given it the full rundown yet. But what I do like about it, and I think everyone should pay attention to this if you’re doing a product in this space, is that when you install JenkinsX, you install it locally to your machine. You basically get this binary called JX, and you then tell JX to install it into your cluster. Instead of just doing kubectl apply-f a whole bunch of YAML, it actually ask you questions and it sets up GitHub repositories or wherever you need these repositories. It sets up [inaudible 00:33:01] spaces for you. There’s no just [inaudible 00:33:05] kubectl apply-f HTTPS: I just owned your system, because that’s actually a problem. Then it solves the YAML sprawl, because YAML and Kubernetes is something that is complained about a lot, but it’s how it’s configured. But it’s also just a detail what we’re supposed to be doing, and we actually work with Joe Beda and I could talk about this all the time, is that the YAML is the implementation, but it’s not the idea. The idea is that we build tools on top of that that create YAML so users have to see less YAML. I think that’s a problem with Jenkins, is that it’s so powerful and they’re like, “Well, we want powerful people or smart people to be able to do smart things. So here you go.” The problem with that is that where do I start? It’s a little daunting. So I do think that they definitely came with the much stronger game with this JX command. Just as a little sidebar, we do it as well with our Valero project, and I think that just speaks, should be like the bar for anything. If you’re installing something into a cluster, you should come up with a command line tool that helps you manage the lifecycle of whatever you’re installing to the operator, YAML, whatever. [00:34:18] JH: I think what’s interesting about the options, this is definitely one area where there’s so much nuance. Any time you’re in developer tooling, everyone wants to do something slightly differently. All of these tools are so tweak-able that they become so general. I think it’s probably one of the criticisms that could be leveraged against Jenkins is that you can do everything, and that’s actually a negative as well as a positive. Sometimes it’s too overwhelming. There are too many ways of doing things. I’m a fan of some of the more kind opinionated tools in that space. [00:34:45] BL: Yeah. I like opinionated tools as well, but the problem that we’re having in this cloud native space is that, yeah, Kubernetes is five-years-old now. We are just getting to the point where we actually understand what a good decision is, because there was a lot of guesses before and we’ve done a lot of things, and some of these have been good ideas, but in some cases they have not been great ideas. Even I ran the project case on it. Great idea on paper, but implementation, it required people to know too many things. We’d learned a lot of lessons from that. That’s what I think we’re going to find out in this space is that we’re going to learn little lessons. I say this project from my last project that I was going to bring up is something that I think has learned some of the lessons. Google sponsors a project called Tekton, and if you go to – It’s like I believe, and they have some continuous delivery stuff in there and they implement pipelines. But the neat part is, and this is actually the best part, it’s actually a cloud native built service. So every step of your delivery process, from creating images, to actually putting them on clusters, is backed by a Docker image or a container, and I think that part is pretty neat. So now you can define your steps. What is your step? Well, you can use one of their pre-baked, run this command, or if you have something special, like the example before I was giving out where you would say that you need an approval, maybe it’s a Slack approval. You send something with Slack and it has a checkbox, check yes if you like me. What we can do now is we can actually control that and it’s easy to write something a little Docker image that can actually make that call and then get the request and then it can move it on. If you’re looking at more of a toolkit full of good ideas, I do think that Tekton has definitely has some lots of industry. People are looking at it and it’s probably the best example of getting it right in the cloud native way. Because a lot of the products we have now are not cloud native. We’re talking about Jenkins. We’re talking about Spinnaker and we talk about Drone and Travis, which is totally a SaaS product. They’re not cloud native. Actually, the neat part about Tekton is that it actually comes with its own controllers and its own CRDs. So you can actually build these things up using your familiar Kubernetes tooling, which means in theory we could actually use the tooling that we are deploying. We can actually control it in the same way as our applications, because it’s just yet another object that goes in our cluster. [00:37:21] NL: That does sound pretty cool. One other that I meant to bring up was Concourse. Have you check out Concourse yet? [00:37:27] BL: CouncourseCI. I have not. I have used it, but never in a way where I would have a big opinion on it. [00:37:34] NL: I’m kind of in the same place. I think it’s a good idea. It seems really neat, but I need to kick the tires a little more. I will say that I really like the UI. The structure of the UI is really nice. Everything makes sense, and anything you can click on like drills into something a bit deeper. I think that’s pretty cool, but it is one of the shout that I went out to as well as like another tool that I’m aware of. [00:37:52] BL: Yeah, that’s pretty interesting. So we’ve gone about 40 minutes now. Let’s actually start winding this down, and the way that I’m going to suggest that we wind this down is thinking about where we are now. What’s missing in this space and what else could we actually be doing in the cloud native space to make this work out better? [00:38:12] NL: I think I’d like to see better structured or better examples of blue-green or canary deployments with tests associated, and that might just be like me not looking hard enough at this problem. But anytime I began looking at blue-green, I get the idea of what someone’s done, but I would love to see some implementation details, or any of these opinionated tools having opinions around blue-green and what they specifically do to test it. I feel like I’m just not seeing that. [00:38:41] BL: With blue-green, blue-green is hard to do in Kubernetes without an external tool, because for everyone, a blue-green deployment is, I have a software deployment and we’ll give it a color. We’ll call it blue, and I have the next version, and we’ll call it green. Really what I can do is I basically have two versions of my application deployed and I can use my load balancer, or in this case, my service to just change the label or the selector in my service and now I can point at at my green from my blue. Then I want to deploy again, I can just deploy another blue and then change my label selector again. The problem with this is that you can do it in Kubernetes, just fine. But out of the box with Kubernetes, you will drop traffic, because guess what? What happens to a connection that was initiated or a session that was initiated on the blue cluster when you went to green? Actually, this is a whole conversation in itself about service meshes and this is actually one of the reasons service mesh is a big topic, because you can do this blue-green, or another example would be Netflix and Redblack, or you get the creative people who are like rainbow deployments, because just having two is not good enough for them. So they want to have any number of deployments going at one time. I agree with that 100%. [00:39:57] JH: I think, yeah, integrating tools like launch. [inaudible 00:40:01] and I think there are more which enable – I think we’re missing the business abstractions on this stuff so far. Like you said, it’s kind of hard to do if you need to go into the gritty of it right now, but I think the business abstractions of if we deploy a different version to a certain subset of customers, can we get all of those metrics? Can we get those traces back in? Will you automate it, roll it out? Can we increase the percentage of customers that are seeing those things? Have that all controlled in a Kubernetes native way, but having roll it up to a business and more of an abstraction. I think that stuff is currently missing. I think the underpinning kind of technologies are coming up, stuff like service mesh, but I think it’s the abstraction that’s really going to make it useful, which doesn’t exist today. [00:40:39] BL: Yeah. Actually, that’s pretty close to what I was going to say. We built all these tooling that helps us basically as technologists, but really what it comes down to is the business. A lot of the things we’re talking about where we’re talking about CD is important to the business, but when we’re talking about metrics or trace collection, that’s not important to the business, because they only care about the SLA. This is on the SLO side. What we really need to do is mature our processes enough that we can actually marry our outputs to something that other people can understand that has no jargon and it’s sales going up, sales going down. Everything else is just a detail. So, anything else? [00:41:20] NL: Something I think I’d like to see is in our testing, if there was a good way to accurately show the effect of something at load in a CI/CD component. Because one of the things that I’ve run into is like I’ve got this great idea for how this code should work and when I deploy it, it works great. The like a thousand people touch it all at once and it doesn’t work right anymore. I’d love to have some tool along the way that can test things out of load and like show me something that I could fix before all those people touch it. [00:41:57] BL: Yes, that would be a good tool to have. So John, anything else for you? [00:42:02] JH: I’ll open a can of worms right at the end and say the biggest problem here is probably going to be data when we have a lot of systems we need to talk to each other and we need the data to align between those systems and we have now proliferation of environments and clusters. Like how do we get that data reliably into the place that it needs to be to make up testing robust enough to get things out there? It’s probably an episode on some – [00:42:23] BL: Yeah, that’s a big conversation that if we could answer it, we wouldn’t working at VMware. We would have our own companies doing all these great things. But we can definitely iterate on it. So with that, I think we’re going to wrap it up. Thanks for listening to the Kubelets. I’m Bryan Liles, and with me today was Nicholas Lane and John – Yeah, and John Harris. [00:42:47] JH: Thanks everyone. [00:42:47] BL: All right, we’ll see you next time. [END OF EPISODE] [00:42:50] ANNOUNCER: Thank you for listening to The Podlets Cloud Native Podcast. Find us on Twitter at https://twitter.com/ThePodlets and on the http://thepodlets.io/ website, where you'll find transcripts and show notes. We'll be back next week. Stay tuned by subscribing. [END]See omnystudio.com/listener for privacy information.

VMware is closing the year with a significant new component in its arsenal. Today it announced it has closed the $2.7 billion Pivotal acquisition it originally announced in August. The acquisition gives VMware another component in its march to transform from a pure virtual machine company into a cloud native vendor that can manage infrastructure wherever it lives. It fits alongside other recent deals like buying Heptio and Bitnami, two other deals that closed this year.

Security is inherently dichotomous because it involves hardening an application to protect it from external threats, while at the same time ensuring agility and the ability to iterate as fast as possible. This in-built tension is the major focal point of today’s show, where we talk about all things security. From our discussion, we discover that there are several reasons for this tension. The overarching problem with security is that the starting point is often rules and parameters, rather than understanding what the system is used for. This results in security being heavily constraining. For this to change, a culture shift is necessary, where security people and developers come around the same table and define what optimizing to each of them means. This, however, is much easier said than done as security is usually only brought in at the later stages of development. We also discuss why the problem of security needs to be reframed, the importance of defining what normal functionality is and issues around response and detection, along with many other security insights. The intersection of cloud native and security is an interesting one, so tune in today! Follow us: https://twitter.com/thepodlets Website: https://thepodlets.io Feeback: info@thepodlets.io https://github.com/vmware-tanzu/thepodlets/issues Hosts: Carlisia Campos Duffie Cooley Bryan Liles Nicholas Lane Key Points From This Episode: Often application and program security constrain optimum functionality. Generally, when security is talked about, it relates to the symptoms, not the root problem. Developers have not adapted internal interfaces to security. Look at what a framework or tool might be used for and then make constraints from there. The three frameworks people point to when talking about security: FISMA, NIST, and CIS. Trying to abide by all of the parameters is impossible. It is important to define what normal access is to understand what constraints look like. Why it is useful to use auditing logs in pre-production. There needs to be a discussion between developers and security people. How security with Kubernetes and other cloud native programs work. There has been some growth in securing secrets in Kubernetes over the past year. Blast radius – why understanding the extent of security malfunction effect is important. Chaos engineering is a useful framework for understanding vulnerability. Reaching across the table – why open conversations are the best solution to the dichotomy. Security and developers need to have the same goals and jargon from the outset. The current model only brings security in at the end stages of development. There needs to be a place to learn what normal functionality looks like outside of production. How Google manages to run everything in production. It is difficult to come up with security solutions for differing contexts. Why people want service meshes. Quotes: “You’re not able to actually make use of the platform as it was designed to be made use of, when those constraints are too tight.” — @mauilion [0:02:21] “The reason that people are scared of security is because security is opaque and security is opaque because a lot of people like to keep it opaque but it doesn’t have to be that way.” — @bryanl [0:04:15] “Defining what that normal access looks like is critical to us to our ability to constrain it.” — @mauilion [0:08:21] “Understanding all the avenues that you could be impacted is a daunting task.” — @apinick [0:18:44] “There has to be a place where you can go play and learn what normal is and then you can move into a world in which you can actually enforce what that normal looks like with reasonable constraints.” — @mauilion [0:33:04] “You don’t learn to ride a motorcycle on the street. You’d learn to ride a motorcycle on the dirt.” — @apinick [0:33:57] Links Mentioned in Today’s Episode: AWS — https://aws.amazon.com/Kubernetes https://kubernetes.io/IAM https://aws.amazon.com/iam/Securing a Cluster — https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/TGI Kubernetes 065 — https://www.youtube.com/watch?v=0uy2V2kYl4U&list=PL7bmigfV0EqQzxcNpmcdTJ9eFRPBe-iZa&index=33&t=0sTGI Kubernetes 066 —https://www.youtube.com/watch?v=C-vRlW7VYio&list=PL7bmigfV0EqQzxcNpmcdTJ9eFRPBe-iZa&index=32&t=0sBitnami — https://bitnami.com/Target — https://www.target.com/Netflix — https://www.netflix.com/HashiCorp — https://www.hashicorp.com/Aqua Sec — https://www.aquasec.com/CyberArk — https://www.cyberark.com/Jeff Bezos — https://www.forbes.com/profile/jeff-bezos/#4c3104291b23Istio — https://istio.io/Linkerd — https://linkerd.io/ Transcript: EPISODE 10 [INTRODUCTION] [0:00:08.7] ANNOUNCER: Welcome to The Podlets Podcast, a weekly show that explores cloud native one buzzword at a time. Each week, experts in the field will discuss and contrast distributed systems concepts, practices, tradeoffs and lessons learned to help you on your cloud native journey. This space moves fast and we shouldn’t reinvent the wheel. If you’re an engineer, operator or technically minded decision maker, this podcast is for you. [EPISODE] [0:00:41.2] NL: Hello and welcome back to The Kubelets Podcast. My name is Nicholas Lane and this time, we’re going to be talking about the dichotomy of security. And to talk about such an interesting topic, joining me are Duffie Coolie. [0:00:54.3] DC: Hey, everybody. [0:00:55.6] NL: Bryan Liles. [0:00:57.0] BM: Hello [0:00:57.5] NL: And Carlisia Campos. [0:00:59.4] CC: Glad to be here. [0:01:00.8] NL: So, how’s it going everybody? [0:01:01.8] DC: Great. [0:01:03.2] NL: Yeah, this I think is an interesting topic. Duffie, you introduced us to this topic. And basically, what I understand, what you wanted to talk about, we’re calling it the dichotomy of security because it’s the relationship between security, like hardening your application to protect it from attack and influence from outside actors and agility to be able to create something that’s useful, the ability to iterate as fast as possible. [0:01:30.2] DC: Exactly. I mean, the idea from this came from putting together a talks for the security conference coming up here in a couple of weeks. And I was noticing that obviously, if you look at the job of somebody who is trying to provide some security for applications on their particular platform, whether that be AWS or GCE or OpenStack or Kubernetes or anything of these things. It’s frequently in their domain to kind of define constraints for all of the applications that would be deployed there, right? Such that you can provide rational defaults for things, right? Maybe you want to make sure that things can’t do a particular action because you don’t want to allow that for any application within your platform or you want to provide some constraint around quota or all of these things. And some of those constraints make total sense and some of them I think actually do impact your ability to design the systems or to consume that platform directly, right? You’re not able to actually make use of the platform as it was designed to be made use of, when those constraints are too tight. [0:02:27.1] DC: Yeah. I totally agree. There’s kind of a joke that we have in certain tech fields which is the primary responsibility of security is to halt productivity. It isn’t actually true, right? But there are tradeoffs, right? If security is too tight, you can’t move forward, right? Example of this that kind of mind are like, if you’re too tight on your firewall rules where you can’t actually use anything of value. That’s a quick example of like security gone haywire. That’s too controlling, I think. [0:02:58.2] BM: Actually. This is an interesting topic just in general but I think that before we fall prey to what everyone does when they talk about security, let’s take a step back and understand why things are the way they are. Because all we’re talking about are the symptoms of what’s going on and I’ll give you one quick example of why I say this. Things are the way they are because we haven’t made them any better. In developer land, whenever we consume external resources, what we were supposed to do and what we should be doing but what we don’t do is we should create our internal interfaces. Only program to those interfaces and then let that interface of that adapt or talk to the external service and in security world, we should be doing the same thing and we don’t do this. My canonical example for this is IAM on AWS. It’s hard to create a secure IM configuration and it’s even harder to keep it over time and it’s even harder to do it whenever you have 150, 100, 5,000 people dealing with this. What companies do is they actually create interfaces where they could describe the part of IAM they want to use and then they translate that over. The reason I bring this up is because the reason that people are scared of security is because security is opaque and security is opaque because a lot of people like to keep it opaque. But it doesn’t have to be that way. [0:04:24.3] NL: That’s a good point, that’s a reasonable design and wherever I see that devoted actually is very helpful, right? Because you highlight a critical point in that these constraints have to be understood by the people who are constrained by them, right? It will just continue to kind of like drive that wedge between the people who are responsible for them top finding t hem and the people who are being affected by them, right? That transparency, I think it’s definitely key. [0:04:48.0] BM: Right, this is our cloud native discussion, any idea of where we should start thinking about this in cloud native land? [0:04:56.0] DC: For my part, I think it’s important to understand if you can like what the consumer of a particular framework or tool might need, right? And then, just take it from there and figure out what rational constraints are. Rather than the opposite which is frequently where people go and evaluate a set of rules as defined by some particular, some third-part company. Like you look at CIS packs and you look at like a lot of these other tooling. I feel like a lot of people look at those as like, these are the hard rules, we must comply to all of these things. Legally, in some cases, that’s the case. But frequently, I think they’re just kind of like casting about for some semblance of a way to start defining constraint and they go too far, they’re no longer taking into account what the consumers of that particular platform might meet, right? Kubernetes is a great example of this. If you look at the CIS spec for Kubernetes or if you look at a lot of the talks that I’ve seen kind of around how to secure Kubernetes, we defined like best practices for security and a lot of them are incredibly restrictive, right? I think of the problem there is that restriction comes at a cost of agility. You’re no longer able to use Kubernetes as a platform for developing microservices because you provided so much constraints that it breaks the model, you know? [0:06:12.4] NL: Okay. Let’s break this down again. I can think of a top of my head, three types of things people point to when I’m thinking about security. And spoiler alert, I am going to do some acronyms but don’t worry about the acronyms are, just understand they are security things. The first one I’ll bring up is FISMA and then I’ll think about NIST and the next one is CIS like you brought up. Really, the reason they’re so prevalent is because depending on where you are, whether you’re in a highly regulated place like a bank or you’re working for the government or you have some kind of automate concern to say a PIPA or something like that. These are the words that the auditors will use with you. There is good in those because people don’t like the CIS benchmarks because sometimes, we don’t understand why they’re there. But, from someone who is starting from nothing, those are actually great, there’s at least a great set of suggestions. But the problem is you have to understand that they’re only suggestions and they are trying to get you to a better place than you might need. But, the other side of this is that, we should never start with NIST or CIS or FISMA. What we really should do is our CISO or our Chief Security Officer or the person in charge of security. Or even just our – people who are in charge, making sure our stack, they should be defining, they should be taking what they know, whether it’s the standards and they should be building up this security posture in this security document and these rules that are built to protect whatever we’re trying to do. And then, the developers of whoever else can operate within that rather than everything literally. [0:07:46.4] DC: Yeah, agreed. Another thing I’ve spent some time talking to people about like when they start rationalizing how to implement these things or even just think about the secure surface or develop a threat model or any of those things, right? One of the things that I think it’s important is the ability to define kind of like what normal looks like, right? What normal access between applications or normal access of resources looks like. I think that your point earlier, maybe provides some abstraction in front of a secure resource such that you can actually just share that same fraction across all the things that might try to consume that external resource is a great example of the thing. Defining what that normal access looks like is critical to us to our ability to constrain it, right? I think that frequently people don’t start there, they start with the other side, they’re saying, here are all the constraints, you need to tell me which ones are too tight. You need to tell me which ones to loosen up so that you can do your job. You need to tell me which application needs access to whichever application so that I can open the firewall for you. I’m like, we need to turn that on its head. We need the environments that are perhaps less secure so that we can actually define what normal looks like and then take that definition and move it into a more secured state, perhaps by defining these across different environments, right? [0:08:58.1] BM: A good example of that would be in larger organizations, at every part of the organization does this but there is environments running your application where there are really no rules applied. What we do with that is we turn on auditing in those environments so you have two applications or a single application that talks to something and you let that application run and then after the application run, you go take a look at the audit logs and then you determine at that point what a good profile of this application is. Whenever it’s in production, you set up the security parameters, whether it be identity access or network, based on what you saw in auditing in your preproduction environment. That’s all you could run because we tested it fully in our preproduction environment, it should not do any more than that. And that’s actually something – I’ve seen tools that will do it for AWS IM. I’m sure you can do for anything else that creates auditing law. That’s a good way to get started. [0:09:54.5] NL: It sounds like what we’re coming to is that the breakdown of security or the way that security has impacted agility is when people don’t take a rational look at their own use case. instead, rely too much on the guidance of other people essentially. Instead of using things like the CIS benchmarking or NIST or FISMA, that’s one that I knew the other two and I’m like, I don’t know this other one. If they follow them less as guidelines and more as like hard set rules, that’s when we get impacts or agility. Instead of like, “Hey. This is what my application needs like you’re saying, let’s go from there.” What does this one look like? Duffie is for saying. I’m kind of curious, let’s flip that on its head a little bit, are there examples of times when agility impacts security? [0:10:39.7] BM: You want to move fast and moving fast is counter to being secure? [0:10:44.5] NL: Yes. [0:10:46.0] DC: Yeah, literally every single time we run software. When it comes down to is developers are going to want to develop and then security people are going to want to secure. And generally, I’m looking at it from a developer who has written security software that a lot of people have used, you guys had know that. Really, there needs to be a conversation, it’s the same thing as we had this dev ops conversation for a year – and then over the last couple of years, this whole dev set ops conversation has been happening. We need to have this conversation because from a security person’s point of view, you know, no access is great access. No data, you can’t get owned if you don’t have any data going across the wire. You know what? Can’t get into that server if there’s no ports opened. But practically, that doesn’t work and we find is that there is actually a failing on both sides to understand what the other person was optimizing for. [0:11:41.2] BM: That’s actually where a lot of this comes from. I will offer up that the only default secure posture is no access to anything and you should be working from that direction to where you want to be rather than working from, what should we close down? You should close down everything and then you work with allowing this list for other than block list. [0:12:00.9] NL: Yeah, I agree with that model but I think that there’s an important step that has to happen before that and that’s you know, the tooling or thee wireless phone to define what the application looks like when it’s in a normal state or the running state and if we can accomplish that, then I feel like we’re in a better position to find what that LOI list looks like and I think that one of the other challenges there of course, let’s backup for a second. I have actually worked on a platform that supported many services, hundreds of services, right? Clearly, if I needed to define what normal looked like for a hundred services or a thousand services or 2,000 services, that’s going to be difficult in a way that people approach the problem, right? How do you define for each individual service? I need to have some decoration of intent. I need the developer to engage here and tell me, what they’re expecting, to set some assumptions about the application like what it’s going to connect to, those dependences are – That sort of stuff. And I also need tooling to verify that. I need to be able to kind of like build up the whole thing so that I have some way of automatically, you know, maybe with oversight, defining what that security context looks like for this particular service on this particular platform. Trying to do it holistically is actually I think where we get into trouble, right? Obviously, we can’t scale the number of people that it takes to actually understand all of these individual services. We need to actually scale this stuff as software problem instead. [0:13:22.4] CC: With the cloud native architecture and infrastructure, I wonder if it makes it more restrictive because let’s say, these are running on Kubernetes, everything is running at Kubernetes. Things are more connected because it’s a Kubernetes, right? It’s this one huge thing that you’re running on and Kubernetes makes it easier to have access to different notes and when the nodes took those apart, of course, you have to find this connection. Still, it’s supposed to make it easy. I wonder if security from a perspective of somebody, needing to put a restriction and add miff or example, makes it harder or if it makes it easier to just delegate, you have this entire area here for you and because your app is constrained to this space or name space or this part, this node, then you can have as much access as you need, is there any difference? Do you know what I mean? Does it make sense what I said? [0:14:23.9] BM: There was actually, it’s exactly the same thing as we had before. We need to make sure that applications have access to what they need and don’t have access to what they don’t need. Now, Kubernetes does make it easier because you can have network policies and you can apply those and they’re easier to manage than who knows what networking management is holding you have. Kubernetes also has pod security policies which again, actually confederates this knowledge around my pod should be able to do this or should not be able to run its root, it shouldn’t be able to do this and be able to do that. It’s still the same practice Carlisia, but the way that we can control it is now with a standard set off tools. We still have not cracked the whole nut because the whole thing of turning auditing on to understand and then having great tool that can read audit locks from Kubernetes, just still aren’t there. Just to add one more last thing that before we add VMWare and we were Heptio, we had a coworker who wrote basically dynamic audit and that was probably one of the first steps that we would need to be able to employ this at scale. We are early, early, super early in our journey and getting this right, we just don’t have all the necessary tools yet. That’s why it’s hard and that’s why people don’t do it. [0:15:39.6] NL: I do think it is nice to have t hose and primitives are available to people who are making use of that platform though, right? Because again, kind of opens up that conversation, right? Around transparency. The goal being, if you understood the tools that we’re defining that constraint, perhaps you’d have access to view what the constraints are and understand if they’re actually rational or not with your applications. When you’re trying to resolve like I have deployed my application in dev and it’s the wild west, there’s no constraints anywhere. I can do anything within dev, right? When I’m trying to actually promote my application to staging, it gives you some platform around which you can actually sa, “If you want to get to staging, I do have to enforce these things and I have a way and again, all still part of that same API, I still have that same user experience that I had when just deploying or designing the application to getting them deployed.” I could still look at again and understand what the constraints are being applied and make sure that they’re reasonable for my application. Does my application run, does it have access to the network resources that it needs to? If not, can I see where the gaps are, you know? [0:16:38.6] DC: For anyone listening to this. Kubernetes doesn’t have all the documentation we need and no one has actually written this book yet. But on Kubernetes.io, there are a couple of documents about security and if we have shownotes, I will make sure those get included in our shownotes because I think there are things that you should at least understand what’s in a pod security policy. You should at least understand what’s in a network security policy. You should at least understand how roles and role bindings work. You should understand what you’re going to do for certificate management. How do you manage this certificate authority in Kubernetes? How do you actually work these things out? This is where you should start before you do anything else really fancy. At least, understand your landscape. [0:17:22.7] CC: Jeffrey did a TGI K talk on secrets. I think was that a series? There were a couple of them, Duffie? [0:17:29.7] DC: Yeah, there were. I need to get back and do a little more but yeah. [0:17:33.4] BM: We should then add those to our shownotes too. Hopefully they actually exist or I’m willing to see to it because in assistance. [0:17:40.3] CC: We are going to have shownotes, yes. [0:17:44.0] NL: That is interesting point, bringing up secrets and secret management and also, like secured Inexhibit. There are some tools that exist that we can use now in a cloud native world, at least in the container world. Things like vault exist, things like well, now, KBDM you can roll certificate which is really nice. We are getting to a place where we have more tooling available and I’m really happy about it. Because I remember using Kubernetes a year ago and everyone’s like, “Well. How do you secure a secret in Kubernetes?” And I’m like, “Well, it sure is basics for you to encode it. That’s on an all secure.” [0:18:15.5] BM: I would do credit Bitnami has been doing sealed secrets, that’s been out for quite a while but the problem is that how do you suppose to know about that and how are you supposed to know if it’s a good standard? And then also, how are you supposed to benchmark against that? How do you know if your secrets are okay? We haven’t talked about the other side which is response or detection of issues. We’re just talking about starting out, what do you do? [0:18:42.3] DC: That’s right. [0:18:42.6] NL: It is tricky. We’re just saying like, understanding all the avenues that you could be impacted is kind of a daunting task. Let’s talk about like the Target breach that occurred a few years ago? If anybody doesn’t remember this, basically, Target had a huge credit card breach from their database and basically, what happened is that t heir – If I recalled properly, their OIDC token had a – not expired but the audience for it was so broad that someone had hacked into one computer essentially like a register or something and they were able to get the OIDC token form the local machine. The authentication audience for that whole token was so broad that they were able to access the database that had all of the credit card information into it. These are one of these things that you don’t think about when you’re setting up security, when you’re just maybe getting started or something like that. What are the avenues of attack, right? You’d say like, “OIDC is just pure authentication mechanism, why would we need to concern ourselves with this?” And then but not understanding kind of what we were talking about last because the networking and the broadcasting, what is the blast radius of something like this and so, I feel like this is a good example of sometimes security can be really hard and getting started can be really daunting. [0:19:54.6] DC: Yeah, I agree. To Bryan’s point, it’s like, how do you test against this? How do you know that what you’ve defined is enough, right? We can define all of these constraints and we can even think that they’re pretty reasonable or rational and the application may come up and operate but how do you know? How can you verify that? What you’ve done is enough? And then also, remember. With OIDC has its own foundations and loft. You realize that it’s a very strong door but it’s only a strong door, it also do things that you can’t walk around a wall and that it’s protecting or climb over the wall that it’s protecting. There’s a bit of trust and when you get into things like the target breach, you really have to understand blast radius for anything that you’re going to do. A good example would be if you’re using shared key kind of things or like public share key. You have certificate authorities and you’re generating certificates. You should probably have multiple certificate authorities and you can have a basically, a hierarchy of these so you could have basically the root one controlled by just a few people in security. And then, each department has their own certificate authority and then you should also have things like revocation, you should be able to say that, “Hey, all this is bad and it should all go away and it probably should have every revocation list,” which a lot of us don’t have believe it or not, internally. Where if I actually kill our own certificate, a certificate was generated and I put it in my revocation list, it should not be served and in our clients that are accepting that our service is to see that, if we’re using client side certificates, we should reject these instantly. Really, what we need to do is stop looking at security as this one big thing and we need to figure out what are our blast radius. Firecracker, blowing up in my hand, it’s going to hurt me. But Nick, it’s not going to hurt you, you know? If someone drops in a huge nuclear bomb on the United States or the west coast United States, I’m talking to myself right now. You got to think about it like that. What’s the worst that can happen if this thing gets busted or get shared or someone finds that this should not happen? Every piece off data that you have that you consider secure or sensitive, you should be able to figure out what that means and that is how whenever you are defining a security posture that’s butchered to me. Because that is why you’ll notice that a lot of companies some of them do run open within a contained zone. So, within this contained zone you could talk to whomever you want. We don’t actually have to be secure here because if we lose one, we lost them all so who cares? So, we need to think about that and how do we do that in Kubernetes? Well, we use things like name spaces first of all and then we use things like this network policies and then we use things like pod security policies. We can lock some access down to just name spaces if need be. You can only talk to pods and your name space. And I am not telling you how to do this but you need to figure out talking with your developer, talking to the security people. But if you are in security you need to talk to your product management staff and your software engineering staff to figure out really how does this need to work? So, you realize that security is fun and we have all sorts of neat tools depending on what side you’re on. You know if you are on red team, you’re half knee in, you’re blue team you are saving things. We need to figure out these conversations and tooling comes from these conversations but we need to have these conversation first. [0:23:11.0] DC: I feel like a little bit of a broken record on this one but I am going to go back to chaos engineering again because I feel like it is critical to stuff like this because it enables a culture in which you can explore both the behavior of applications itself but why not also use this model to explore different ways of accessing that information? Or coming up with theories about the way the system might be vulnerable based on a particular attack or a type of attack, right? I think that this is actually one of the movements within our space that I think provides because then most hope in this particular scenario because a reasonable chaos engineering practice within an organization enables that ability to explore all of the things. You don’t have to be red team or blue team. You can just be somebody who understands this application well and the question for the day is, “How can we attack this application?” Let’s come up with theories about the way that perhaps this application could be attacked. Think about the problem differently instead of thinking about it as an access problem, think about it as the way that you extend trust to the other components within your particular distributed system like do they have access that they don’t need. Come up with a theory around being able to use some proxy component of another system to attack yet a third system. You know start playing with those ideas and prove them out within your application. A culture that embraces that I think is going to be by far a more secure culture because it lets developers and engineers explore these systems in ways that we don’t generally explore them. [0:24:36.0] BM: Right. But also, if I could operate on myself I would never need a doctor. And the reason I bring that up is because we use terms like chaos engineering and this is no disrespect to you Duffie, so don’t take it as this is panacea or this idea that we make things better and true. That is fine, it will make us better but the little secret behind chaos engineering is that it is hard. It is hard to build these experiments first of all, it is hard to collect results from these experiments. And then it is hard to extrapolate what you got out of the experiments to apply to whatever you are working on to repeat and what I would like to see is what people in our space is talking about how we can apply such techniques. But whether it is giving us more words or giving us more software that we can employ because I hate to say it, it is pretty chaotic in chaos engineering right now for Kubernetes. Because if you look at all the people out there who have done it well. And so, you look at what Netflix has done with pioneering this and then you listen to what, a company such us like Gremlin is talking about it is all fine and dandy. You need to realize that it is another piece of complexity that you have to own and just like any other things in the security world, you need to rationalize how much time you are going to spend on it first is the bottom line because if I have a “Hello, World!” app, I don’t really care about network access to that. Unless it is a “Hello, World!” app running on the same subnet as some doing some PCI data then you know it is a different conversation. [0:26:05.5] DC: Yeah. I agree and I am certainly not trying to version as a panacea but what I am trying to describe is that I feel like I am having a culture that embraces that sort of thinking is going to enable us to be in a better position to secure these applications or to handle a breach or to deal with very hard to understand or resolve problems at scale, you know? Whether that is a number of connections per second or whether that is a number of applications that we have horizontally scaled. You know like being able to embrace that sort of a culture where we asked why where we say “well, what if…” or if we actually come up you know embracing the idea of that curiosity that got you into this field, you know what I mean like the thing that is so frequently our cultures are opposite of that, right? It becomes a race to the finish and in that race to the finish, lots of pieces fall off that we are not even aware of, you know? That is what I am highlighting here when I talk about it. [0:26:56.5] NL: And so, it seems maybe the best solution to the dichotomy between security and agility is really just open conversation, in a way. People actually reaching across the aisle to talk to each other. So, if you are embracing this culture as you are saying Duffie the security team should be having constant communication with the application team instead of just like the team doing something wrong and the security team coming down and smacking their hand. And being like, “Oh you can’t do it this way because of our draconian rules” right? These people are working together and almost playing together a little bit inside of their own environment to create also a better environment. And I am sorry.I didn’t mean to cut you off there, Bryan. [0:27:34.9] BM: Oh man, I thought it was fleeting like all my thoughts. But more about what you are saying is, is that you know it is not just more conversations because we can still have conversations and I am talking about sider and subnets and attack vectors and buffer overflows and things like that. But my developer isn’t talking, “Well, I just need to be able to serve this data so accounting can do this.” And that’s what happens a lot in security conversations. You have two groups of individuals who have wholly different goals and part of that conversation needs to be aligning or jargon and then aligning on those goals but what happens with pretty much everything in the development world, we always bring our networking, our security and our operations people in right at the end, right when we are ready to ship, “Hey make this thing work.” And really it is where a lot of our problems come out. Now security either could or wanted to be involved at the beginning of a software project what we actually are talking about what we are trying to do. We are trying to open up this service to talk to this, share this kind of data. Security can be in there early saying, “Oh no you know, we are using this resource in our cloud provider. It doesn’t really matter what cloud provider and we need to protect this. This data is sitting here at rest.” If we get those conversations earlier, it would be easier to engineer solutions that to be hopefully reused so we don’t have to have that conversation in the future. [0:29:02.5] CC: But then it goes back to the issue of agility, right? Like Duffie was saying, wow you can develop, I guess a development cluster which has much less restrictive restrictions and they move to a production environment where the proper restrictions are then – then you find out or maybe station environment let’s say. And then you find out, “Oh whoops. There are a bunch of restrictions I didn’t deal with but I didn’t move a lot faster because I didn’t have them but now, I have to deal with them.” [0:29:29.5] DC: Yeah, do you think it is important to have a promotion model in which you are able to move toward a more secure deployment right? Because I guess a parallel to this is like I have heard it said that you should develop your monolith first and then when you actually have the working prototype of what you’re trying to create then consider carefully whether it is time to break this thing up into a set of distinct services, right? And consider carefully also what the value of that might be? And I think that the reason that that’s said is because it is easier. It is going to be a lower cognitive load with everything all right there in the same codebase. You understand how all of these pieces interconnect and you can quickly develop or prototype what you are working on. Whereas if you are trying to develop these things into individual micro services first, it is harder to figure out where the line is. Like where to divide all of the business logic. I think this is also important when you are thinking about the security aspects of this right? Being able to do a thing when which you are not constrained, define all of these services and your application in the model for how they communicate without constraint is important. And once you have that when you actually understand what normal looks like from that set of applications then enforce them, right? If you are able to declare that intent you are going to say like these are the ports on the list on for these things, these are the things that they are going to access, this is the way that they are going to go about accessing them. You know if you can declare that intent then that is actually that is a reasonable body of knowledge for which the security people can come along and say, “Okay well, you have told us. You informed us. You have worked with us to tell us like what your intent is. We are going to enforce that intent and see what falls out and we can iterate there.” [0:31:01.9] CC: Yeah everything you said makes sense to me. Starting with build the monolith first. I mean when you start out why which ones will have abstract things that you don’t really – I mean you might think you know but you’re only really knowing practice what you are going to need to abstract. So, don’t abstract things too early. I am a big fan of that idea. So yeah, start with the monolith and then you figure out how to break it down based on what you need. With security I would imagine the same idea resonates with me. Don’t secure things that you don’t need you don’t know just yet that needs securing except the deal breaker things. Like there is some things we know like we don’t want production that are being accessed some types of production that are some things we know we need to secure so from the beginning. [0:31:51.9] BM: Right. But I will still iterate that it is always denied by default, just remember that. It is security is actually the opposite way. We want to make sure that we have the least amount and even if it is harder for us you always want to start with un-allowed TCP communication on port 443 or UDP as well. That is what I would allow rather than saying shut everything else off. But this, I would rather have the way that we only allow that and that also goes in with our declarative nature in cloud native things we like anyways. We just say what we want and everything else doesn’t exists. [0:32:27.6] DC: I do want to clarify though because I think what you and I, we are the representative of the dichotomy right at this moment, right? I feel like what you are saying is the constraint should be the normal, being able to drop all traffic, do not allow anything is normal and then you have to declare intent to open anything up and what I am saying is frequently developers don’t know what normal looks like yet. They need to be able to explore what normal looks like by developing these patterns and then enforce them, right, which is turning the model on its head. And this is actually I think the kernel that I am trying to get to in this conversation is that there has to be a place where you can go play and learn what normal is and then you can move into a world in which you can actually enforce what that normal looks like with reasonable constraint. But until you know what that is, until you have that opportunity to learn it, all we are doing here is restricting your ability to learn. We are adding friction to the process. [0:33:25.1] BM: Right, well I think what I am trying to say here layer on top of this is that yes, I agree but then I understand what a breach can do and what bad security can do. So I will say, “Yeah, go learn. Go play all you want but not on software that will ever make it to production. Go learn these practices but you are going to have to do it outside of” – you are going to have a sandbox and that sandbox is going to be unconnected from the world I mean from our obelisk and you are going to have to learn but you are not going to practice here. This is not where you learn how to do this. [0:33:56.8] NL: Exactly right, yeah. You don’t learn to ride a motorcycle on the street you know? You’d learn to ride a motorcycle on the dirt and then you could take those skills later you know? But yeah I think we are in agreement like production is a place where we do have to enforce all of those things and having some promotion level in which you can come from a place where you learned it to a place where you are beginning to enforce it to a place where it is enforced I think is also important. And I frequently describe this as like development, staging and production, right? Staging is where you are going to hit the edges from because this is where you’re actually defining that constraint and it has to be right before it can be promoted to production, right? And I feel like the middle ground is also important. [0:34:33.6] BM: And remember that production is any environment production can reach. Any environment that can reach production is production and that is including that we do data backup dumps and we clean them up from production and we use it as data in our staging environment. If production can directly reach staging or vice versa, it is all production. That is your attack vector. That is also what is going to get in and steal your production data. [0:34:59.1] NL: That is absolutely right. Google actually makes an interesting not of caveat to that but like side point to that where like if I understand the way that Google runs, they run everything in production, right? Like dev, staging and production are all the same environment. I am more positing this is a question because I don’t know if anybody of us have the answer but I wonder how they secure their infrastructure, their environment well enough to allow people to play to learn these things? And also, to deploy production level code all in the same area? That seems really interesting to be and then if I understood that I probably would be making a lot more money. [0:35:32.6] BM: Well it is simple really. There were huge people process at Google that access gatekeeper for a lot of these stuff. So, I have never worked in Google. I have no intrinsic knowledge of Google or have talked to anyone who has given me this insight, this is all speculation disclaimer over. But you can actually run a big cluster that if you can actually prove that you have network and memory and CPU isolation between containers, which they can in certain cases and certain things that can do this. What you can do is you can use your people process and your approvals to make sure that software gets to where it needs to be. So, you can still play on the same clusters but we have great handles on network that you can’t talk to these networks or you can’t use this much network data. We have great things on CPU that this CPU would be a PCI data. We will not allow it unless it’s tied to CPU or it is PCI. Once you have that in place, you do have a lot more flexibility. But to do that, you will have to have some pretty complex approval structures and then software to back that up. So, the burden on it is not on the normal developer and that is actually what Google has done. They have so many tools and they have so many processes where if you use this tool it actually does the process for you. You don’t have to think about it. And that is what we want our developers to be. We want them to be able to use either our networking libraries or whenever they are building their containers or their Kubernetes manifest, use our tools and we will make sure based on either inspection or just explicit settings that we will build something that is as secure as we can given the inputs. And what I am saying is hard and it is capital H hard and I am actually just pitting where we want to be and where a lot of us are not. You know most people are not there. [0:37:21.9] NL: Yeah, it would be nice if we had like we said earlier like more tooling around security and the processes and all of these things. One thing I think that people seem to balk on or at least I feel is developing it for their own use case, right? It seems like people want an overarching tool to solve all the use cases in the world. And I think with the rise of cloud native applications and things like container orchestration, I would like to see people more developing for themselves around their own processes, around Kubernetes and things like that. I want to see more perspective into how people are solving their security problems, instead of just like relying on let’s say like HashiCorp or like Aqua Sec to provide all the answers like I want to see more answers of what people are doing. [0:38:06.5] BM: Oh, it is because tools like Vault are hard to write and hard to maintain and hard to keep correct because you think about other large competitors to vault and they are out there like tools like CyberArk. I have a secret and I want to make sure only certain will keep it. That is a very difficult tool but the HashiCorp advantage here is that they have made tools to speak to people who write software or people who understand ops not just as a checkbox. It is not hard to get. If you are using vault it is not hard to get a secret out if you have the right credentials. Other tools is super hard to get the secret out if you even have the right credential because they have a weird API or they just make it very hard for you or they expect you to go click on some gooey somewhere. And that is what we need to do. We need to have better programming interfaces and better operator interfaces, which extends to better security people are basis for you to use these tools. You know I don’t know how well this works in practice. But the Jeff Bezos, how teams at AWS or Amazon or forums, you know teams communicate on API and I am not saying that you shouldn’t talk, but we should definitely make sure that our API’s between teams and team who owns security stuff and teams who are writing developer stuff that we can talk on the same level of fidelity that we can having an in person conversation, we should be able to do that through our software as well. Whether that be for asking for ports or asking for our resources or just talking about the problem that we have that is my thought-leadering answer to this. This is “Bryan wants to be a VP of something one day” and that is the answer I am giving. I’m going to be the CIO that is my CIO answer. [0:39:43.8] DC: I like it. So cool. [0:39:45.5] BM: Is there anything else on this subject that we wanted to hit? [0:39:48.5] NL: No, I think we have actually touched on pretty much everything. We got a lot out of this and I am always impressed with the direction that we go and I did not expect us to go down this route and I was very pleased with the discussion we have had so far. [0:39:59.6] DC: Me too. I think if we are going to explore anything else that we talked about like you know, get it more into that state where we are talking about like that we need more feedback loops. We need people developers to talk to security people. We need security people talk to developers. We need to have some way of actually pushing that feedback loop much like some of the other cultural changes that we have seen in our industry are trying to allow for better feedback loops and other spaces. And you’ve brought up dev spec ops which is another move to try and open up that feedback loop but the problem I think is still going to be that even if we improved that feedback loop, we are at an age where – especially if you ended up in some of the larger organizations, there are too many applications to solve this problem for and I don’t know yet how to address this problem in that context, right? If you are in a state where you are a 20-person, 30-person security team and your responsibility is to secure a platform that is running a number of Kubernetes clusters, a number of Vsphere clusters, a number of cloud provider implementations whether that would be AWS or GC, I mean that is a set of problems that is very difficult. It is like I am not sure that improving the feedback loop really solves it. I know that I helps but I definitely you know, I have empathy for those folks for sure. [0:41:13.0] CC: Security is not my forte at all because whenever I am developing, I have a narrow need. You know I have to access a cluster.I have to access a machine or I have to be able to access the database. And it is usually a no brainer but I get a lot of the issues that were brought up. But as a builder of software, I have empathy for people who use software, consume software, mine and others and how can’t they have any visibility as far as security goes? For example, in the world of cloud native let’s say you are using Kubernetes, I sort of start thinking, “Well, shouldn’t there be a scanner that just lets me declare?” I think I am starting an episode right now –should there be a scanner that lets me declare for example this node can only access this set of nodes like a graph. But you just declare and then you run it periodically and you make sure of course this goes down to part of an app can only access part of the database. It can get very granular but maybe at a very high level I mean how hard can this be? For example, this pod can only access that pods but this pod cannot access this name space and just keep checking what if the name spaces changes, the permission changes. Or for example would allow only these answers can do a backup because they are the same users who will have access to the restore so they have access to all the data, you know what I mean? Just keep checking that is in place and it only changes when you want to. [0:42:48.9] BM: So, I mean I know we are at the end of this call and I want to start a whole new conversation but this is actually is why there are applications out there like Istio and Linkerd. This is why people want service meshes because they can turn off all network access and then just use the service mesh to do the communication and then they can use, they can make sure that it is encrypted on both sides and that is a honey cave on all both sides. That is why this is operated. [0:43:15.1] CC: We’ll definitely going to have an episode or multiple on service mesh but we are on the top of the hour. Nick, do your thing. [0:43:23.8] NL: All right, well, thank you so much for joining us on another interesting discussion at The Kubelets Podcast. I am Nicholas Lane, Duffie any final thoughts? [0:43:32.9] DC: There is a whole lot to discuss, I really enjoyed our conversations today. Thank you everybody. [0:43:36.5] NL: And Bryan? [0:43:37.4] BM: Oh it was good being here. Now it is lunch time. [0:43:41.1] NL: And Carlisia. [0:43:42.9] CC: I love learning from you all, thank you. Glad to be here. [0:43:46.2] NL: Totally agree. Thank you again for joining us and we’ll see you next time. Bye. [0:43:51.0] CC: Bye. [0:43:52.1] DC: Bye. [0:43:52.6] BM: Bye. [END OF EPISODE] [0:43:54.7] ANNOUNCER: Thank you for listening to The Podlets Cloud Native Podcast. Find us on Twitter at https://twitter.com/ThePodlets and on the http://thepodlets.io/ website, where you'll find transcripts and show notes. We'll be back next week. Stay tuned by subscribing. [END]See omnystudio.com/listener for privacy information.

SHOW: 430DESCRIPTION: Aaron and Brian discuss the biggest trends of 2019, and make bold cloud computing predictions for 2020. SHOW SPONSOR LINKS:Datadog Homepage - Modern Monitoring and AnalyticsTry Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirtMongoDB Homepage - The most popular database for modern applicationsMongoDB Atlas - MongoDB-as-a-Service on AWS, Azure and GCP[DONUT RUN DONATIONS] [FREE] Try an IT Pro ChallengePODCAST BUSINESS: Why are Aaron and Brian both on the show recently?Krispy Kreme Challenge (“The Donut Run”) fundraisingAnnouncing “The Cloudcast Basics” - coming in early 2020!! CLOUD NEWS OF THE WEEK: The Cloudcast in 2019:Over 1.6M+ listens, up 40% YoYGuest Acquisitions: (total: 9) Cloudability (Apptio), Bromium (HPE), Docker (Mirantis), Shippable (JFrog), SignalFX (Splunk), Pivotal (VMware), NGINX (F5), ParkMyCloud (Turbonomics), Twistlock (Palo Alto) - also had 9 in 2018IPO: DatadogTRENDS and MAJOR STORIES from 2019:Public Cloud CAPEX comparisons (through 2018)Data of AWS trends in Revenues, Growth Rates, Operating Margins, Operating IncomeAWS continues to lead in revenues, but their revenue growth has been slowing (as a YoY and QoQ%) for the last 5-6 months. Increased competition from Azure.Azure won the US DoD JEDI contract. Google continues to be 3rd or 4th cloud, with Alibaba Cloud often ranked 3rd.IBM closed the $34B acquisition of Red HatVMware made 8 acquisitions in 2019 - Bitnami, Pivotal. AVI Networks, Carbon BlackLots of discussion about large public cloud spending by web scale companies (Salesforce, Apple, Spotify, etc.)Several of the Gig-Economy companies continued to struggle in finding a profitable business model - Uber, Lyft, WeWork, DoorDash, etc.2020 PREDICTIONSBrian:We’ll start talking about GitHub as one of the major cloud platforms, in the same way we do AWS, Azure and Google. We’re going to start seeing more and more vertical-centric AI/ML companies emerge, that curate data and provide insights-as-a-service. We’re going to start seeing companies that offer distributed versions of the large “monolithic” systems of today (Core Banking, ERP, etc.) that lets new companies and business models emerge.Aaron:The “trough of disillusionment” will hit Kubernetes, and it will be fine…Serverless will get a new name and will hit strideGitLab and HashiCorp will have breakout yearsSTARS WARS DISCUSSION:For the 1st time ever, we indulge Aaron and talk a little bit of sci-fi on the

Hoy hablamos con Beltrán Rueda, Engineering Manager de Bitnami, quien nos contará su experiencia con la venta de la empresa a VMware anunciada públicamente en mayo de este año 2019.

SDxCentral Weekly Wrap for Sept. 20, 2019 Plus, Cloudflare's stock soars on Wall Street debut, and executives tamp down 5G expectations Kubernetes is central to the VMware-IBM rivalry; Cloudflare's IPO scorched Wall Street; and 5G gets a reality check. VMware CEO: IBM Paid Too Much for Red Hat Cloudflare IPO Scorches Wall Street AT&T, Sprint, and Cisco Execs Throw Cold Water on 5G Full Weekly Wrap Transcript Today is September 20, 2019, and this is the SDxCentral Weekly Wrap where we cover the week’s top stories on next-generation IT infrastructure. VMware CEO Pat Gelsinger said rival IBM paid too much for Red Hat and its OpenShift Kubernetes platform. He then added that when it comes to Kubernetes his company has better assets. Gelsinger made those stinging comments during a recent investor conference, where he also stated that VMware was raking in nearly $2 billion from its SDN operations. The pointed jab at rival IBM highlights the increasingly competitive nature of the Kubernetes-focused ecosystem that has been central to a number of big financial deals over the past year. IBM paid a company record $34 billion to acquire Red Hat, which has made a name and business for itself in the open source software and growing Kubernetes market. However, VMware itself has also spent billions of dollars on similar properties. That includes its recent $2.8 billion purchase of sister company Pivotal, with both companies operating under the Dell EMC umbrella. VMware has also acquired Kubernetes-focused companies Heptio and Bitnami. Gelsinger noted that those combined assets better position his company in the space and that it accomplished that positioning at around one-tenth of the price of what IBM paid. Content delivery network powerhouse Cloudflare lit up Wall Street with an initial public offering that generated $525 million for the company and gave it a nearly $4 billion valuation. The firm’s IPO was initially priced at $12 per share before spiking to $15 per share just ahead of its listing. Investors quickly gobbled up the 35 million shares offered with that interest sending the stock price up an additional 20 percent shortly after its debut. Cloudflare is best known for its CDN services with its IPO paperwork citing support for more than 20 million internet properties. It also has a stake in both cloud and security and said it blocks 44 billion cyberthreats per day. In that filing it also said it competes against companies like Amazon, Cisco, and Oracle. However it also directly competes against CDN firms like Akamai, Limelight, and Fastly. Cloudflare reported $129 million in revenues for the first half of this year, which was a 48-percent increase compared to the first half of 2018. However, it continues to operate in the red with net losses of $37 million through the first ha...

SDxCentral Weekly Wrap for Sept. 20, 2019 Plus, Cloudflare's stock soars on Wall Street debut, and executives tamp down 5G expectations Kubernetes is central to the VMware-IBM rivalry; Cloudflare's IPO scorched Wall Street; and 5G gets a reality check. VMware CEO: IBM Paid Too Much for Red Hat Cloudflare IPO Scorches Wall Street AT&T, Sprint, and Cisco Execs Throw Cold Water on 5G Full Weekly Wrap Transcript Today is September 20, 2019, and this is the SDxCentral Weekly Wrap where we cover the week's top stories on next-generation IT infrastructure. VMware CEO Pat Gelsinger said rival IBM paid too much for Red Hat and its OpenShift Kubernetes platform. He then added that when it comes to Kubernetes his company has better assets. Gelsinger made those stinging comments during a recent investor conference, where he also stated that VMware was raking in nearly $2 billion from its SDN operations. The pointed jab at rival IBM highlights the increasingly competitive nature of the Kubernetes-focused ecosystem that has been central to a number of big financial deals over the past year. IBM paid a company record $34 billion to acquire Red Hat, which has made a name and business for itself in the open source software and growing Kubernetes market. However, VMware itself has also spent billions of dollars on similar properties. That includes its recent $2.8 billion purchase of sister company Pivotal, with both companies operating under the Dell EMC umbrella. VMware has also acquired Kubernetes-focused companies Heptio and Bitnami. Gelsinger noted that those combined assets better position his company in the space and that it accomplished that positioning at around one-tenth of the price of what IBM paid. Content delivery network powerhouse Cloudflare lit up Wall Street with an initial public offering that generated $525 million for the company and gave it a nearly $4 billion valuation. The firm's IPO was initially priced at $12 per share before spiking to $15 per share just ahead of its listing. Investors quickly gobbled up the 35 million shares offered with that interest sending the stock price up an additional 20 percent shortly after its debut. Cloudflare is best known for its CDN services with its IPO paperwork citing support for more than 20 million internet properties. It also has a stake in both cloud and security and said it blocks 44 billion cyberthreats per day. In that filing it also said it competes against companies like Amazon, Cisco, and Oracle. However it also directly competes against CDN firms like Akamai, Limelight, and Fastly. Cloudflare reported $129 million in revenues for the first half of this year, which was a 48-percent increase compared to the first half of 2018. However, it continues to operate in the red with net losses of $37 million through the first ha... Learn more about your ad choices. Visit megaphone.fm/adchoices

What is the difference between solid companies and those that dominate their industry with exponential growth? According to Kris Bondi, CMO of LogDNA, it's the ability to create a movement. On this episode of Marketing Trends, Kris explains why creating a movement is so powerful and how to do it. Kris also talks about her best advice for first CMOs, best practices for creating growth at startups, and much more. Links: Full Notes & Quotes: http://bit.ly/2kCB4TE Kris’s LinkedIn: http://bit.ly/2lI2l7g LogDNA: http://bit.ly/2k6RIdK 5 Key Takeaways: - “I think you need to be passionate about mentoring a team because that's the only way you're going to be successful, is by having people who want to come along on the journey with you.” - Kris Bondi  - It’s important to highlight that marketing isn’t running everything. Don’t forget to shed light on your c-suite partners and sales team, too. -  Marketers can't create messaging and think they're done. It's important to follow through and focus on generating leads, opportunities, and ultimately sales.  - “I think a company can be successful without creating a movement. I no longer think a company can be wildly successful without creating a movement or if they can, it will be for only a period of time.” - Kris Bondi  - “It's no longer us and them. It's more of we're all in this together, we're all going along on this journey and you can buy things from me along the way, but we're all going on this journey and if we end up that you are not buying from me, you still will learn things along the way. You can still get excited.” - Kris Bondi Bio: Kris Bondi is currently the CMO of LogDNA, a company that empowers organizations with a fast, scalable, secure way to centralize machine data, gain real-time insights, and pinpoint issues. She is an international marketing professional with 20+ years of experience and an expertise in product and brand positioning, GTM, and building hockey stick pipeline. She has led marketing at multiple startups and technology companies, including Neura and Bitnami. In addition, Kris is a frequent presenter and writer on new technology, business growth, and marketing strategies. --- Marketing Trends is brought to you by our friends at Salesforce Pardot, B2B marketing automation on the world’s #1 CRM. Are you ready to take your B2B marketing to new heights? With Pardot, marketers can find and nurture leads, close more deals, and maximize ROI. Learn more by heading to www.pardot.com/podcast. To learn more or subscribe to our weekly newsletter, visit MarketingTrends.com.

Erica Brescia is GitHub’s Chief Operating Officer, where she leads the business development, support, and workplace teams. Prior to joining GitHub, she was the COO and co-founder of Bitnami, where she was instrumental in leading the team's business development efforts with all of the leading cloud platform providers. Erica’s leadership in the technology space extends to serving on the board of directors of the Linux Foundation, as well as being an Investment Partner in X Factor Ventures, which empowers female-led businesses to succeed. In this episode, we learn how Erica Brescia went from balancing a Y Combinator interview while caring for her then 2-week-old baby to growing Bitnami’s team with her Co-Founder, Daniel Lopez to about 100 people with little outside capital. Erica explains why taking her current role at Github felt like “coming home,” despite not being a developer. When she’s not helping scale Github’s product roadmap and global expansion, Erica is supporting the next wave of female founders at XFactor Ventures, a seed fund that only invests in female entrepreneurs. Listen to the full episode for Erica’s book recommendations and advice for founders.

Erica Brescia is GitHub’s Chief Operating Officer, where she leads the business development, support, and workplace teams. Prior to joining GitHub, she was the COO and co-founder of Bitnami, where she was instrumental in leading the team's business development efforts with all of the leading cloud platform providers. Erica’s leadership in the technology space extends to serving on the board of directors of the Linux Foundation, as well as being an Investment Partner in X Factor Ventures, which empowers female-led businesses to succeed. In this episode, we learn how Erica Brescia went from balancing a Y Combinator interview while caring for her then 2-week-old baby to growing Bitnami’s team with her Co-Founder, Daniel Lopez to about 100 people with little outside capital. Erica explains why taking her current role at Github felt like “coming home,” despite not being a developer. When she’s not helping scale Github’s product roadmap and global expansion, Erica is supporting the next wave of female founders at XFactor Ventures, a seed fund that only invests in female entrepreneurs. Listen to the full episode for Erica’s book recommendations and advice for founders.

Microsoft, Google, y Amazon tienen su “nubes” gracias a Bitnami. En este episodio te cuento lo fácil que es crear tu WordPress en Local con Bitnami.

Microsoft, Google, y Amazon tienen su “nubes” gracias a Bitnami. En este episodio te cuento lo fácil que es crear tu WordPress en Local con Bitnami.

Highlights of the interview: * Containers pose a security and compliance risk * Most cloud-native solution providers don’t know the code running in their software * Open Source community needs to address mental illness issue * How VMware integrates open source companies like Heptio and Bitnami after the acquisition * Comments on SFC’s legal battle with VMware Support TFIR by becoming a Patron: https://www.patreon.com/TFIR Guest: Dirk Hohndel, VP and Chief Open Source Officer at VMware Location: KubeCon+CloudNativeCon, Barcelona Travel & Lodging was sponsored by CNCF

Lowering your expectations on open source is a favorite topic of ours, so we return to it. Spoiler: people gotta make money somehow. Also, we explore inebriation in Amsterdam and other locales, Mary Meeker’s slide fest, public cloud outages vs. desktop computers, and better consumer identity management. Also: Wacky tobaccy Seattle Smell Denver’s Flaming Skull Mayor Announces Plans To Decriminalize Magic Mushrooms (https://www.theonion.com/denver-s-flaming-skull-mayor-announces-plans-to-decrimi-1834648731). Miller time is any time. Here’s how you’ll be disappointed. After the gold rush The dispassionate gang of four. Lifestyle businesses like IBM. Everyone overvalues the present. Spend $50 million here to make a billion there. The Super Mainframe. Talking points: Coté fell asleep. Ate too much French butter, had salt crystals in it, tho. Using wildcard emails for logins - pinboard guy on securing Congressional campaign (https://idlewords.com/2019/05/what_i_learned_trying_to_secure_congressional_campaigns.htm). TED Talks. Father’s Day? (Yes, June 16th) What’s the position on booze now-a-days? Zoom.us works, like dropbox works. Why was that so hard? Passport photos (https://www.flickr.com/photos/cote/48054582642/in/datetaken/) and Skillcraft pens (https://amzn.to/2WCUeFJ) (a bit pricey in Europe (https://www.amazon.de/Skilcraft-US-Regierung-Retractable-7520-01-332-3967-Tintenblau/dp/B008UARY3I/ref=sr_1_fkmr0_1?keywords=7520-01-332-3967+skillcraft&qid=1560457678&s=gateway&sr=8-1-fkmr0)). Relevant to your interests Salesforce to buy Tableau Software in $15.7 billion deal (https://www.cnbc.com/2019/06/10/salesforce-to-buy-tableau-software-in-an-all-stock-deal.html). This week’s dead Google product is Google Trips, may it rest in peace (https://arstechnica.com/gadgets/2019/06/this-weeks-dead-google-product-is-google-trips-may-it-rest-in-peace/). Cryptocurrency startup hacks itself before hacker gets a chance to steal users funds (https://www.zdnet.com/article/cryptocurrency-startup-hacks-itself-before-hacker-gets-a-chance-to-steal-users-funds/). Mozilla to Launch Firefox Premium (https://www.pcmag.com/news/368879/mozilla-to-launch-firefox-premium). (https://www.pcmag.com/news/368879/mozilla-to-launch-firefox-premium) (https://www.pcmag.com/news/368879/mozilla-to-launch-firefox-premium) ceejbot/economics-of-package-management (https://github.com/ceejbot/economics-of-package-management/blob/master/essay.md). “Money let’s talk about.” What’s driving open source software in 2019 (https://www.oreilly.com/ideas/whats-driving-open-source-software-in-2019) GitHub hires former Bitnami co-founder Erica Brescia as COO (https://techcrunch.com/2019/06/11/github-hires-former-bitnami-co-founder-erica-brescia-as-coo/) “Brescia handled COO duties at Bitnami from its founding in 2011 until it was sold to VMware last month.” Google Takes Its First Steps Toward Killing the URL (https://www.wired.com/story/google-chrome-kill-url-first-steps/) - huh? (https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/)- Project Svalbard: The Future of Have (https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/). Forget power outages -- what happens when Google goes out? (https://thehustle.co/Google-Cloud-outage/) Pedant tone: compared to what? Zip drives? My own laptop that’s not backed up? A corporate email server that goes down? Not backing up my photos? Was any data lost? CrowdStrike prices IPO at $34, above range (https://www.cnbc.com/2019/06/12/cybersecurity-firm-crowdstrike-prices-ipo.html). No Easy Way Forward For Commercial Open Source Software Vendors (https://www.forbes.com/sites/udinachmany/2019/06/11/what-future-for-independent-open-source-software-vendors/). Software company MapR, once worth more than $1 billion, to lay off 122 (https://www.sfchronicle.com/business/article/Software-company-MapR-once-worth-more-than-1-13904888.php) I’ll be passing on Google’s new 2fa for logins on iPhones and iPads. Here’s why (https://arstechnica.com/information-technology/2019/06/ill-be-passing-on-googles-new-2fa-for-logins-on-iphones-and-ipads-heres-why/) Food Fight Farewell (https://twitter.com/foodfightshow/status/1138784382116929538). (https://twitter.com/foodfightshow/status/1138784382116929538) (https://twitter.com/foodfightshow/status/1138784382116929538) Mary Meeker’s most important trends on the internet (https://www.vox.com/recode/2019/6/11/18651010/mary-meeker-internet-trends-report-slides-2019) Coté: Been reading up on “disruptions” in various industries. (I want to write a very practical, “here, put these features in your software/do these projects/etc.” kind of write-up for various industries.) Most of the the innovations and responses - “digital transformation” are just getting better apps. Like, power companies that charge annually, my life insurance company with PDFs. E.g., Lemonade doing a claim for a Canadian Goose jacket for $979 in 3 seconds (https://www.lemonade.com/blog/lemonade-sets-new-world-record/), Zürich Insurance using AR with risk engineers (https://internetofbusiness.com/zurich-insurance-ai-iot-ar/)…Pivotal stories aplenty. The framing is basically (https://go.forrester.com/blogs/creating-the-cx-centric-utility/) “use these opportunities to reframe their relationship with the customer, leveraging the principles of customer experience and, in turn, will change their key processes and operations to deliver the CX-centric utility.” That is, better customer service, faster sales transactions (buying, whatever) with the customers, and easier research/comprehension (test out how long it takes you to find the details of benefits for your credit card - look up the price you pay for water - see what your total return on your retirement investing is, etc.). THIS IS ALL GREAT! BUT WHY SO HARD? (IS IT HARD?) My theory: this stuff isn’t hard, it just costs money and time. And just like developers don’t want to pay for anything, executives don’t want to pay for anything. Turns out, though, when you pay for something you get, you know, something. LegacyConf day 3 keynote: 10 Government Legacy Systems Cost Taxpayers $337 Million Every Year (https://www.nextgov.com/it-modernization/2019/06/10-government-legacy-systems-cost-taxpayers-337-million-every-year/157682/). “How to Use Your Meat Buyer’s Guide” - SCHOOL IS IN SESSION (https://www.thelivestockinstitute.org/uploads/4/9/9/2/49923305/meat-buyers-guide.pdf). Nonsense NASA is opening the International Space Station to private astronauts (https://qz.com/1638068/nasa-opens-international-space-station-to-private-astronauts/). LaCroix slammed with new lawsuit alleging execs sparred over whether to falsely claim its cans were free of toxic chemicals (https://www.businessinsider.com/lacroix-lawsuit-claims-executives-sparred-over-bpa-free-claims-2019-6?module=topTout&area=links). Fortnite maker Epic acquires social video app Houseparty (https://techcrunch.com/2019/06/12/fortnite-maker-epic-acquires-social-video-app-houseparty/). Sponsors This episode is sponsored by SolarWinds® and one of their DevOps tools, Papertrail™ To learn more or to try SolarWinds Papertrail free for 14 days, go to papertrailapp.com/sdt and make troubleshooting fun again. Conferences, et. al. ALERT! DevOpsDays Discount - DevOpsDays MSP (https://www.devopsdays.org/events/2019-minneapolis/welcome/), August 6th to 7th, $50 off with the code SDT2019 (https://www.eventbrite.com/e/devopsdays-minneapolis-2019-tickets-51444848928?discount=SDT2019). 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/). Coté will be speaking at many of these, hopefully all the ones in EMEA. They’re free and all about programming and DevOps things. Coming up in: San Francisco (June 4th & 5th), Atlanta (June 13th & 14th)…and back to a lot of US cities. ChefConf London 2019 (https://chefconflondon.eventbrite.com/) June 19-20 Monktoberfest, Oct 3rd and 4th - CFP now open (https://monktoberfest.com/). Recommended Jobs from Listeners Best IT Development Podcasts 2019 for consultants - Qemploy (https://blog.qemploy.com/best-it-podcasts-2019/) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Recommendations Coté: Magma notebooks (https://magma-shop.com/collections/all-products/stationery). Matt: Ricky Gervais Humanity (https://www.netflix.com/nl-en/title/80189653) on Netflix; GORUCK Echo (Discontinued) (https://www.goruck.com/echo/). Brandon: I am Mother (https://www.netflix.com/title/80227090) on Netflix (https://www.netflix.com/title/80227090).

Kubecon is happening in Barcelona, Spain, VMWare purchases bitnami, Apptio buys Cloudability and a ton of Kubernetes announcements out of KubeCon this week on The Cloud Pod. Sponsors: Foghorn Consulting – https://fogops.io/thecloudpod Topics: A Cosmonaut’s guide to the latest Azure Cosmos DB Announcements VMWare snaps up Bitnami to broaden its multi-cloud strategy Apptio buys Cloudability as cloud cost management market heats up Introducing Terraform Cloud Remote State Management Cloudwatch container insights for EKS and Kubernetes Preview Digital Ocean K8 service is now Generally Available Google Announces new enhancements to ease adoption of GKE In celebration of K8 5th birthday GCP is giving away a free month of learning at Coursera with the Architecting with GKE course. (valid until September 30th) Lightning Round (Jonathan 5, Justin 8, Peter 1 and Guest 3): EKS has simplifed K8 cluster authentication with new CLI Sub command for generating the authentication token for connecting You can now use custom chat bots with Amazon Chime Performance insights now supports Amazon Aurora Global Databas

Last Week in AWS - https://www.lastweekinaws.com/ Corey Quinn - https://twitter.com/QuinnyPig Rancher Rio - https://github.com/rancher/rio Helm - https://cloudblogs.microsoft.com/opensource/2019/05/21/helm-3-release/ Spotify Deleting Production K8S Cluster - https://kccnceu19.sched.com/event/MQbb/keynote-how-spotify-accidentally-deleted-all-its-kube-clusters-with-no-user-impact-david-xia-infrastructure-engineer-spotify Service Mesh Interface - https://cloudblogs.microsoft.com/opensource/2019/05/21/service-mesh-interface-smi-release/ Episode TranscriptionWelcome back to The Byte. In this episode we're going to do a KubeCon recap. KubeCon 2019. It's been a heck of a week last week. We were traveling to Austria for some customer visits, and I just completely missed out on recording some episodes. So, I'm back. And I had plenty of time to actually review all of the news coming out of KubeCon. It was an incredible amount of news. Corey Quinn, you know, from last week and AWS was actually attending KubeCon, which is great 'cause he's a really great person to listen to and understand his viewpoint on the technologies, and he really is critical on the technologies, and he several times said, "Everyone's trying to manage Kubernetes. Everyone's trying to roll their own version of it," et cetera. So he has a very interesting viewpoint on the Kubernetes world and how that's going...But the announcements out of KubeCon were... They're slowly becoming more standard releases. There are no shockers coming out anymore because the community is maturing. That's really the key message here, is the community is still growing rapidly, unbelievably, but we're starting to see, not even a plateau, but we're starting to get to a top of the curve where we're... The height cycle is not completely there yet but you can definitely see that the technology is mature enough that people are using it, and it's becoming more stable.Now some key announcements out from KubeCon... Actually, before KubeCon actually launched was BitNami, the provider of all the Docker images, and packaged software was purchased by VMware shortly before the conference. And that's pretty big news because BitNami's a nice service. I use them for several different projects, because they package together, for example, Wordpress. They document the heck out of it. They tell you all the ins and outs, where you should look, how you should operate it, how you should grow it. If you want to do high availability... And they maintain it, which is really awesome. It's a great, great product. I recommend if you ever look for an image, check out BitNami Images, 'cause they're very well documented as I said, and they're battle-tested.Another announcement out of KubeCon was Rancher launched Rio. So Rancher launched not so long ago k3s, which is the slimmed-down version of Kubernetes. Now, on top of that, they've launched Rio, which is a micro-platforms and service, based on top of k3s. So it's a micro-platform as a service, and the idea is to get closer to the edge and start bringing more services to the edge. I think it's a brilliant model, and Rancher continually surprises us on the features they keep announcing.But the real shocker here was Microsoft. Microsoft is the one that had all the announcements. First, they announced visual studio code Kubernetes 8... a new Kubernetes extension which is now all supported. It's actually a certified extension, and this is quite big. Visual studio code is now becoming the standard, and now they're really throwing their weight behind creating the toolset to actually support it.The next thing out of Microsoft camp was the virtual cubelet, Hit 1.0. That's basically a server-less Kubernetes distribution. It allows you to run Azure container instances and bringing server-less as a complete package offering within Kubernetes. I find this quite cool. I haven't played with it yet, so it's new to me as well. I'll have to dig into it a little bit more.Helm 3. Helm is obviously the de facto standard for packaging and deploying Kubernetes applications, and Microsoft announced the first alpha of Helm 3. Also a big announcement because they're throwing all their resources behind making RBAC and CRDs, they're making it part of Helm 3, which is what everyone's been asking for.Now what really shook everybody, the biggest announcement from the conference, was Service Mesh Interface, and what that is, is it's a new standard interface across all service meshes. So Istio, Envoy, it doesn't matter the service mesh, but we're going to have a standardized interface to all these. And why is that important? Because all these service meshes popped up so quickly and grew so quickly, they developed their own ecosystems, their own APIs. Now if you're a company that runs several service meshes, you also have to integrate all these different APIs. Well this new service mesh allows us to actually... The Service Mesh Interface really standardizes across all service meshes and allow us to define traffic polices, traffic telemetry, traffic management, across all these different service meshes. If you look at it, it's like standardizing the gas nozzle in cars. Every car has a gas nozzle, but if they're all different, it's a bit difficult to operate. You can obviously operate it, no problem individually, but it'd be much easier if they're all standardized. And that's what SMI is doing. It's really standardizing the Istio interface to make it easier to operate and manage.That's really the KubeCon recap. There was some great news coming out of the ecosystem. The ecosystem's continuing to grow. One of my favorites so far, what I've seen so far is my favorite talk from KubeCon is the Spotify talk, where Spotify talked about on the keynote how they accidentally deleted all its cube clusters in production. Yeah.They deleted... What'd they say, about 50 nodes or something like that? 50-node cluster, and zero user impact. They were actually trying to do a migration from one of their other cloud providers to Google Compute Engine, and it just went horribly wrong. They deleted the cluster, then it walked you through how they recovered, how long it took to recover, how a lot of scripts weren't ready and things were not in place to actually do this recovery, and how they went for it and is learning. And this just shows you the Spotify culture is all about learning and embracing failure, and I think more companies can learn from this as well. It was a brilliant talk, it's really nice to hear somebody, "Hey, we're not doing everything right. We do fail once in a while, and this is how we did it and this is what we learned."It brings us back to the Kubernetes fail stories. The same type of situation, but they're actually talking about KubeCon, and I thought that was quite nice.That's all we have for this episode of The Byte. Look forward to some more episodes coming up. I have a whole queue in my queue to get up and running, so bear with us, have a great day, and we'll see you next episode.

Bryan Liles is a Senior Staff Engineer at VMware, the program co-chair for this week’s KubeCon EU, a sought-after speaker, and a minority in an industry with few people who look like him. He shares his story with Craig and Adam, who also bring you the week’s news from KubeCon EU and beyond. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week KubeCon EU! Fox cubs! News of the week VMware acquires Bitnami and Bitnami is acquired by VMware Bitnami’s application catalog Knative 0.6 is out New API proposal GKE Sandbox: bring defense in depth to your pods Stackdriver Kubernetes Monitoring is GA Helm 3 preview Episode 11 with Vic Iglesias GKE announces Release Channels Docs Windows Server containers in Preview: Announced for Azure Kuberntes Service But not in Canada Announced for Google Kubernetes Engine But not for another week or so Bring your own subnet to AKS Lyft bug bounty program Velero 1.0 Digital Ocean Kubernetes is GA Kubernetes apps on GCP Marketplace Terraform Cloud Remote State Management CNCF adds 42 new members Cloud Native Logging with Fluentd OpenTracing + OpenCensus = OpenTelemetry OpenEBS joins the CNCF Lightning round: Harbor 1.8 Supergiant Kubernetes Toolkit 2.1.0 Ambassador 0.7 Mirantis BYOD MiniKF from Arrikto Gravity 6.0 Cloud 66 Maestro k8up from VSHN Links from the interview Early tech: Tandy CoCo 3 Tandy 1000 TL The Sound Blaster CIDR: how big is a /12? The Darker Side of Tech Giving away oscilloscopes Capital One vikings Kubernetes contributions in the last quarter Ksonnet Now archived Joe Beda in Episode 12 Kustomize, with a K Brian Grant on declarative application management Janet Kuo in Episode 29 George Hotz Bryan Liles on Twitter Bryan’s blog

This week’s startup scene was definitely in its top shape. We are talking about a total of 397 funding rounds that’s hundred more than last week, $31.2 billion total funding which is almost 5 times last week, 153 acquisitions recorded, and a transaction of a total acquisition amount of $9.3 billion. That being said, let’s dive right into the highlights. Feather, a New York-based company that offers contemporary, higher-end furniture on a subscription basis raised $12.5 million in a Series A round led by Spark Capital. Prior seed investors Fuel Capital, Bain Capital Ventures, PJC, Kleiner Perkins, and Y Combinator followed on in the round, according to Crunchbase. Algorithmia raised $25 million in Series B funding led by Norwest Venture Partners. Algorithmia, based in Seattle, is building infrastructure for the final step of the machine learning workflow: integrating a predictive model into a production code environment. Basically, what the company calls its “AI Layer” is a software environment that automatically produces a model-specific API the data scientist can call. DNA Script has raised $38.5 million in new financing to commercialize a process that it claims is the first big leap forward in manufacturing genetic material. DNA Script is focused on the manufacturing of synthetic DNA using a proprietary template-free enzymatic technology. The company aims at accelerating innovation in life science and technology through rapid, affordable and high quality DNA synthesis. The company said the money would be used to accelerate the development of its first products and establish a presence in the United States. Trendy luggage brand - Away, packs on $100 million funding and rolls past a valuation of $1.4 billion. The capital will be used to build additional brick-and-mortar stores, as well as add to Away’s portfolio of merchandise with an eye toward expanding into generic travel gear. To date, Away has sold more than 1 million suitcases. Moving on to acquisitions, HP enterprise announced it was buying Cray (a global supercomputer leader) for $1.3 billion, giving it access to the company’s high-performance computing portfolio, and perhaps a foothold into quantum computing in the future. VMware announced today that it’s acquiring Bitnami, the package application company that was a member of the Y Combinator Winter 2013 class. The companies didn’t share the purchase price. The company can now deliver more than 130 popular software packages in a variety of formats, such as Docker containers or virtual machine, an approach that should be attractive for VMware as it makes its transformation to be more of a cloud services company. Sisense announced today that it has acquired Periscope Data to create what it is calling a complete data science and analytics platform for customers. The companies did not disclose the purchase price. Sisense, which has raised $174 million, tends to serve business intelligence requirements either for internal use or externally with customers. Periscope, which has raised more than $34 million, looks at the data science end of the business. What else caught our eye last week? Fiverr files to go public, reports revenue of $75.5M and a net loss of $36.1M for 2018 Freelance marketplace Fiverr has filed to go public on the New York Stock Exchange. Their mission is to change how the world works together. They started with the simple idea that people should be able to buy and sell digital services in the same fashion as physical goods on an e-commerce platform. On that basis, they set out to design a digital marketplace that is built with a comprehensive services catalog and an efficient search, find and order process that mirrors a typical e-commerce transaction. Next, let’s take a peek at the Revenue based finance (RBF) model that’s on the rise. What exactly is RBF you ask? It’s a relatively new form of funding for tech companies that are posting monthly recurring revenue. Here’s how Lighter Capital, which completed 500 RBF deals in 2018, explains it: “It’s an alternative funding model that mixes some aspects of debt and equity. Most RBF is technically structured as a loan. However, RBF investors’ returns are tied directly to the startup’s performance, which is more like equity.”

On this week's episode of The New Stack Context podcast, we speak with Mark Brewer, CEO of Lightbend, as well as with Lawrence Hecht, research director and columnist at The New Stack, about the current state and future of data streaming technology. The New Stack recently partnered with our sponsor Lightbend to produce a survey on data streaming. Lightbend released the results of that survey last week and the report is titled “Streaming Data And The Future Tech Stack,” and it is all about how developers and software architects are using data streaming in their applications today. For the podcast, Brewer shares his top takeaways from the survey, and Hecht discusses how he analyzed the numbers and what his conclusions were. We also talked a bit about Lightbend's Akka message-driven runtime. We also discussed the top news of the week, including VMware's purchase of Bitnami, Intel's new special-purpose Linux hypervisor for cloud native workloads, and New Relic's platform for the future, New Relic One. Libby Clark, editorial and marketing director at The New Stack, hosted this episode, with the usual support from Alex Williams, founder and publisher of The New Stack, and Joab Jackson, TNS managing editor.

I don’t know if it has a pickle plugin Salesforce synergizing at IBM and Red Hat, VMware buys Bitnami, and Linux Desktop market share analysis. Plus, pickles. Opening comments: The intersection between business books and dog vomit. Democracy sausage. Coté can’t get extra pickles (https://www.instagram.com/p/Bxh5ikuiFuK/). Let me close out this topic of pickles. It’s not Burger King. Enterprise Salespeople don’t get tattoos T-shirt currency arbitrage. Literally misspelled responsibility Tacos and IT transformation 7 layer burrito of IT transformation. BSD and Linux are the same, right? (Don’t email me.) Don’t watch Coté’s old videos (https://www.youtube.com/user/redmonkmedia/videos). Did the cat walk on your keyboard? Relevant to your interests VMware to acquire Bitnami (https://blog.bitnami.com/2019/05/vmware-to-acquire-bitnami.html): VMware’s desires (https://cloud.vmware.com/community/2019/05/15/vmware-to-acquire-bitnami/): “Upon close, Bitnami will enable our customers to easily deploy application packages on any cloud— public or hybrid—and in the most optimal format—virtual machine (VM), containers and Kubernetes helm charts. Further, Bitnami will be able to augment our existing efforts to deliver a curated marketplace to VMware customers that offers a rich set of applications and development environments in addition to infrastructure software.” Coté: so Bitnami is a thing that packages up software (https://en.wikipedia.org/wiki/Bitnami) for you in (VMs?) containers and stuff, maybe with some Helm chart stuff for deploying to kubernetes? And a service that manages them in EC2? Jay@451 (https://clients.451research.com/reportaction/97114/Toc): “The acquisition will also help VMware support applications in various forms – including VMs, containers and Kubernetes Helm charts – across the different infrastructures. With Bitnami, VMware is also positioned to support ISVs and open source software components with Bitnami's catalog of curated, secured, certified components.” “VMware says it has acquired Bitnami for its multi-cloud competency and its Kubernetes expertise. VMware's acquisitions of CloudVelox, Heptio and CloudHealth have signaled its appetite for multi-cloud and Kubernetes.” The New Stack coverage: “Monocular, a service described by Bitnami as an open source search and discovery frontend for Helm Chart repositories.” https://thenewstack.io/vmware-to-acquire-bitnami-the-app-marketplace-platform-and-container-packager/ (https://thenewstack.io/vmware-to-acquire-bitnami-the-app-marketplace-platform-and-container-packager/) Holy high street, Sainsbury's! Have you forgotten Bezos' bunch are the competition? (https://www.theregister.co.uk/2019/05/10/aws_summit_london/) Coté’s collection of interesting bits (https://cote.io/2019/05/10/how-sainsbury-uses-aws/), including: “This was effectively taking a WebSphere e-commerce monolith with an Oracle RAC database, and moving it, and modularising it, and putting it into AWS.” “’Today, we run about 80 per cent of our groceries online with EC2, and 20 per cent is serverless.’ In total, the company migrated more than 7TB of data into the cloud. As a result, or so Jordan claimed, the mart spends 30 per cent less on infrastructure, and regularly sees a 70-80 per cent improvement in performance of interactions on the website and batch processing.” Australian $50 bills (https://www.theguardian.com/australia-news/2019/may/09/australian-50-note-typo-spelling-mistake-printed-46-million-times) Symantec CEO Greg Clark steps down, stock drops (https://www.cnbc.com/2019/05/09/symantec-ceo-greg-clark-steps-down-stock-drops-.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) GitHub Package Registry: Your packages, at home with their code (https://github.co/2DZiJGY) JFrog and Sonatype watch out How Windows and Chrome quietly made 2019 the year of Linux on the desktop (https://t.co/FvmA86HFdU?ssr=true) It’s time for another installment of Coté’s Pedantry on Market Share Analysis (tm). Windows ships a Linux in a nifty VM. Chromebook market share was ~13% in Gartner’s 2016Q4 estimates (based on 9.4m Chromebooks (https://www.pcworld.com/article/3194946/chromebook-shipments-surge-by-38-percent-cutting-into-windows-10-pcs.html) shipped out of 72.6m laptops total (https://www.gartner.com/en/newsroom/press-releases/2017-01-11-gartner-says-2016-marked-fifth-consecutive-year-of-worldwide-pc-shipment-decline)). Meanwhile, Gartner estimates that something like 2bn mobile devices (phones and tablets) were shipped in 2016. Gartner said shipments for “PCs, tablets and mobile phones” was 2.33bn in 2016 (if I read the press release right (https://www.gartner.com/en/newsroom/press-releases/2018-01-29-gartner-says-worldwide-device-shipments-will-increase-2-point-1-percent-in-2018) - something around those numbers). …if you run-rate the Chromebook Q4 (which is very kind since Christmas and corporate end-of-year spending is in Q4), you get 2016 shipments of 37.6m Chromebooks. So, out of all types of computing devices, Chromebooks are, like 37.6m out of 2.3bn, or ~2%, right? Clearly: LINUX DESKTOP VICTORY! (I guess you could throw MacOS in there, but those who’d care say that was BSD or something, right? Even if you do throw them in and do *nix market share, what’s it like? Gartner says 2018Q4 (https://www.gartner.com/en/newsroom/press-releases/2019-01-10-gartner-says-worldwide-pc-shipments-declined-4-3-perc) Apple share was 7.2%, so add in Chromebooks and we’re at 9.2% - round it up for shits and giggles, and we’re at 10%. That anything?) iOS - FreeBSD (https://en.wikipedia.org/wiki/IOS_version_history)? Google now lists playable podcasts in search results (https://www.theverge.com/2019/5/10/18564035/google-search-podcasts-ios-desktop-web-playerPodcast) ParkMyCloud is Now Part of Turbonomic - ParkMyCloud (https://www.parkmycloud.com/blog/parkmycloud-turbonomic/) Amazon’s Away Teams laid bare: How AWS's hivemind of engineers develop and maintain their internal tech (http://go.theregister.com/feed/www.theregister.co.uk/2019/05/14/amazons_away_teams/) It’s the new Spotify Culture! Oppressive countries used a newly-discovered WhatsApp flaw to spy on activists (https://www.axios.com/whatsapp-uncovers-security-flaw-exposing-spyware-vulnerability-e7709499-b87b-42df-bff3-5d2a437f2114.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) The red hot 'FAANG' trade is officially over, now bet on your fellow 'MAAN' (https://www.cnbc.com/2018/10/25/faang-leadership-is-over-its-time-to-bet-on-your-fellow-maan.html) FOSDEM 2019 - The clusterfuck hidden in the Kubernetes code base (https://fosdem.org/2019/schedule/event/kubernetesclusterfuck/) Microsoft warns wormable Windows bug could lead to another WannaCry (https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/) Suggested headline: “Wutzit! Washington Windows Wunderkin Wonder Why Worms WannaCry” Google replaces its Bluetooth security keys because they can be accessed by nearby attackers (https://www.cnbc.com/2019/05/15/google-finds-security-issue-with-its-bluetooth-titan-security-keys.html) New secret-spilling flaw affects almost every Intel chip since 2011 (https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/) Google is about to have a lot more ads on phones (https://www.theverge.com/2019/5/14/18623541/google-gallery-discovery-mobile-ads-announced) Donald Trump is short-circuiting the electronics industr (https://www.theverge.com/2019/5/15/18624690/trump-import-tax-tariff-laptop-smartphone-manufacturers)y IBM reps can sell IBM and Red Hat (https://www.zdnet.com/article/where-ibm-and-red-hat-go-from-here/#ftag=RSSbaffb68): ‘in the field, "IBM sales guys will get comped on Red Hat products, but our sales guys will only get comped on Red Hat products."’ Nonsense World’s Most Expensive Coffee Costs $75 A Cup; Now Being Sold In Southern California (https://losangeles.cbslocal.com/2019/05/13/worlds-most-expensive-coffee-elida-natural-geisha-klatch-coffee/) Sponsors To learn more or to try SolarWinds Papertrail free for 14 days, go to papertrailapp.com/sdt and make troubleshooting fun again. Conferences, et. al. ALERT! DevOpsDays Discount - DevOpsDays MSP (https://www.devopsdays.org/events/2019-minneapolis/welcome/), August 6th to 7th, $50 off with the code SDT2019 (https://www.eventbrite.com/e/devopsdays-minneapolis-2019-tickets-51444848928?discount=SDT2019). 2019, a city near you: The 2019 SpringOne Tours are posted (http://springonetour.io/). Coté will be speaking at many of these, hopefully all the ones in EMEA. They’re free and all about programming and DevOps things. Coming up in: Paris (May 23rd & 24th), San Francisco (June 4th & 5th), Atlanta (June 13th & 14th)…and back to a lot of US cities. ChefConf 2019 (http://chefconf.chef.io/) May 20-23. Matt’s speaking! (https://chefconf.chef.io/sessions/banking-automation-modernizing-chef-across-enterprise/) ChefConf London 2019 (https://chefconflondon.eventbrite.com/) June 19-20 Monktoberfest, Oct 3rd and 4th - CFP now open (https://monktoberfest.com/). Listener Feedback Tom from Schiermonnikooglaan in The Netherlands tell us “Thanks for the awesome podcasts” and we sent him laptop stickers. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Coté: my most recent stump-speech recording (https://www.brighttalk.com/webcast/14883/355253); UK GDS book, Digital Transformation at Scale (https://www.goodreads.com/book/show/40602234-digital-transformation-at-scale). If you like #exegesis stuff, check out this interview Coté did with Derrick Harris (https://twitter.com/cote/status/1126509481490169856). Also, buy my book, fools (https://leanpub.com/digitalwtf/)! Get that other one for free (https://pivotal.io/monolithictransformation). Use the code sdt for the next week to get it for $5 (https://leanpub.com/digitalwtf/c/sdt). Matt: Sending money internationally? Get yourself some TransferWise (https://transferwise.com/u/matthewr9). Planet Money podcast: How Uncle Jamie Broke Jeopardy (https://www.npr.org/2019/05/10/722198188/episode-912-how-uncle-jamie-broke-jeopardy) Semi-anti-recommendation: The Wandering Earth (https://www.imdb.com/title/tt7605074/) Brandon: Jonathan (https://www.netflix.com/title/81034599) on Netflix. DameWare SSH Movie Trailer (https://www.youtube.com/watch?v=kS5QM7ICdXU&hd=1) vs. MSFT Terminal Video (https://youtu.be/8gw0rXPMMPE). https://paper-attachments.dropbox.com/s_51870C828F2A7F66DBDF39F8A7E608A44CC306D9F1666C6E3AE7FE69FA4CAB9E_1558039286581_Screen+Shot+2019-05-17+at+6.14.52+am.png Outro: Burger King commercial, 1974 (https://www.youtube.com/watch?v=6XoTjchhyVQ).

In episode 25 of The Secure Developer, Guy meets with Simon Bennett, VP Product at Bitnami, to discuss golden images, image layering, and how Bitnami helps accelerate application delivery across multiple clouds. The post Ep. #25, Golden Images with Simon Bennett of Bitnami appeared first on Heavybit.

Functions as a Service (FaaS), and especially, serverless are major buzzwords today, but beneath the hype, they offer tremendous resource-savings and scaling opportunities. But as organizations make the shift from monolithic-centric platforms as they rely on FaaS to, for example, scale to cloud native environments,  the concepts and promise of what are on offer can also make it easy to forget what is involved to make the jump on a hands-on and practical level. In other words, great things await your organization as it makes the transition, but getting there will require a lot of work — for what usually is a huge payoff as FaaS and cloud providers assume much of the heavy lifting for server management and other infrastructure-related tasks. During a panel discussion hosted by Alex Williams, founder and editor-in-chief, and Joab Jackson, managing editor, of The New Stack;  at KubeCon + CloudNativeCon North America 2018, a panel of FaaS and serverless experts were on hand to discuss their down-in-the-trenches experiences and ideas about what implementing FaaS and relying on cloud providers is really like. The panel members included: - Ara (Araceli) Pulido, Kubernetes engineering manager, Bitnami; - Chad Arimura, vice president, serverless advocacy, Oracle and former CEO and cofounder of Iron.io; - Christopher Woods, research software engineer, University of Bristol; - Tom Petrocelli, analyst, Amalgam Insights Watch on YouTube: https://youtu.be/UPf8sCKNb4E

Show: 375 Description: Brian talks with Mark Hinkle (@mrhinkle) and Sebastien Goasguen (@sebgoa), Co-Founders of @TriggerMesh, about the evolution of serverless and functions-as-a-service in the Kubernetes ecosystem, the new Knative framework, and how companies are considering the use of functions for new applications. Show Sponsor Links:Datadog Homepage - Modern Monitoring and AnalyticsTry Datadog yourself by starting a free, 14-day trial today. Listeners of this podcast will also receive a free Datadog T-shirtShow Interview Links:TriggerMesh Homepage - https://triggermesh.com/The ServerlessCast #2 - Kubeless (Sebastien Goasguen) http://www.thecloudcast.net/2017/02/the-serverlesscast-2-kubeless.htmlThe Cloudcast #102 - Open Source 101 (Mark Hinkle) http://www.thecloudcast.net/2013/03/the-cloudcast-eps78-open-source.htmlTopic 1 - Welcome to the show. Both of you are Cloudcast alumni. Tell us about this new company that you’ve started.Topic 2 - Sebastian, the last time we spoke with you, you had created the Kubeless project (at Skipboxx), just before selling it to Bitnami. That was when “Serverless on Kubernetes” was beginning to get very fragmented. Since then, Knative has come along to try and bring some unity around Serverless on Kubernetes. Give our listeners some basic understanding of how Knative works.Topic 3 - Let’s talk about TriggerMesh. Introduce us to the technology, and the role it plays in a Serverless or Knative or FaaS management environment?Topic 4 - Where do you expect to see the most innovation around Knative - Serving, Builds or Events? What are some of the areas where TriggerMesh is focused?Topic 5 - What are some of the serverless use-cases that you’re hearing about from early customers?Topic 6 - What are some of the things that customers are beginning to ask for that have surprised you?Feedback?Email: show at thecloudcast dot netTwitter: @thecloudcastnet and @ServerlessCast

Episodio número 41 del podcast sobre Aprende a Programar. Hoy tenemos una entrevista con Iñaki Izaola, Director de Operaciones de la empresa Bitnami, una empresa de empaquetamiento de aplicaciones. La entrada 41. Perfiles técnicos más demandados por Bitnami aparece primero en Emilio Pérez.

Rick Spencer joins Donovan to chat about deploying Bitnami Node.js High Availability with Azure Cosmos DB, a free listing in Azure Marketplace that uses ARM to automatically spin up a three-node Node.js cluster behind a load balancer with a shared file system and Azure Cosmos DB integration. See how you can quickly get a sample MEAN app from GitHub to a highly available production environment in the Azure cloud, with very little configuration or sysadmin knowledge required.For more information, see:Bitnami Node.js For Microsoft Azure Multi-Tier Solutions (docs)Bitnami Node.js High-Availability Cluster (Azure Marketplace)Bitnami sample MEAN application (GitHub)Create a Free Account (Azure)Follow @donovanbrown Follow @AzureFriday Follow @rickspencer_3

Rick Spencer joins Donovan to chat about deploying Bitnami Node.js High Availability with Azure Cosmos DB, a free listing in Azure Marketplace that uses ARM to automatically spin up a three-node Node.js cluster behind a load balancer with a shared file system and Azure Cosmos DB integration. See how you can quickly get a sample MEAN app from GitHub to a highly available production environment in the Azure cloud, with very little configuration or sysadmin knowledge required.For more information, see:Bitnami Node.js For Microsoft Azure Multi-Tier Solutions (docs)Bitnami Node.js High-Availability Cluster (Azure Marketplace)Bitnami sample MEAN application (GitHub)Create a Free Account (Azure)Follow @donovanbrown Follow @AzureFriday Follow @rickspencer_3

Erica Brescia is the Co-founder and COO of Bitnami. With over 1M deployments per month, the company provides the largest source of application and development environments to the world’s largest cloud service providers. In 2016, Erica was the recipient of the Top Women in Cloud award. Erica sits on the board of directors at The Linux Foundation and was an investment partner at XFactor Ventures, which empowers female-led businesses to succeed.

On today's episode of The New Stack Analysts, TNS Founder Alex Williams, TNS Correspondent TC Curie, and  Janakiram MSV, Principal Analyst at Janakiram & Associates were joined by Heptio Co-Founder and CTO and Kubernetes co-founder Joe Beda, alongside Sebastien Goasguen, Kubernetes Tech Lead at Bitnami. The discussion this week centered around the many abstractions available to developers working with Kubernetes, and how these impact developer teams both large and small. “What I'm seeing is there is this full effort to bring in another abstraction layer on top of Kubernetes to encourage users, beginners, and even large enterprise IT teams to target Kubernetes without understanding the nuts and bolts of Kubernetes certificates," said MSV.

As applications continue to move to the cloud, it is important to have systems that are easy to use and accessible to more people. This is what Bitnami is doing. Bitnami simplifies the process by managing a catalog of ready-to-run server applications, among other things. Ara Pulido, Engineering Manager at Bitnami, explains what ready-to-run applications in the server are and what it takes to design a product that's easy to use when working on the cloud. We also talked about Kubernetes, and how Bitnami simplifies deployments to clusters with KubeApps, their latest open source project.

In the second instalment of our podcasts on Values and how they affect workplace culture, Alex Williams and TC Currie from The New Stack are joined by Sam Ramji, VP Product Management at Google, Daniel Lopez Ridruejo, CEO Bitnami; Chris Brandon, CEO, StorageOS and Dave McCrory, VP of Software Engineering at GE Digital. Their companies range in size from seventeen employees to many thousands, but the need for consistent values across the company, no matter its size, is universal. “What we've found at The New Stack,” said Williams, “is it all comes down to trust, respect, and integrity.” Google's mission, said Ramji, “is to organize the world's information and make it universally accessible and universally useful.” This core value is overlaid at the engineering level with the focus of “How are we doing this at the next order of magnitude?” As a company, they are working on how to provide engineers with a level of empathy for individual engineers. Listen to part one of our miniseries on Values at: https://soundcloud.com/thenewstackanalysts/154-how-do-values-affect-software-companies

Ready for more myth busting around startup funding? Let’s get to it then! Last week I shared a number of reasons you should share care fundraising whether you’re a founder or startup employee. Here they are again, and in the Build episode we talked about why it’s a bad idea to reach out to investors when you have an idea. This week we’re going to continue our theme and focus on what compels us to think we need to raise capital like competition heating up, the belief that the business will stop growing, or that the idea we’re pursuing isn’t really BIG enough. We’ll also be diving into the mechanics of investment talking about the nuances of an angel versus a venture capitalist, and why it’s important to look for investors that have knowledge of your marketing or industry. Erica Brescia is back to help us out with this episode. Erica the COO and co-founder of Bitnami. Erica has also recently joined XFactor Ventures as an investment partner. XFactor is an early-stage investment firm that's looking to fund female founders as well as mix-gendered teams. Erica is a founder and investor, and having sat on both sides of the table, she knows how to dispel fact from fiction! As you listen to today’s episode you’ll learn: Why Erica and her partners at XFactor are putting their money where their mouth is and starting a fund to invest in female founders and mix-gendered teams What the XFactor investment partners and other angels look for versus venture capitalists, and how much they are willing to invest Why competitors will come and go, and you cannot let their actions intimidate you or direct your business goals Why only you as a founder, can decide when is the right time to raise for your business In the next two episodes we’ll explore handling all the rejections you receive from investors, how to motivate yourself to keep going, and what it’s going to take to get that first check! --  Build is produced as a partnership between Femgineer and Pivotal Tracker. San Francisco video production by StartMotionMEDIA.   ## Startup Funding: When It Does And Doesn’t Make Sense To Fundraise For Your Startup Transcript   Poornima Vijayashanker:         Last time, we talked about how as a first-time founder, you don't necessarily need to immediately rush out and get investment to get your tech product off the ground. We discovered some alternate ways of funding your product development and company growth. If you missed that episode, I've included it in the link below this video.   In today's episode, we're going to dive in a little bit deeper, and talk about when it makes sense to go out for that angel investment, and then how do you transition from getting capital from angels to eventually getting it from venture capitalists, and what you need to do in the interim to make sure you're growing your company. So stick around.   Welcome to *Build*, brought to you by Pivotal Tracker. I'm your host, Poornima Vijayashanker. In each episode, I invite innovators, and together we debunk a number of myths and misconceptions related to building products, companies, and your career in tech.   What Compels Startup Founders To Fundraise   One myth a lot of founders fall prey to is the need to constantly fundraise. They're worried that if they don't, their competition is going to swoop right in and outpace them. Or their business is just going to stop growing, and even worse than that, people might not think that they are actually onto a big idea.   To debunk these myths and more, I've invited Erica Brescia, who is the COO and co-founder of Bitnami. Erica has also recently joined XFactor as an investment partner. For those of you who aren't familiar, XFactor is an early-stage investment firm that's looking to invest in female founders and mixed-gender teams. Thanks again for joining us.   Erica Brescia:      Thanks for having me!   Poornima Vijayashanker:         Yeah! I know we talked a little bit in the last segment, but let's just quickly do a refresher, tell us a little bit about your background and what you do at Bitnami.   Erica Brescia:      Sure. Bitnami automates the packaging and maintenance process for server software for containerized, cloud, and behind-the-firewall deployments. We're most known right now for the Bitnami Application Catalog, which contains over 150 different pieces of server software, ranging from business schools, like content management systems, more project management systems, to development tools like GitLab and Jenkins for building out your development processes and pipeline, to stacks of things for building applications, like Node, or Rails, or Django. We work with all of the major cloud providers, and have over a million deployments a month of the apps we package across all the platforms that we support.   Poornima Vijayashanker:         Awesome. In addition to Bitnami, you recently joined XFactor as an investment partner.   Erica Brescia:      I did, yes.   The Difference Between Angel Investors And Venture Capitalists   Poornima Vijayashanker:         Yeah! We talked a little bit about that last time, and I want to pick up the conversation from our last time and dive a little bit more into not only what does XFactor do, but this whole position between angels and venture capitalists. How do you guys think of XFactor? Are you considering yourselves as angels or VCs? Would it help to start with defining angels and VCs?   Erica Brescia:      Sure. I mean, I tend to think of angels as primarily investing their own capital, and VCs are investing other people's capital. We all actually have our own funds in the fund as well, so we're LPs in addition to being the investment partners.   Poornima Vijayashanker:         What does that mean?   Erica Brescia:      That means that we're the people who put money into the fund, as the limited partners, who just put money in the fund, and then they step away, and they entrust, basically, the team of investment partners to invest that capital in companies that will produce ventures that yield returns.   Poornima Vijayashanker:         Where is that money coming from? Is that your own hard-earned money, or is that from somewhere else?   Erica Brescia:      In the case of the LPs for the XFactor fund, it's from a range of different people. Some of them have just been very successful in business. Some may be managing endowments or trusts, or other investment vehicles, and they invest both in the stock market and in VC and angel funds as part of their diversification strategy.   Poornima Vijayashanker:         Got it. I think some of you have also contributed personal funds, right?   Erica Brescia:      Yes. We have put our own funds into the plan as well.   Poornima Vijayashanker:         That's important to note. Yeah.   Erica Brescia:      You've got to put your money where your mouth is, right?   Poornima Vijayashanker:         Great! No, I certainly appreciate you guys doing that.   Erica Brescia:      Plus, honestly, I think we're going to make money off of it! So why would you not do that?   Poornima Vijayashanker:         Exactly!   Erica Brescia:      That is the whole point.   Poornima Vijayashanker:         Yeah. You guys are operating a little bit like angels, but a little bit like VCs as well, but let's dive into more of a traditional VC model. What does that look like?   What Seed Stage Investors Are Really Looking For And The Size Of Check They Write   Erica Brescia:      Sure. The distinction there is interesting, because I would say there's seed-stage financing, which a lot of people think of as coming from angels a lot, but VC funds do as well. Those are typically much smaller rounds and much earlier stage. The company probably has something built, probably has some users, probably can show some traction, but they're usually not raising huge amounts of money, at least not by Silicon Valley standards, which are different than the rest of the world.   Poornima Vijayashanker:         Yeah. Let's get some ranges. Because I know some seeds can get crazy.   Erica Brescia:      Huge. Yes.   Poornima Vijayashanker:         So let's do a more middle-of-the-road seed. What would that look like?   Erica Brescia:      These days, I would say they're usually between $500K and $2 million. I know that's a wide range, sometimes it's smaller, sometimes it's bigger, but the fundraisings that we're participating in are usually somewhere around there. We have had some companies raise significantly more than that, and we've almost gone in more at like a Series A stage. But typically you're raising $1 million or $2million to get your idea off the ground and show a little bit more traction, before you go and raise at a Series A. Those used to be maybe $2 or $3 million. Now, most of the time, you're looking at maybe $6, $7, even $10 or $15 million as a Series A, which we certainly see in the cloud and container space in particular, which is where I'm focused with Bitnami.   Poornima Vijayashanker:         OK. That makes sense. Now, I'm not going to dive into microfunds and syndicates, and all that stuff. We're going to do that in a later episode. But let's go back to you, and let's talk a little bit about how you initially funded Bitnami.   How To Initially Fund Your Startup When You Cannot Attract Investment   Erica Brescia:      Customers.   Poornima Vijayashanker:        Customers!   Erica Brescia:     We sold stuff. Yeah.   Poornima Vijayashanker:         Yeah. When was this, by the way?   Erica Brescia:      We started with a company called BitRock over 10 years ago, and BitRock built some really interesting technology around application packaging and deployment, which has become the foundation of Bitnami. We're very unique, I would say, for a Silicon Valley company. We developed a package software product. We sold it to customers, and we generated money that way.                     Then we started providing a subscription service to a lot of software companies that needed us to build, we called them "stacks" of software, so their products could be installed and distributed very easily, and we worked with a lot of the biggest names in open source, in those days. So we had that money coming in—   Poornima Vijayashanker:         If you don't mind sharing, how big were some of those contracts?   Erica Brescia:      They were in the tens of thousands of dollars a year. So reasonably sized, but we now, in retrospect, we charged far too little. But that's one of the lessons that you learn as a founder, you're always underpricing yourself in the early days.   So we did that, and built up the company that way. Then we decided to evolve into Bitnami. We went through Y Combinator in 2013—   Poornima Vijayashanker:         So before you did that, you actually had revenue coming in?   Erica Brescia:      Yes.   Poornima Vijayashanker:         Give us a range of how big you were at that size?   Erica Brescia:      We had 12 people, and seven figures in revenue, when we—   Poornima Vijayashanker:         Oh! That's fabulous!   Erica Brescia:      —went through Y Combinator.   Poornima Vijayashanker:         Yeah. OK. So why even bother going to—   Erica Brescia:      That's a great question! It was a subject of much debate, but again, interesting story, I suppose. My co-founder's wife had gone through Y Combinator with her own company, and had a great experience with it. And we knew that we wanted to send the company on a different trajectory—   Poornima Vijayashanker:         Which was?   Erica Brescia:      Growth.   Poornima Vijayashanker:         OK. OK!   Erica Brescia:      We wanted to build a huge business, and the model that we'd had previously was really what we talked in the last episode about, more of a lifestyle business. Right? We built a solid business, but that's not what we were there to do. We wanted to build a huge and very meaningful company. And we felt like Y Combinator was the right way to do that.                  It gave us a lot of focus, and helped us make some interesting and difficult decisions. It also helped us a lot with hiring in the early days, and bringing more folks to the team. We've been on a pretty healthy  trajectory since then. Over 75 people. I don't give out revenue numbers, but we're profitable and growing, and doing well.                     All of that money, except for a million dollars, which we still have sitting in the bank, has come in through customers. And that million dollars we raised after going through Y Combinator. We brought in some angel investors whom we really liked, for different reasons. Some of them have a lot of experience in building companies, specifically in our space, and we felt like they could help us a lot with that.                     A couple of them are VCs who invested personally in us, because we didn't want to raise a VC fund, and a few were overseas venture investors, but they make seed stage investments. One from Japan, and one from China. And that was purely because we plan on going into those markets, and we thought it would make sense to have some people over there with a vested interest in our success.                     Y Combinator served as a good catalyst to bring that round together-   Poornima Vijayashanker:         How big was that round?   Erica Brescia:      It was just a million dollars?   Poornima Vijayashanker:         Oh! OK. But you were already in the seven-figure revenue at that point, when you raised that million.   Erica Brescia:      Exactly.   Poornima Vijayashanker:         OK.   Erica Brescia:      And that money is still sitting in the bank, and we've added a healthy amount to it, and—   Poornima Vijayashanker:         That was what year?   Erica Brescia:      2013.   Poornima Vijayashanker:         Oh! It's been a while. It's been four years.   Erica Brescia:      Yep.   Poornima Vijayashanker:         Now, interestingly enough, you have that million, you're raising revenue, and you had grown without a lot of outside capital. I mean, you were already growing, so in that span of time, weren't you afraid that some competitor was just going to swoop right in and go out and raise $10 million or $100 million dollars, and put you out of business?   Don’t Let Competitors Intimidate You Into Fundraising For Your Startup   Erica Brescia:      What's actually funny about that question is we had a bunch of competitors do that, and they all went out of business..   Poornima Vijayashanker:         Oh, OK! Yeah!   Erica Brescia:      OK! Some spectacularly so. One raised $40 million, had huge names. One of the people on their board tried to come and intimidate me, and say I could never compete with—it was actually a woman running that company, too. But I won't name her, because that's not good for anyone.                     Yeah. We had a lot of companies come and raise money, but the model wasn't there yet. And that's why we didn't raise, either, right? There's a time, and we talked about this in the last episode. It's my belief that in most cases, you're better off raising when you have product-market fit. We had that at small scale, but we hadn't found what was really going to fuel exceptional growth of the company. It took us a while to get there, and a bunch of other companies tried to come in and do that, and they all went bust.                     I mean, there is a time and place when I think it does make sense, and when you do have to worry about competitors, because the truth is, once a big name competitor raises a big round, it's really hard to get anyone else to invest in you. I think Docker's a pretty good example of that in my space, right? They have tons of money. Nobody's going to invest in another container startup. Why would you do that? It doesn't make sense for investors.                     It is something to consider, but I think a lot of people spend way too much time worrying about their competitors, and not enough time worrying about their own business.   Poornima Vijayashanker:         Yeah. Or their customers.   Erica Brescia:      Yeah! Or their customers. Exactly. So, yeah, that matters, but you need to do what's right for you, and what's right for what you want out of your life and your business. You should ask yourself those questions. Taking on VC is taking on a lot of additional responsibility, too—   What Kind Of Return Venture Capitalists Look For   Poornima Vijayashanker:         Like what?   Erica Brescia:      Well, they're expecting a certain level of return, right? A $100 million exit is not something a VS wants, where it might be completely life changing for you, if you don't have venture capital in the company. If you're taking venture capital, you're committing to running the company for at least 5–10 years, providing they don't push you out, which happens sometimes, too, if you're not doing things the way they want.                     You're committing to managing a board, with outside parties who are going to have sometimes divergent interests from you. It could even be the case that the fund cycles are usually 10 years, and they have to return the capital to their limited partners, which we talked about earlier. They might need to get out, and want to push you to sell when you don't want to. They might want you to sell to somebody you don't want to.                     There are a lot of great things that come from venture capital, if you partner with the right people. Obviously, you get the capital you need to fuel the growth of your business, and that can be incredibly important, especially to support go-to-market activities, or SaaS business models, where customer acquisition costs might be high, but the LTV is huge. There are reasons to take money.                    I'm not against that. But you also need to understand what you're signing up for, and what it really means, and that there may be an alternative path for you if that's not the path that makes the sense for you. If you don't want to run this company for 5–10 years, and you don't expect to sell it for hundreds of millions, if not billions, of dollars, don't take venture capital. Startups That Focused On Growing Their Business First   Poornima Vijayashanker:         Yeah. Some folks in our audience might be thinking, "Erica, that's fabulous for you and Bitnami, and all of the success, but I could never do that. I couldn't just sit and wait for my business to grow organically." Are there other examples of companies here in the Valley, that you're familiar with, who have done a similar approach? I know I can think of a couple, but I'm curious—   Erica Brescia:      Absolutely! Well, Atlassian, they're in the Valley now, but they came from Australia, and that's a spectacular story. They really couldn't raise, because they were in Australia, and especially back then, the VC climate in Australia was almost nonexistent. They raised very late, and a lot of it was secondary to the employees, and they've done spectacularly well. GitHub's another example. They raised very, very late in the process, in a very big round, and that gave them a lot of flexibility to do other things.                     We've seen that happen a lot. It really depends. Again, I think, going back to what I said before about product-market fit. It's my view that the best time to raise is when you just need fuel for the engine. You already know how the engine works, and it's already built, and the machine is there, and you know, "If I put X in, I'm going to get Y out." Right? That's when you can really take advantage of venture capital, and that's when it can really make a difference.                    I'm not saying take a long time to build your company like I did. I would certainly do a lot of things differently this time around, but a lot of it just has to do with where the business is, and what the capital's going to be used for.   Poornima Vijayashanker:         It's been a four-year period, right? Where you haven't taken outside investment. You took the initial million. But in that period of time, how has not taking capital, or not thinking about fundraising, how has that helped you and Bitnami?   Erica Brescia:      Well, several ways. I think the most important thing is focus. Not having $10 or $20 or $50 million in the bank makes you focus on what's really going to move the business forward. It's really easy, and I have seen this countless times with companies that I will not name. They raise a ton of money, and they go out and hire a ton of people, and everything falls apart.                     Because humans are humans, right? These are not just cogs in the machine, especially when you're trying to build a breakthrough or game-changing product. You need incredibly smart people. They're going to have strong personalities. They're going to have past experiences from other companies. And you need to be able to get those people to work well together. So many startups have failed in doing that, and it's led to their own demise, or at least slowed them down a lot, and really burned a lot of bridges with fantastic employees.   I'd say it's allowed us to build out the infrastructure to responsibly scale the team, and it's helped us to focus, again, on making the right investments in terms of where we're spending our time. It's also great for negotiating business deals, I will tell you. That doesn't come up a lot—   How To Compel Customers To Do Business With Your Startup   Poornima Vijayashanker:         How so?   Erica Brescia:      I was in meetings, even earlier this week, and these are quite big, multimillion-dollar-a-year deals, and they were asking some questions about what the business model looked like, and I could look at these people with a straight face and say like, "Look, we're not VC backed. My company needs to make money. You want me to be around. This needs to make sense for us, financially."                     That drives a lot of my decision making. I'm very, very involved in the corporate and business development stuff that we do. I need to do deals that make sense for my business. For some reason, it's a lot easier for people to get their heads around that when you don't have venture capital, which is kind of a funny thing, right?   Poornima Vijayashanker:         Well, people understand where you're coming from, and what resources you have at that level.   Erica Brescia:      Yeah! I'm not BSing them. "I have to pay people, and you're going to get a lot of value out of this, and you need to pay me, and I'm not going to do it on a bet that the relationship itself is going to benefit me enough, because that wouldn't be responsible business." That's what I go to all the time. It's not responsible business, you're not doing it. I think being bootstrapped and funding through customers really helps you think through that and make very good business decisions. We say no to all kinds of things, too. And I think that's easier, as a result of that.                    The one other aspect I'd say is, we don't have to manage investors. It takes a lot of time to build investor relationships, which I do do that anyway, because we may raise in the future. But also just to raise funding, to go through the diligence process, and then to manage a board of directors that involves VCs, again, who might have competing priorities, or other things going on.                    Again, we don't get some of the pixie dust you might get if you're VC funded, and sometimes we have to have interesting conversations with procurement departments, and show them our financials, to prove that we've got a great business, and that they can feel comfortable working with us, but it saves a lot of time and overhead.   Poornima Vijayashanker:         Yeah, that's interesting. So you feel, because you're in the B2B space, the enterprise space, some companies may feel like, "Oh, you're not VC backed, so you might go out of business sooner." But what you're saying is, "Actually, we've got customers. We're going to stick around because we've got real revenues coming in, so no need to worry about this."   Erica Brescia:      Yeah. And I can point to, we do business with Microsoft, Amazon, Oracle, Google. All these big companies. It's gotten a lot easier, now.   Poornima Vijayashanker:         Right. You've got the credibility.   Erica Brescia:      Exactly. And we've got a track record. We've not just been around for a year, and we have an established team of senior people, and we've proven that we can execute, and we can deliver. And what often happens is we'll start with a smaller relationship, and it grows over time. After you get your foot in the door, what they care about is do you deliver on your commitments, not whether or not you have a VC in the company.   Keeping Your Options Open When It Comes To Investment   Poornima Vijayashanker:         Awesome. Now, I know you said, "Never say never." So you are thinking about capital, and then your future. How are you thinking about attracting that VC capital?   Erica Brescia:      Let me be clear: we haven't decided to raise capital, but it's a discussion that we're having currently between my CFO, my co-founder, me, and some of the other people on the executive team, because we're launching this new enterprise business. We're incredibly lean as a company right now.                     I told you we have in the mid-70s in terms of employees. Over 50 of those are in engineering and product. So the business team is quite lean, and we have very, very little sales on the sales side. Building on an enterprise business means I need a whole new go-to-market plan that involves field people, inside sales, solutions architects, and support people, and a bunch of other folks. Account executives, all these things.                    That's very capital intensive to build. We can do it off of cash flow, actually. We're in that fortunate position, but at the same time, we might grow a little bit more slowly, and especially hire more slowly, than we would if we had, say, $15 or $20 million in the bank. So we're starting to think through the tradeoffs, and what might make sense there.                     I've been in the Valley now long enough, I know a lot of VCs. There's several whom I like and respect quite a bit, and I still develop relationships with them, and we talk about the industry in general, and Bitnami, and where we're going. I think it's a little bit different than a company that's just coming out of nowhere. We have people who know us, who know the business, who have said that they're interested. So when the time comes, it's more of a matter of sitting down with people who are already friendly and interested in the company, and talking through what makes the most sense.   Poornima Vijayashanker:         It's a partnership.   Erica Brescia:      Mm-hmm, absolutely.   Poornima Vijayashanker:         Yeah. Wonderful. Well, thank you for sharing your experience with us today, Erica. I know our audience is going to get a lot out of this episode.   Erica Brescia:      Thank you so much!   Poornima Vijayashanker:         That's it for today's episode of *Build*. Be sure to subscribe to our YouTube channel to receive the next episode, where we'll dive in deeper with some of Erica's co-investors and explore more topics around funding your startup. Ciao for now!   Voiceover:          This episode of *Build*is brought to you by our sponsor, Pivotal Tracker.  

It’s the start of a new year, which is an exciting time all around. You’re probably excited about new opportunities, starting a company, or building product in 2018!   While I’m all for optimism, I’ve also gotta stay true to them theme of Build: debunking myths and misconceptions when it comes to building tech product, companies and your career in tech ;)   So we’re going to spend the next four episodes of Build debunking themes around fundraising for startups.   I know what you’re thinking: “Poornima, is this really necessary?! Can’t we just focus on product and engineering? How about some Build Tips with those friendly product managers, designers, and engineers from Pivotal Labs?”   Don’t worry we’ve got plenty of those in store for you! Before we dive back into the fun and friendly banter of Ronan and his team, I thought it was necessary to start 2018 debunking myths around fundraising.   Here are my reasons for doing this:   Reason #1: If you want to be a founder and start a startup in 2018, you need to know how to control your own destiny.   Gone are the days of a quick and easy seed deal. If you don’t believe me, then here are two posts from very active investors Fred Wilson and Jason Calacanis with compelling data spanning the past 5 years. They show you that investment in early-stage companies is indeed slowing down, and why the trend is going to continue. #byebyebubble   Reason #2: If you want to be a founder and fundraise, you need to know what it’s really going to take to get the first check that gives you the freedom to quit your day job.   I know I previously explored what it takes to raise capital from investors and how investors add value beyond the check. But times are changin’! As I went back and reviewed the episodes I realized that while much of the advice still applies, there are new challenges founders, especially first-time founders face.   If you’re going to be one of them, then you need to be aware of them as you build your startup. There are also going to be a lot of sacrifices that you will need to consider making. As you’re faced with them, you might feel like you’re doing things wrong, when others have had an easier time. But you cannot compare when the market is in flux.   Reason #3: Don’t want to be a founder? Even if being a founder is the furthest thing from your mind, you might be thinking about joining a startup as an employee at any stage — garage to growth.   Well you need to be able to tell fact from fiction. You don’t want to get lured into visions of billion-dollar exits, only to discover that they are going to be cutting health care benefits, won’t be able to make payroll next month, or all that equity won’t help you buy my 2005 Honda Civic!   You need to be able to ask tough questions to understand the real health of the company, and market opportunity, so that you can decide if it’s worth taking the risk.   Reason #4: As an employee at a startup, every quarter you are going to be tasked with challenging milestones.   Metrics matter more and more these days, and every department has a funnel.   For engineering, it’s making sure the team is continuing to build and ship a quality product, balancing out features with infrastructure and keeping an eye out for that pesky tech debt to avoid slowdowns.   For product, it’s making sure there is a good balance of attracting new customers, while engaging and monetizing existing ones. And holding the engineering team accountable to spending time on paying down product debt.   While marketing has to keep growing traffic no matter what!   Teams are also staying lean longer, and founders are looking for employees with generalist backgrounds who can #GSD.   Everyone’s contribution matters to achieving metrics, which makes you feel wanted as an employee. But it also means that you need to be good at prioritizing, understanding tradeoffs, and a fast learner!   At the end of the day, you need to know and understand that what you are doing is actually moving the needle and going to help attract investment and customers.   There is no point in building product or marketing just for the sake of it.   Hopefully my reasons have convinced you why learning about fundraising is integral to your own success at a startup, and we can move on to the first episode of the year! In it, we’re going to tackle the first misconception a lot of first-time founders fall prey: thinking they need to reach out to investors the moment they have an idea.   It turns out you actually don't need to reach out to investors and you can get started by funding your idea on your own. You’ve probably heard this a lot already…   Quite frankly, investors won’t even take meetings if you do reach out. I can count on two hands the number of investors who I had successfully raised from in previous years that wouldn’t even return my emails recently! Why? Because it’s getting really competitive out there and they want to make sure startups have substantial progress before they are willing to take time to meet.   To help us out, I've invited Erica Brescia, who is the COO and co-founder of Bitnami. Erica has also recently joined XFactor as an investment partner. XFactor is an early-stage investment firm that's looking to fund female founders as well as mix-gendered teams.   I choose Erica and her peers to come on the show because they are ALL founders first and investors second. Meaning they have sat on both sides of the table.   As you watch today’s episode you’ll learn:   Why investment may not be applicable to the type of business you are building and alternate approaches to funding your startup The questions investors ask themselves before they will respond to a meeting request or write a startup a check When startups are “too early” to fundraise and why the definition of “too early” is inconsistent — who really gets funded early and why The work that startup founders and teams must do, if they are keen on attracting investment In future episodes we’ll dive into topics like why raising capital won’t help you outdo competition, how to get over the constant rejection, and what it’s going to take to get that first check. Build is produced as a partnership between Femgineer and Pivotal Tracker. San Francisco video production by StartMotionMEDIA. Episode Transcript Poornima Vijayashanker:           Got an idea for a tech product that you want to scale into a big business? You probably think that you need to go out and raise capital from an investor, right? Well, it turns out that you may not need to. In today's *Build* episode, we're going to explore when it makes sense to reach out to investors.                     Welcome to *Build*, brought to you by Pivotal Tracker. I'm your host, Poornima Vijayashanker. In each *Build* episode, I invite innovators and together we debunk myths and misconceptions related to building products, companies, and your career in tech. One misconception a lot of first-time founders fall prey to is thinking they need to reach out to investors the moment they have an idea. It turns out you actually don't need to reach out to investors and you can get started by funding your idea on your own. In today's episode, we're going to dive in deep to understand some of the mistakes that first-time founders make when it comes to funding their idea. We'll also talk about what investors are looking for and when it makes sense to reach out to them. To help us out, I've invited Erica Brescia, who is the COO and co-founder of Bitnami. Erica has also recently joined XFactor as an investment partner. XFactor is an early-stage investment firm that's looking to fund female founders as well as mix-gendered teens. Thanks for joining us today, Erica.   Erica Brescia:              Thanks for having me. It's great to be here.   Poornima Vijayashanker:           This is the first time that you and I are meeting. Thanks for being here. I want to know a little bit more about you. Let's start with your background. What got you interested in tech?   Erica Brescia:              I've always been very interested in gadgets. It started out actually with mobile phones way back in the day, but I've always been curious about learning more about technology and gadgets and how things work. I really wanted to understand how mobile phone networks worked back in the day. Don't ask me why. I went on to study investment finance. A different path than a lot of people in Silicon Valley take. My father is an entrepreneur and I always had it in the back of my mind I wanted to start my own company. I got introduced to my co-founder and decided I was just going to help him work out a few kinks in the business and get it off the ground. Here I am now running a software company. It's really a case of being open to new opportunities, but also just having this lifelong interest in understanding how things work and learning new things.   Poornima Vijayashanker:           Let's talk about Bitnami, your current company. What exactly does Bitnami do and what inspired you to start it?   Erica Brescia:              Bitnami is a catalog of open-source applications that you can deploy on servers. It's primarily like B2B software. Things like maybe Moodle or Druple or WordPress, if you're familiar with that. We also package up a lot of development environments and development tools, things like Jenkins and Get Lab or Anode or Rails or Django Development environment. We have over a million deployments a month of the applications that we package. We publish them both through Bitnami.com as well as on all of the major cloud bender platforms. Users choose Bitnami because they know everything is going to work right out of the box every time, and they get a consistent experience wherever they deploy the software. If I can just add one more thing to that, one thing I'm particularly excited about is up until now we've been bootstrapping through our relationships with cloud vendors, but we're about to launch a new product for the enterprise. We're essentially taking the next step in the company's evolution by productizing all of the automation that we've built to deliver this catalog of applications so that others can take advantage of it, too.   Poornima Vijayashanker:           It sounds like Bitnami has been going strong for a long time. How long have you guys been around?   Erica Brescia:              We've been working on the Bitnami part of the business since 2013, but the technology dates back about ten years to when we started Bitrock, which is the predecessor. We do have several years in now.   A Day In The Life of a Startup COO   Poornima Vijayashanker:           That's great. As a COO, what's your day to day like?   Erica Brescia:              It was funny, when I thought through that question, there's no day to day. I spent Monday and Tuesday in some really key BD meetings. In Seattle yesterday, I was in LA for an open-source conference. I'm obviously here today. The way that we have our leadership roles between my co-founder and I might be different than a lot of other companies. I run everything except for product and engineering. That means that marketing, sales, BD, legal, finance, everything rolls up to me. That basically keeps things running and make sure that the company is growing and bringing on the right people and has revenue coming in and all those good things. Obviously as a quickly growing startup that's very, very tech heavy, I'm still involved in everything including product and engineering, too. There's never a typical day. It varies a lot and the days are long, but a lot of fun.   Poornima Vijayashanker:           Very good. Now you have actually taken on another role. If Bitnami isn't enough, you decided to join XFactor as an investment partner. Tell us a little bit about XFactor and why the decision to go into investment.   Erica Brescia:              Absolutely. I'll start with XFactor and tell you about the fund. Then I'll talk about why I joined. XFactor is a $3 million seed fund. We're making $100K investments in 30 companies. Pretty easy math. The genesis was really a woman named Anna and a guy named Chip. Chip is a partner with Fly Bridge. They got together and wanted to find a way to fund more women in technology because they had read some of the statistics about how difficult it can be for women to raise funding. The truth is, it's really an untapped opportunity. There's a ton of brilliant women building some very interesting companies. They were having problems in some cases getting through the traditional VC process because of some of the biases that we've all read about. We probably don't need to go through that. The idea was that they were going to get together a group of operating female founders. I think that's really the key is we're all women who have built and scaled our own businesses across a variety of sectors. I have a lot of experience in B2B and closing very big BD deals.                     I've acquired companies and things like that. Some of the other women are very heavy on the consumer side and they're great at branding and rolling out new products. We got a really diverse team of women, but who are actually still on the ground running businesses, very in touch with the problems that founders have in getting new companies off the ground. We think we have a pretty unique perspective and also an edge in terms of what we can offer founders because we're so close to the challenges that they're experiencing. We're very focused obviously with that check size on pretty early-stage companies and helping set those founders up for success. We do expect most of them will go on to raise for their venture capital. We're there to support them in doing that. I actually haven't raised VC for my company, but all the other women have. We have a good diversity of experiences and opinions around that too.   Being A Startup Founder And Angel Investor   Poornima Vijayashanker:           Why'd you join?   Erica Brescia:              It took a lot of thought. They came to me. At first, I thought they just wanted to run the idea by me back in February. Then I get an email a few days later saying, “We'd love to have you join us.” I really did spend some time thinking about it and talking to my co-founder and my husband about whether or not I'd be able to balance everything, because it is a big commitment. If I make a commitment, I want to come through on it and make sure that I'm not letting the founders and my fellow investment partners down. It really came down to the opportunity both for personal growth for me and to give back. There's a financial opportunity, too, which is fantastic. I really saw that we have a pretty unique angle into both deal flow. Several of us are YC founders as well. We have access to the YC network and obviously just good networks in Silicon Valley and outside as well. I felt like we could do something really interesting. I could meet a lot more women in technology. Also, I really do think there's a huge untapped opportunity there. I think we'll be able to produce above-average returns. It really came down to me asking the question, “Do I have time for this?” I'm going to get less sleep for sure. That's definitely been the case.   Poornima Vijayashanker:           Sure. You can make time.   Erica Brescia:              It was just too good to pass up. This is one of those things that I just couldn't say “no” to because the opportunity is so big and it's something that I'm enjoying doing so much.   Poornima Vijayashanker:           Wonderful. As soon as I saw the news, I wanted to reach out to you guys because I thought it was fabulous and needed to be spread to everyone else. Let's talk about your investments then. I know everyone has probably got different things that they want to invest in. We're going to talk to some of your partners later on. Let's talk about what you like to invest in.   Why Angel Investors Focus On Making Investments In Markets and Business Models They Are Familiar With   Erica Brescia:              Sure. I right now am very focused on things that I am passionate about. I think about whether or not the company keeps me up at night thinking about it later. I am usually receiving on the deal flow that it's on B2B and enterprise sales in particular because that's where my expertise and experience is. I found myself drawn to some other things, too. One of the investments that'll be announced soon, I wish I could name some of them.   Poornima Vijayashanker:           That's OK.   Erica Brescia:              I think we're about to announce that we've made eight investments in the first two months.   Poornima Vijayashanker:           Oh, awesome.   Erica Brescia:              We've been very busy and we've met some amazing women. One of the investments that I've led so far is very much a technology, cloud-focused company, which is absolutely my bailiwick. The other one is a fin-tech company. I was really drawn. I loved the founder. Was very impressed by her and the team that she's put together. Also, it was just the problem that they were solving, I could see it so clearly. It was palpable and I was staying up at night and I was talking to my husband about what they were doing and why I thought it was exciting. When I start thinking about how they can make the business successful and what they should be thinking about, that's a very good sign to me. I know it's not direct answer. I invest in this list of companies, but that's really not the way that it's worked out so far. I've looked at a variety of med-tech companies, fin-tech companies, more women in technology and sourcing and recruiting companies. Some people doing interesting stuff with NLP. It's really been a very diverse range of companies.   Why Women Founded Tech Companies Are Broader Than Gets Portrayed                     One of the things that I think you'll see us talking about more, which is very cool, is a lot of these companies are not what you would typically think of as the women-in-tech companies. A lot of people think all we want to work on is beauty. I like makeup and clothes and everything as much as the next person, but I don't know anything about those businesses. A lot of the deal flow that we've had, it's coming from all kinds of very hardcore tech, a lot of VR stuff, too, and AR. We've seen a broad range. Right now we're looking for the next billion-dollar businesses really. Any other VC it's, “Is this something I'm passionate about and can it be huge and can I add value in helping them make it so?”   Poornima Vijayashanker:           Actually, that's a good segue into talking about I think one of the things that confuses some folks in our audience and even first-time founders is, what qualifies as a tech product and then what—let's start there and then we can talk about maybe what a big idea is.   Understanding If Your Startup Is A Tech Enabled Business Or A Tech Product   Erica Brescia:              Sure. Almost anything these days is tech enabled. If it's not, you might have a scalability problem. I don't think we have very strict definitions as to what is tech or not. If excelling in technology and in the technical underpinnings of the product is going to give people an advantage, that's probably a tech company or something that we would think of as such. Some of the subscription businesses or there's a food device I can't talk too much about, but that we're looking at. A really novel subscription business around it. Another two companies have come through that are working on breast pumps for women. They're hardware companies but there's a lot of technology obviously that goes into the hardware. Obviously a lot of tech powering how they're approaching the businesses. It's really a pretty loose definition of what a tech company is. Even some of them are physical spaces now that we're looking at. It's a pretty broad range. It's not like we're only investing in software or we're only investing in sass or something like that.   Poornima Vijayashanker:           That's good to know. Tech enabled but there's probably some conversation that needs to be had around, “Are you really just selling water online or is there a distribution model that is tech enabled and it's cool if you sell water online.”   Erica Brescia:              Exactly.   Why Finding An Investor Isn’t Good Enough — You Need To Find THE Investor Who Understand Your Market and Business Model   Poornima Vijayashanker:           Got it. Then let's talk about I think another area, though, which is—you've already started talking about you enjoy the deals that are B2B, more enterprise, and maybe a little bit more saas heavy. I think one of the concerns that a lot of first-time founders have is, “I just need to find an investor.” I just need to find one investor, but they may not necessarily find that right investor. It's interesting because it's not just limited to tech. I was reading Barbara Lynch's memoir, who's a restaurateur, and she talked about going and finding the investors who invested in restaurants for her nine restaurants. Talk to me a little bit about what it means to be vertical focused as an investor.   Erica Brescia:              You want investors who understand your business or at least have the capacity and time to learn about it and who are upfront if they don't understand things, too. There's several things that make people good investors. One is, don't be an asshole, if I can say that on your show.   Poornima Vijayashanker:           Sure. Of course.   Erica Brescia:              I just don't want to work with people who are not good people. To me, some people don't care about...I've actually had people come to me and say, “It doesn't matter. All VCs are going to be assholes, you just need to accept that and move on.” I'm like, “Uh, uh. No. No, I don't. There's a lot of great VCs out there.”   Poornima Vijayashanker:           That's the normal assumption.   Erica Brescia:              There are a lot of good people out there, men and women in venture capital. I do think it's important that you understand somebody who understands your business and the cycles. Before, example, we've had a lot of very hardware-centric businesses come through. Those are difficult to invest in. In particular, if you don't have experience in hardware because you don't have a really good understanding of how long it's going to take and what the development cycle should look like and how capital intensive that you're going to be. It's harder to make good investment decisions. It's harder to be helpful for the founder, because if you have unrealistic expectations for the type of business they're building, nobody wins. It's the same, we've seen a lot of robotics companies doing super cool stuff, but I've told them, “Look, I'm not an expert in robotics. I'm going to have to go out.” We do have an associate who does some work for us, but we have to go out and be willing to invest our time to get up to speed in those industries in order to feel comfortable making an investment.                     It's good advice. I think what you're alluding to is, find an investor that actually knows what they're talking about in your space because otherwise they could really do damage by slowing you down, refusing to fund a second round or something like that. A follow on or just inundating you with questions all the time. The last thing you want to be doing is just educating your investors on the market when you have a company to build.   The Sacrifices Founders Have To Make To Get Their Startup Off The Ground   Poornima Vijayashanker:           Exactly. No, that's a good point. Let's talk about the other side of this, which is also, it's very tempting, as a first-time founder or somebody who’s green, to have an idea, whether it's hardware or anything that we feel is capital intensive or sometimes we just don't even have the capital as a founder. We haven't quite got to the financial point of our life. It's tempting to immediately say, “Oh my gosh, to get this thing off the ground I need to go and get investment. That might not be the right time.” Let's talk about what time horizon makes sense. I know it's going to be product specific, but I think it would be helpful to just—   Erica Brescia:              It really depends on so many different variables. One of them I think is important is to be realistic about where you are in your life and what kind of sacrifices you're willing to make. The reality is, if you have a family and a mortgage, it's a heck of a lot harder to stop taking a salary—particularly if you were to work in Silicon Valley because the salaries are quite high here right now—and go and start something from scratch. If you're 22 and right out of college and have none of those financial responsibilities, you might have more flexibility. My vote is do as much as you can before raising funding. Build as much as you can. First of all, there's so many good investment opportunities right now that I think most investors, they want to see...first they want to see that you're committed. If you just go out with a pitch deck—like I took two weeks of holiday for my job to put together a pitch deck and if you fund me, I'll go do this—you're never going to get funded because we want to see conviction.   We want to see that you quit your job, you're committed, you've been working on this with somebody else preferably for six months. You have the personality and the skills and the charm or whatever it may be, the conviction to actually get other people to join you. That's important, too. Unless you absolutely can not do it without raising money up front, I would say get at least to a prototype or as far as you can to be able to go show people and prove to people that you're there for the long haul and that you're willing to make sacrifices to make something happen. I will also plug incubators, like Y Combinator. Obviously I'm biased because we went through the program. That was a great experience for us in terms of helping us just build some momentum and we did rebranding of the company and accomplished a lot during that period. It's not about the funding necessarily, but it can give people who are cash wrapped a bit of cash to fund those first few months. It really helps you to accelerate that initial process and sets you up very well to raise from VCs after the fact.                     We've certainly sourced a lot of our deal flow from YC. We try at XFactor to be very broad and we've had people from all over the world, in fact, contacting us. Of course, we're going to look to YC because they've already been through that filter. They've achieved something during the period that they're in Y Combinator. It's a three-month sprint. We've found that looking at people that have at least gotten to the point where you would be if you've gone through a Y Combinator or similar. They've got something to show. That's when it makes sense. I will say, this is really the approach that we've taken with Bitnami is try to find money from customers. Let's not undervalue the fact that people will pay you for what you're building. Hopefully if you're building something valuable, and you're much better off going through that experience, learning what it takes to sell to people and collect their money—there's a lot of details there—and try to build your business that way. You don't need to go for VC right away. There are great examples of companies that have been hugely successful doing that like GitHub and Atlassian.   Why It’s OK To Build A Lifestyle Business   Poornima Vijayashanker:           I'm going to have you hold that thought because we are going to talk about that in a little bit. Now, the other thing I want to point out because you said customers, but I think also bootstrapping with a pay check to get off the ground. A lot of times people are worried about quitting their job and having a source of income, so using that especially for businesses that a little bit more capital intensive early on. Want to throw that out there. I want to dive a little bit deeper into this whole idea of, “I do want to get investment eventually.” Let's say I have gotten to a point, maybe I've gone to an incubator or I've gotten it off the ground, I have some customers. Then there comes that period where you're talking to an investor and they may not really understand how big your idea is. It's oftentimes that thing that people nitpick over and over again that, is this a big idea? Is this a big market? Or sadly people like to say, it's a lifestyle business. There's a stigma here in Silicon Valley against that. Let's talk about what exactly defines a big idea—if we can even define it because I know it's a little amorphous—versus a lifestyle businesses and maybe even break that stigma of that lifestyle business.   Erica Brescia:              Sure. First I'll say I don't think there's anything wrong with a “lifestyle” business. There have been a lot of deals that we looked at. There was this one amazing woman, I won't name the company, but she came through my network actually. She developed some really interesting technology. It was my belief after talking to a lot of people that she's going to sell the company for somewhere between $30–50 million within two years. Awesome for her. Not a great VC investment?   Why Venture Capitalist Don’t Invest In Lifestyle Businesses   Poornima Vijayashanker:           Why?   Erica Brescia:              Because we can't produce the kind of returns that we're looking for. We have LPs just like any other VC fund. We have a responsibility to them to generate returns. I told this woman I want to help her in any way I can. She's incredibly bright. I just couldn't see a path to them building a billion-dollar business. That's really what it needs to be. There needs to be a path that you can understand for how this can be huge. It's going to be very risky. I should say we always know that businesses are going to change and evolve and you're very much betting on the founders. That's absolutely true, but at the same time, if they have conviction around a specific idea and we don't see how it can get to be a huge business, and some of the great hardware companies we're looking at are like that. I think they will have fantastic businesses and fantastic exits. I certainly wouldn't call them lifestyle businesses because they're life changing in terms of the returns that they'll create for the founders. They may not be appropriate for a VC fund. I don't think there's anything wrong with that.                     You need to take a dispassionate look about what you're building, how big the market really is, how much of it you have an opportunity to grab, and be realistic about that. Then think about the kind of funding that makes sense. You might be able to find a family office or something or angel investors who are not looking for the same VC-style risk and returns. They'll be totally happy with the company selling for $10, $20, $30 million. In a couple years, they'll double their money and everybody's fine.   Where Do Venture Capitalist And Angel Investors Get Money To Fund Startups   Poornima Vijayashanker:           On that note, let's actually define what an LP is and why VC versus angels that people understand if they're not familiar.   Erica Brescia:              Sure. An LP is limited partner and they're the people that put money into the funds. They're often wealthy. They always have some money coming from somewhere. Often wealthy individuals, but depending on the fund, they might also be pension funds or endowments and things like that from universities or different trusts and things like that. Basically the people who put money into the hands of the venture capitalists who are the people who actually invest that money. In the case of angels, angels I think have evolved a lot. Now we have the super angels.   Poornima Vijayashanker:           We'll get into that in a future episode. I keep saying this, but it's gonna happen. It's gonna happen guys.   Erica Brescia:              I won't take us to off course then. There are a lot of different kinds of angels. I was an angel investor before joining XFactor. I mean, not at a huge scale, but I'd made a few investments myself.   Poornima Vijayashanker:           What's the scale?   Erica Brescia:              I was writing like $10,000 checks.   Poornima Vijayashanker:           Perfect.   Erica Brescia:              Smaller checks. Then there are people like—I'll take my father, who's one of my closest friends and heroes and has inspired me to do all of this. He built a brick and mortar contracting business that did quite well. He's been making tons of angel investments and all kinds of different things. Some tech, some very, very nontech. You have people like that. Then you have people like Eric Han for example. My company did raise a bit of angel funding primarily to get some really great folks involved with the company. Some of these people were like Eli Gillin, Eric Han. Eric Han was the CTO of Netscape. He went on to be a very early investor in Red Hat. Since then, has been one of the first checks into a ton of companies that have IPO'd. He was on the board of Red Hat after they IPO'd. Eli Gillin is running his own company now, but he started and sold a company to Twitter and ran a bunch of stuff there. These are people who have done well in their career, typically understand tech. They make a lot more investments than somebody like maybe me or my father who might've written a couple of checks a year. These people are doing several key deals a year, usually only investing their own funds. That's one of the big differences. They don't have LPs. It's their own money. They might be doing it more at scale. We call them usually professional angels or super angels.   Poornima Vijayashanker:           Business angels.   Erica Brescia:              Exactly. Who are making a lot of investments, but they don't have LPs to answer to.   When Does It Make Sense To Approach An Investor With Your Startup Idea — First Know What You Are Going To Do With It!   Poornima Vijayashanker:           Great. Let's end with this question. When does it make sense then when you think you have this big idea, to approach an investor? I know you guys said early, but what is maybe too early and what's a reasonable early to get a meeting?   Erica Brescia:              It depends on what you need. Let's start with why do you need the money? That's the first question you should be asking yourself. Where is this money going to get you? You better have a good answer before you go talk to VCs. What milestone are you going to hit with this? Then the second question you should ask is, could I get it from anywhere other than VCs? Do I have friends and family who might want to just give me some money? Could I even take out a loan? Sometimes these other things make sense. There are a bunch of diverse opinions on this, but my view is you don't take VC unless you absolutely need it. Until it's holding you back from scaling. In the particular case of Bitnami, for example, we've primarily bootstrapped. We've only taken a million dollars in outside funding in total. I have over 70 employees in 12 countries. We're cash-flow positive. We've built quite a stable and steady business. We are starting to talk about potentially raising venture capital because we're launching this enterprise product that I mentioned before.                     That involves building out an entirely new part of the business. I can do that off of cash flow, but I'll probably go a lot slower and we see that there's a limited window of opportunity here. I think it really depends on your specific case and whether you can do it any other way. Or if there's an investor that you can feel or that you feel can add a lot of value. There are certain investors who might have a ton of experience in your space. Maybe they started an earlier company and exited it and are just itching for the chance to do it better now that the technology is evolved or what have you. If you find people like that, I think they can be really helpful to building the business. Otherwise, it's like, you should raise when you need to raise. If you feel like you could run out of money in the near future and not be able to actually execute on your plan.   Yes There Is Such A Thing As Being Too Early To Fundraise For Your Startup And Yes It’s Inconsistent!   Poornima Vijayashanker:           Let's admit. There is a time that's too early.   Erica Brescia:              Oh yeah. There always is. It's funny. We funded a company that was quite early and quite a high evaluation. That's one of the deals I led actually. I knew the founder and he'd already built a successful company.   Poornima Vijayashanker:           There you go.   Erica Brescia:              You're much more willing then, almost eager, to get in because this is a male, female team. I happen to know the male better than the female. I told him I wanted into that deal because I think this guy has a ton of potential. Even though it was early, I would write him a check, but he's proven. That matters.   Poornima Vijayashanker:           Exactly. I think that's a big stigma, or rather a big misconception around who's getting a deal, who hasn't built a product yet, or it's not on the market. It's great that you mentioned that. I think for most other folks, they need to see something. They need to see product. They need to see at least a concierge-style minimal bible product or service, some cash flow, some customers. They really want to...those who don't have a track record need to step up their game and show a little bit more credibility.   Questions Investors Ask Before They Take A Meeting Or Write A Check To A Startup Founder   Erica Brescia:              Yeah. The things I look at is, are they committed is the number one thing. Starting a company is hard and a lot of people underestimate how hard and how many sacrifices you make. You can do a whole episode on what's involved in that. Are they committed? Can they build a team? I look at that a lot. That's one thing where people who want to move to Silicon Valley who have no connections there, that's one of my questions. How are you going to find people and convince them in a highly competitive job market to join your team? If you can do that, it also speaks pretty highly of you and your ability to convince people and help them see the vision. Then can they build the product? Is it something that people will pay for? Those are the checklist items that I have. The more that you can demonstrate, the easier the time you're going to have with fundraising.                   If you can't prove that people will pay for your product, if you can't prove that people will use it, especially if you can't prove that you can build it, that's when we're going to have a lot of challenges getting to the next step. That's when I try to give people a clean “yes” or “no.” Sometimes it's like, “You're just not there yet. If you do these things, then I might be interested. I'm sorry. I need to see more before I can make the call.”   Poornima Vijayashanker:           Yeah. I think that's fair. Thank you so much Erica for sharing all this information with us today.   Erica Brescia:              Thank you for having me.   Poornima Vijayashanker:           That's it for today's episode of *Build*. Be sure to subscribe to our YouTube channel to receive the next episode where we'll continue the conversation and talk about when it makes sense to transition from angel investment to seeking investment from venture capitalists and what you need to do in that interim period. Ciao for now.   This episode of *Build* is brought to you by our sponsor Pivotal Tracker.   Blog Post 2 Subject: When It Does And Doesn’t Make Sense To Fundraise For Your Startup Title: Startup Funding: When It Does And Doesn’t Make Sense To Fundraise For Your Startup Subtitle: Interview with Erica Brescia COO and Co-Founder of Bitnami and Investment Partner at XFactor Ventures   Ready for more myth busting around startup funding? Let’s get to it then!   Last week I shared a number of reasons you should share care fundraising whether you’re a founder or startup employee. Here’s they are again, and in the Build episode we talked about why it’s a bad idea to reach out to investors when you have an idea.   This week we’re going to continue our theme and focus on what compels us to think we need to raise capital like competition heating up, the belief that the business will stop growing, or that the idea we’re pursuing isn’t really BIG enough. We’ll also be diving into the mechanics of investment talking about the nuances of an angel versus a venture capitalist, and why it’s important to look for investors that have knowledge of your marketing or industry.   Erica Brescia is back to help us out with this episode. Erica the COO and co-founder of Bitnami. Erica has also recently joined XFactor Ventures as an investment partner. XFactor is an early-stage investment firm that's looking to fund female founders as well as mix-gendered teams.   Erica is a founder and investor, and having sat on both sides of the table, she knows how to dispel fact from fiction!   As you watch today’s episode you’ll learn:   Why Erica and her partners at XFactor are putting their money where their mouth is and starting a fund to invest in female founders and mix-gendered teams What the XFactor investment partners and other angels look for versus venture capitalists, and how much they are willing to invest Why competitors will come and go, and you cannot let their actions intimidate you or direct your business goals Why only you as a founder, can decide when is the right time to raise for your business     In the next two episodes we’ll explore handling all the rejections you receive from investors, how to motivate yourself to keep going, and what it’s going to take to get that first check!   Listen to the episode on iTunes! You can listen to this episode of Build on iTunes.   Build is produced as a partnership between Femgineer and Pivotal Tracker. San Francisco video production by StartMotionMEDIA.   ## Startup Funding: When It Does And Doesn’t Make Sense To Fundraise For Your Startup Transcript   Poornima Vijayashanker:         Last time, we talked about how as a first-time founder, you don't necessarily need to immediately rush out and get investment to get your tech product off the ground. We discovered some alternate ways of funding your product development and company growth. If you missed that episode, I've included it in the link below this video.   In today's episode, we're going to dive in a little bit deeper, and talk about when it makes sense to go out for that angel investment, and then how do you transition from getting capital from angels to eventually getting it from venture capitalists, and what you need to do in the interim to make sure you're growing your company. So stick around.   Welcome to *Build*, brought to you by Pivotal Tracker. I'm your host, Poornima Vijayashanker. In each episode, I invite innovators, and together we debunk a number of myths and misconceptions related to building products, companies, and your career in tech.   What Compels Startup Founders To Fundraise   One myth a lot of founders fall prey to is the need to constantly fundraise. They're worried that if they don't, their competition is going to swoop right in and outpace them. Or their business is just going to stop growing, and even worse than that, people might not think that they are actually onto a big idea.   To debunk these myths and more, I've invited Erica Brescia, who is the COO and co-founder of Bitnami. Erica has also recently joined XFactor as an investment partner. For those of you who aren't familiar, XFactor is an early-stage investment firm that's looking to invest in female founders and mixed-gender teams. Thanks again for joining us.   Erica Brescia:      Thanks for having me!   Poornima Vijayashanker:         Yeah! I know we talked a little bit in the last segment, but let's just quickly do a refresher, tell us a little bit about your background and what you do at Bitnami.   Erica Brescia:      Sure. Bitnami automates the packaging and maintenance process for server software for containerized, cloud, and behind-the-firewall deployments. We're most known right now for the Bitnami Application Catalog, which contains over 150 different pieces of server software, ranging from business schools, like content management systems, more project management systems, to development tools like GitLab and Jenkins for building out your development processes and pipeline, to stacks of things for building applications, like Node, or Rails, or Django. We work with all of the major cloud providers, and have over a million deployments a month of the apps we package across all the platforms that we support.   Poornima Vijayashanker:         Awesome. In addition to Bitnami, you recently joined XFactor as an investment partner.   Erica Brescia:      I did, yes.   The Difference Between Angel Investors And Venture Capitalists   Poornima Vijayashanker:         Yeah! We talked a little bit about that last time, and I want to pick up the conversation from our last time and dive a little bit more into not only what does XFactor do, but this whole position between angels and venture capitalists. How do you guys think of XFactor? Are you considering yourselves as angels or VCs? Would it help to start with defining angels and VCs?   Erica Brescia:      Sure. I mean, I tend to think of angels as primarily investing their own capital, and VCs are investing other people's capital. We all actually have our own funds in the fund as well, so we're LPs in addition to being the investment partners.   Poornima Vijayashanker:         What does that mean?   Erica Brescia:      That means that we're the people who put money into the fund, as the limited partners, who just put money in the fund, and then they step away, and they entrust, basically, the team of investment partners to invest that capital in companies that will produce ventures that yield returns.   Poornima Vijayashanker:         Where is that money coming from? Is that your own hard-earned money, or is that from somewhere else?   Erica Brescia:      In the case of the LPs for the XFactor fund, it's from a range of different people. Some of them have just been very successful in business. Some may be managing endowments or trusts, or other investment vehicles, and they invest both in the stock market and in VC and angel funds as part of their diversification strategy.   Poornima Vijayashanker:         Got it. I think some of you have also contributed personal funds, right?   Erica Brescia:      Yes. We have put our own funds into the plan as well.   Poornima Vijayashanker:         That's important to note. Yeah.   Erica Brescia:      You've got to put your money where your mouth is, right?   Poornima Vijayashanker:         Great! No, I certainly appreciate you guys doing that.   Erica Brescia:      Plus, honestly, I think we're going to make money off of it! So why would you not do that?   Poornima Vijayashanker:         Exactly!   Erica Brescia:      That is the whole point.   Poornima Vijayashanker:         Yeah. You guys are operating a little bit like angels, but a little bit like VCs as well, but let's dive into more of a traditional VC model. What does that look like?   What Seed Stage Investors Are Really Looking For And The Size Of Check They Write   Erica Brescia:      Sure. The distinction there is interesting, because I would say there's seed-stage financing, which a lot of people think of as coming from angels a lot, but VC funds do as well. Those are typically much smaller rounds and much earlier stage. The company probably has something built, probably has some users, probably can show some traction, but they're usually not raising huge amounts of money, at least not by Silicon Valley standards, which are different than the rest of the world.   Poornima Vijayashanker:         Yeah. Let's get some ranges. Because I know some seeds can get crazy.   Erica Brescia:      Huge. Yes.   Poornima Vijayashanker:         So let's do a more middle-of-the-road seed. What would that look like?   Erica Brescia:      These days, I would say they're usually between $500K and $2 million. I know that's a wide range, sometimes it's smaller, sometimes it's bigger, but the fundraisings that we're participating in are usually somewhere around there. We have had some companies raise significantly more than that, and we've almost gone in more at like a Series A stage. But typically you're raising $1 million or $2million to get your idea off the ground and show a little bit more traction, before you go and raise at a Series A. Those used to be maybe $2 or $3 million. Now, most of the time, you're looking at maybe $6, $7, even $10 or $15 million as a Series A, which we certainly see in the cloud and container space in particular, which is where I'm focused with Bitnami.   Poornima Vijayashanker:         OK. That makes sense. Now, I'm not going to dive into microfunds and syndicates, and all that stuff. We're going to do that in a later episode. But let's go back to you, and let's talk a little bit about how you initially funded Bitnami.   How To Initially Fund Your Startup When You Cannot Attract Investment   Erica Brescia:      Customers.   Poornima Vijayashanker:        Customers!   Erica Brescia:     We sold stuff. Yeah.   Poornima Vijayashanker:         Yeah. When was this, by the way?   Erica Brescia:      We started with a company called BitRock over 10 years ago, and BitRock built some really interesting technology around application packaging and deployment, which has become the foundation of Bitnami. We're very unique, I would say, for a Silicon Valley company. We developed a package software product. We sold it to customers, and we generated money that way.                     Then we started providing a subscription service to a lot of software companies that needed us to build, we called them "stacks" of software, so their products could be installed and distributed very easily, and we worked with a lot of the biggest names in open source, in those days. So we had that money coming in—   Poornima Vijayashanker:         If you don't mind sharing, how big were some of those contracts?   Erica Brescia:      They were in the tens of thousands of dollars a year. So reasonably sized, but we now, in retrospect, we charged far too little. But that's one of the lessons that you learn as a founder, you're always underpricing yourself in the early days.   So we did that, and built up the company that way. Then we decided to evolve into Bitnami. We went through Y Combinator in 2013—   Poornima Vijayashanker:         So before you did that, you actually had revenue coming in?   Erica Brescia:      Yes.   Poornima Vijayashanker:         Give us a range of how big you were at that size?   Erica Brescia:      We had 12 people, and seven figures in revenue, when we—   Poornima Vijayashanker:         Oh! That's fabulous!   Erica Brescia:      —went through Y Combinator.   Poornima Vijayashanker:         Yeah. OK. So why even bother going to—   Erica Brescia:      That's a great question! It was a subject of much debate, but again, interesting story, I suppose. My co-founder's wife had gone through Y Combinator with her own company, and had a great experience with it. And we knew that we wanted to send the company on a different trajectory—   Poornima Vijayashanker:         Which was?   Erica Brescia:      Growth.   Poornima Vijayashanker:         OK. OK!   Erica Brescia:      We wanted to build a huge business, and the model that we'd had previously was really what we talked in the last episode about, more of a lifestyle business. Right? We built a solid business, but that's not what we were there to do. We wanted to build a huge and very meaningful company. And we felt like Y Combinator was the right way to do that.                  It gave us a lot of focus, and helped us make some interesting and difficult decisions. It also helped us a lot with hiring in the early days, and bringing more folks to the team. We've been on a pretty healthy  trajectory since then. Over 75 people. I don't give out revenue numbers, but we're profitable and growing, and doing well.                     All of that money, except for a million dollars, which we still have sitting in the bank, has come in through customers. And that million dollars we raised after going through Y Combinator. We brought in some angel investors whom we really liked, for different reasons. Some of them have a lot of experience in building companies, specifically in our space, and we felt like they could help us a lot with that.                     A couple of them are VCs who invested personally in us, because we didn't want to raise a VC fund, and a few were overseas venture investors, but they make seed stage investments. One from Japan, and one from China. And that was purely because we plan on going into those markets, and we thought it would make sense to have some people over there with a vested interest in our success.                     Y Combinator served as a good catalyst to bring that round together-   Poornima Vijayashanker:         How big was that round?   Erica Brescia:      It was just a million dollars?   Poornima Vijayashanker:         Oh! OK. But you were already in the seven-figure revenue at that point, when you raised that million.   Erica Brescia:      Exactly.   Poornima Vijayashanker:         OK.   Erica Brescia:      And that money is still sitting in the bank, and we've added a healthy amount to it, and—   Poornima Vijayashanker:         That was what year?   Erica Brescia:      2013.   Poornima Vijayashanker:         Oh! It's been a while. It's been four years.   Erica Brescia:      Yep.   Poornima Vijayashanker:         Now, interestingly enough, you have that million, you're raising revenue, and you had grown without a lot of outside capital. I mean, you were already growing, so in that span of time, weren't you afraid that some competitor was just going to swoop right in and go out and raise $10 million or $100 million dollars, and put you out of business?   Don’t Let Competitors Intimidate You Into Fundraising For Your Startup   Erica Brescia:      What's actually funny about that question is we had a bunch of competitors do that, and they all went out of business..   Poornima Vijayashanker:         Oh, OK! Yeah!   Erica Brescia:      OK! Some spectacularly so. One raised $40 million, had huge names. One of the people on their board tried to come and intimidate me, and say I could never compete with—it was actually a woman running that company, too. But I won't name her, because that's not good for anyone.                     Yeah. We had a lot of companies come and raise money, but the model wasn't there yet. And that's why we didn't raise, either, right? There's a time, and we talked about this in the last episode. It's my belief that in most cases, you're better off raising when you have product-market fit. We had that at small scale, but we hadn't found what was really going to fuel exceptional growth of the company. It took us a while to get there, and a bunch of other companies tried to come in and do that, and they all went bust.                     I mean, there is a time and place when I think it does make sense, and when you do have to worry about competitors, because the truth is, once a big name competitor raises a big round, it's really hard to get anyone else to invest in you. I think Docker's a pretty good example of that in my space, right? They have tons of money. Nobody's going to invest in another container startup. Why would you do that? It doesn't make sense for investors.                     It is something to consider, but I think a lot of people spend way too much time worrying about their competitors, and not enough time worrying about their own business.   Poornima Vijayashanker:         Yeah. Or their customers.   Erica Brescia:      Yeah! Or their customers. Exactly. So, yeah, that matters, but you need to do what's right for you, and what's right for what you want out of your life and your business. You should ask yourself those questions. Taking on VC is taking on a lot of additional responsibility, too—   What Kind Of Return Venture Capitalists Look For   Poornima Vijayashanker:         Like what?   Erica Brescia:      Well, they're expecting a certain level of return, right? A $100 million exit is not something a VS wants, where it might be completely life changing for you, if you don't have venture capital in the company. If you're taking venture capital, you're committing to running the company for at least 5–10 years, providing they don't push you out, which happens sometimes, too, if you're not doing things the way they want.                     You're committing to managing a board, with outside parties who are going to have sometimes divergent interests from you. It could even be the case that the fund cycles are usually 10 years, and they have to return the capital to their limited partners, which we talked about earlier. They might need to get out, and want to push you to sell when you don't want to. They might want you to sell to somebody you don't want to.                     There are a lot of great things that come from venture capital, if you partner with the right people. Obviously, you get the capital you need to fuel the growth of your business, and that can be incredibly important, especially to support go-to-market activities, or SaaS business models, where customer acquisition costs might be high, but the LTV is huge. There are reasons to take money.                    I'm not against that. But you also need to understand what you're signing up for, and what it really means, and that there may be an alternative path for you if that's not the path that makes the sense for you. If you don't want to run this company for 5–10 years, and you don't expect to sell it for hundreds of millions, if not billions, of dollars, don't take venture capital. Startups That Focused On Growing Their Business First   Poornima Vijayashanker:         Yeah. Some folks in our audience might be thinking, "Erica, that's fabulous for you and Bitnami, and all of the success, but I could never do that. I couldn't just sit and wait for my business to grow organically." Are there other examples of companies here in the Valley, that you're familiar with, who have done a similar approach? I know I can think of a couple, but I'm curious—   Erica Brescia:      Absolutely! Well, Atlassian, they're in the Valley now, but they came from Australia, and that's a spectacular story. They really couldn't raise, because they were in Australia, and especially back then, the VC climate in Australia was almost nonexistent. They raised very late, and a lot of it was secondary to the employees, and they've done spectacularly well. GitHub's another example. They raised very, very late in the process, in a very big round, and that gave them a lot of flexibility to do other things.                     We've seen that happen a lot. It really depends. Again, I think, going back to what I said before about product-market fit. It's my view that the best time to raise is when you just need fuel for the engine. You already know how the engine works, and it's already built, and the machine is there, and you know, "If I put X in, I'm going to get Y out." Right? That's when you can really take advantage of venture capital, and that's when it can really make a difference.                    I'm not saying take a long time to build your company like I did. I would certainly do a lot of things differently this time around, but a lot of it just has to do with where the business is, and what the capital's going to be used for.   Poornima Vijayashanker:         It's been a four-year period, right? Where you haven't taken outside investment. You took the initial million. But in that period of time, how has not taking capital, or not thinking about fundraising, how has that helped you and Bitnami?   Erica Brescia:      Well, several ways. I think the most important thing is focus. Not having $10 or $20 or $50 million in the bank makes you focus on what's really going to move the business forward. It's really easy, and I have seen this countless times with companies that I will not name. They raise a ton of money, and they go out and hire a ton of people, and everything falls apart.                     Because humans are humans, right? These are not just cogs in the machine, especially when you're trying to build a breakthrough or game-changing product. You need incredibly smart people. They're going to have strong personalities. They're going to have past experiences from other companies. And you need to be able to get those people to work well together. So many startups have failed in doing that, and it's led to their own demise, or at least slowed them down a lot, and really burned a lot of bridges with fantastic employees.   I'd say it's allowed us to build out the infrastructure to responsibly scale the team, and it's helped us to focus, again, on making the right investments in terms of where we're spending our time. It's also great for negotiating business deals, I will tell you. That doesn't come up a lot—   How To Compel Customers To Do Business With Your Startup   Poornima Vijayashanker:         How so?   Erica Brescia:      I was in meetings, even earlier this week, and these are quite big, multimillion-dollar-a-year deals, and they were asking some questions about what the business model looked like, and I could look at these people with a straight face and say like, "Look, we're not VC backed. My company needs to make money. You want me to be around. This needs to make sense for us, financially."                     That drives a lot of my decision making. I'm very, very involved in the corporate and business development stuff that we do. I need to do deals that make sense for my business. For some reason, it's a lot easier for people to get their heads around that when you don't have venture capital, which is kind of a funny thing, right?   Poornima Vijayashanker:         Well, people understand where you're coming from, and what resources you have at that level.   Erica Brescia:      Yeah! I'm not BSing them. "I have to pay people, and you're going to get a lot of value out of this, and you need to pay me, and I'm not going to do it on a bet that the relationship itself is going to benefit me enough, because that wouldn't be responsible business." That's what I go to all the time. It's not responsible business, you're not doing it. I think being bootstrapped and funding through customers really helps you think through that and make very good business decisions. We say no to all kinds of things, too. And I think that's easier, as a result of that.                    The one other aspect I'd say is, we don't have to manage investors. It takes a lot of time to build investor relationships, which I do do that anyway, because we may r

RadiOps Episode #2 * https://hackernoon.com/serverless-contact-us-form-for-static-websites-facccb7be27f - Contact Us form in the world of serverless. * https://www.elastic.co/blog/monitoring-the-dark-army-with-kibana-mr-robot - Mr. Robot chose Kibana to visualize it’s logs. * https://medium.com/@codeAMT/how-to-mine-bitcoins-using-an-aws-ec2-instance-7604128c2c8f - Mine Bitcoins on AWS, you really shouldn’t. * https://medium.com/bitnami-perspectives/a-new-kubernetes-sandbox-b3832fa38035 - Bitnami’s Kubernetes sandbox. * https://github.com/i0natan/nodebestpractices - Node.js best practices. * https://github.com/TimothyYe/skm - SKM is a simple SSH Key Manager that will finally put your SSH Keys in order. * https://github.com/palkan/wsdirector - Websockets Director is a cli application written in Ruby that by creating scenarios we can test any Websockets server, sending and receiving messages. * https://github.com/zuazo/dockerspec - The dockerspec gem is a wrapper that allows us to you RSpec, Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily. * https://github.com/appscode/voyager - HAProxy backed secure L7 and L4 ingress controller for Kubernetes, If you have any stories you would like us to share, feel free to email us at radiops@devopspro.co.uk.

Bitnami es una de las pocas empresas españolas que ha pasado por Y Combinator, probablemente la aceleradora de startups con más nombre y track record de todo el mundo. Hace unas semanas tuvimos el placer de poder hablar con Daniel López, fundador y CEO de la empresa, sobre la evolución de la misma desde sus inicios en Sevilla (donde tiene hoy en día más de 35 empleados, sobre todo ingenieros) hasta hoy, habiéndose convertido en un producto de referencia para desarrolladores que quieren instalar de forma rápida en la nube más de 140 servicios. En este último episodio de nuestro podKast, hablamos con Daniel de los siguientes temas: - Cómo vivieron el nacimiento del cloud y cómo adaptaron al producto a un mercado cambiante - Cómo gestionar un equipo distribuido de ingenieros y fuerza de ventas - Cómo vender un producto como Bitnami - El paso por Y Combinator y su sorpresa de que tan pocas startups españolas hayan pasado por YC

Aaron and Brian talk about the new partnership with A Cloud Guru, as well as a 2017 Mid-Year update around all things cloud - VMworld ecosystem, Serverless Ecosystem, Kubernetes for All, etc.. Show Links: [Podcast] @PodCTL - Containers | Kubernetes - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players [Serverless] ServerlessConf in NYC (Oct. 8-11). 20% Discount on all passes [A CLOUD GURU] Get The Cloudcast Alexa Skill [A CLOUD GURU] DISCOUNT: Serverless for Beginners (only $15 instead of $29) [A CLOUD GURU] FREE: Alexa Development for Absolute Beginners [FREE] eBook from O'Reilly Show Notes Topic 1 - Something looks and sounds different from normal. Why don’t you tell our listeners what’s going on? Topic 2 - Impressions from the VMworld 2017 Keynotes and show floors? Topic 3 - In talking to the A Cloud Guru team, we’re starting to see a big trend of people getting cloud training and certifications. Should we be doubling back on fundamental technologies to supplement more complex shows? Topic 4 - Are we in a technology lull right now? We had containers a couple years ago, and serverless like 12-18 months ago, but right now it feels like an expansion phase. Thoughts? Topic 5 - Let’s talk about some of the trends we’re seeing at this point in 2017: All vendors supporting Kubernetes (AWS, Oracle, Microsoft)
 Is it strange that we’re heard almost nothing from Docker since DockerCon and their announcements of a new CEO and the “Moby” project? We’re beginning to see some funding in the serverless space (IOpipe, Skippbox acquired by Bitnami, Iron.io at Oracle) and that crazy $140M for Databricks and calling themselves “serverless data science and AI” Topic 6 - We saw Amazon acquire Whole Foods recently, as well as getting back into the retail markets (people-less stores). Do you think we’ll start to see their movement into all these adjacent markets impact customers adopting AWS? Apparently Target is now moving off AWS. Topic 7 - AUDIENCE QUESTION: We’ve never really focused on SaaS applications, outside of SaaS-based tool that help IT. Does our audience think we should focus on SaaS applications, and if so, which verticals should we target? Feedback? Email: show at thecloudcast dot net Twitter: @thecloudcastnet and @ServerlessCast

We live in a great time to start a company. The resources which were only accessible to big companies are now at our fingertips. Erica Brescia, COO of Bitnami gave advice on how to start a company. We talked about what she learned at YC and the status of the company when it was admitted. Erica explained what Bitnami is building, and pricing strategies. At the end we talked about her role as an investment partner in XFactor Ventures.

In this episode, you’ll hear about: -How Bitnami evolved from a side project in 2008 to become a full fledged company in 2013 when the founders saw an opportunity surrounding the deployment experience -The pros and cons to raising outside funding, and why the Bitnami team choose to wait until the point where not raising would impede the business -Growing up in the Bay area, and how having an entrepreneurial father inspired Erica’s own ventures from a young age -How Erica views the idea of “being your own boss” and the misconception people may have about how it actually works -Her experience working at T-Mobile that taught her how to hire and manage large teams, and how to constantly be a better manager -How a founder’s job adapts with the evolution of the company, and why learning as you grow is critical to success Catch the fun question round at the end, where Erica shares a few favorite San Francisco startups (hint: one’s a 52 Founders alumn), and the founder she would most want to interview and why (it may surprise you!).

In this week's episode (with only a brief IT interlude), the gang talks about the Dell XPS-13, Macbook Pro touch bars, and ugh, Uber… And our special guest this week is Erica Brescia, co-founder and COO at Bitnami. She speaks to us about her passion for dev tools as well as the challenges of being a predominantly remote company (something that Stack Overflow knows a little bit about).

In this week's episode (with only a brief IT interlude), the gang talks about the Dell XPS-13, Macbook Pro touch bars, and ugh, Uber… And our special guest this week is Erica Brescia, co-founder and COO at Bitnami. She speaks to us about her passion for dev tools as well as the challenges of being a predominantly remote company (something that Stack Overflow knows a little bit about).

Brian talks with Sebastien Goasguen (@sebgoa, Founder @skippbox)about his experience with containers, the focus of Skippbox, market demand for serverless, the architecture of Kubeless, and how the emerging serverless+kubernetes projects need to evolve. Show Links: Get a free eBook from O'Reilly media or use promo code PCBW for a discount - 40% off Print Books and 50% off eBooks and videos Skippbox acquired by Bitnami on March 7, 2017 Skippbox website Kubeless - Serverless Framework for Kubernetes (GitHub) “Docker Cookbook” by Sebastien Goasguen (O’Reilly) Show Notes: Topic 1 - Welcome to the show. Give us some of your background, as well as what you’re doing at Skippbox these days. Topic 2 - Before we jump into “Kubeless”, let’s talk about what you’re hearing around serverless in the market today. Topic 3 - Tell us about the Kubeless architecture. Topic 4 - With different serverless functions, they initially support a limited subset of languages. Since Kubernetes is language agnostic, why does the limitation exist, or how complex is it to add new languages? Topic 5 - You mention on the project’s GitHub page that there are other “serverless on Kubernetes” alternatives out there (Funktions, Fission, OpenWhisk, etc.). Do you expect that one of these projects will emerge, or do you see these starting to merge and just become a job type within Kubernetes? Topic 6 - Let’s come back to Skippbox. You have a focus on Kubernetes and the tooling around making it easier to deploy and run. What are you seeing in the Kubernetes market and when are people engaging with Skippbox? Feedback? Email:show at thecloudcast dot net Twitter:@thecloudcastnet or @serverlesscast YouTube:Cloudcast Channel

Esta semana Laura nos explica como poder tener un servidor HTTP en nuestra maquina para poder trastear a base de bien sin tener que complicarnos la vida. Para ello usaremos Bitnami. A la semana que viene mas y mejor, o no

Erica Brescia is the Co-founder and COO of Bitnami. With over 1 million apps deployed per month, Bitnami makes it incredibly easy to deploy apps with native installers, as virtual machines, or in the cloud. Erica had lead operations for Bitnami since they started. She’s also been responsible for all their partnerships with big brands like Amazon Web Services, Google Cloud Platform and VMWare. She’s also led their sales efforts - which has enabled them to remain mostly bootstrapped all these years. Erica joins us to share her story, how she got into tech and startups, what it’s been like building Bitnami, some of the challenges they’ve had to overcome, what it was like going through Y Combinator with a more established company, and much more!