And uh we are going to basically have a chance for everyone to discuss with the presenters uh the delegates to discuss among each other. And as always with these roundt discussions uh the core question is kind of what you think it is which is essentially uh we've spent the day uh we've listened to a presentation uh we've uh seen some demos we've had some questions and answers we've heard from apartner uh and it kind of gets down [snorts] to the core question of multicloud. So, uh, I will actually pose that, uh, premise to my, uh, my esteemed colleagues around the table. Who wants to kick us off here with a thought on, uh, modern multicloud? What does it mean? And, uh, what have you heard today thattells you what it means? >> I'lljump in because wehad to cut time off from some of the ransomware discussion. When we discuss multicloud, that's probably one of the quickest ways that we move into. I have everything built in one location. I need to restore it into another location. So when we were talking about ransomware um and you know the solutions that you have around cloud data sense um where are y'all looking at uh that type of uh recovery ransomware detection and solutioning? >> Yeah, I'll take that. So number one acknowledge it's not in the multiloud but multi-layer approach >> depends on where the threat is and where the layer of technology is. Yeah, Nathan, you brought up uh Cloud Data Sense, which is a great example because it's one of the NetApp offerings that's not just restrict restricted to NetApp storage or NetApp environments. Cloud Data Sense has the ability to view, scan, give insights, alerts, and reporting on lots of types of storage. be it our traditional storage competitors. You might have an isolon platform out there, an HP platform, or you might be one of the cloud formats that's not just a standard NFSs like OnePoint, excuse me, one drive, Sharepoint or some of the object buckets. So, cloud data center to do its job well, we had to give it the capability to look at a lot of different types of stuff. Now, what we also have to acknowledge is I can look at a lot of places bring a lot of value and I encourage everybody go to netup.com or cloud.net.com net.com and look at some of thedashboards that you can see where you can see red and green light alerts on different environments where there may be issues and what it I'm sorry we didn't get to that today maybe the next cloud field maybe Stephen will let us do another one and we'll get into that but as you go deeper you can see and alert on from but to take action especially the autonomous action sometimes we have to go deeper as an example if it's an ontap environment and we're seeing anomalous behavior like excess excessive serial encryption on a volume, right? That that's not normal. And so the AI engine will see that and say that's not normal and have some steps it can take like it can spin an immutable back uh snapshot at that moment in time. So if even you don't see it and get involved for an hour, that's your worst fallback. You may go up to the next level of user activity. So another layer of the technology stack isthe cloud secure capability of cloud insights that can say okay a snapshot was given but how about what if it's not on just this particular file system what if it's a user account on a lot of different and you know a really smart hacker that's going in different places it'll uh identify that anomalous behavior and not only flag that kick off the snapshot if it hasn't been but block that user. So there's different layers you got to go to. And so we're kind of looking at it as a multicloud horizontal segment and then striped this way. What is the layer of technology? And we'll bring value as high up the stack as we can.>> Ithink the other thing to your specific scenario, I think if you've had a ransom attack and you're recovering, you're not going to be able to practically recover any significant amount of data to another cloud if it's not there already, right? Bandwidth, data gravity, not to mention ingress and egress charges and all the other things that make that impractical. So youronly solutions there are to either point in time restore to the cloud you're on making the assumption that thechallenge that got you attacked in the first place is likely not something wrong with the cloud architecture, right? That's likely to be a black swan event versus a more standard spear fishing orany other sort of more common compromise, right? So most likely like Chuck was saying, the ability to have those point in time snapshots that are already there that are consistent across all the different clouds, right? and all managed within that sort of software lets you recover to that point in time instantaneously. Anything that's not snapshot based recovery for the data sizes we're call we're talking about and the speed in which files can be encrypted especially with hardware offload of encryption and everything like that you're never getting it back if you're trying to stream it as a backup. The other solution is if you truly do want to have it as a crosscloud sort of occurrence for a ransomware or for let's say some massive denial of service attack orsomething like that then it's having the data already there right so that's where the crosscloud capabilities thatChuck and the team demonstrated to be able to literally drag and drop and have your data in two different places on two different clouds it it's like a mega availability zone let's call it or something like that right Imade a term up >> yeah is that a thing now >> that's going to be over Twitter now >> god darn Did I trademark that? Wait, no, it's NetApp work product. Darn it. >> Because that would really be appropriate. Yeah, appropriate. Yeah, appropriate. Yeah, >> because Mazemulti availability zone encryption. There we go. I think good point that we have a we have the challenge of the technology being able to prevent or like see and then ultimately prevent and there's that weird trust of like at what point will there actually be real application behavior that will emulate a heristic that represents what looks like ransomware and the idea then there's work was actually at SNE last week SDC talking about other storage you know services that are aiming to do the moment they see as you said sort of serial encryption from the beginning that it immediately it makes the files immutable.>> Y >> Y >> Y >> and so it selfdetects you know prevents but there are genuine cases where there are things we're doing where you know we could be using different architectures. key value stores behave fundamentally differently and how they write and reallocate data on the fly which can by some good heristic measurement appear like it's doing naughty things and then you've got this weird thing of yeah what's right and all of a sudden thousands of things get deleted all at once you're like oh god oh no it's actually because I'm just cleaning up myM drive right you know or whatever like that's there are tough things of user behavior that's normal or application behavior that's normal and normal such hard thing to ascertain now >> and it varies by workload right there's EDA workloads or me and workloads that involve by definition making a million files and then deleting them a couple minutes later right not to mention AI workloads and everything like that so if you apply the same horistics engine without the right intelligence behind it and say once you discover this to be the signature of an attack just apply it equally across all your volumes that's going to you're going to deny service your own storage essentially right by making all your files immutable and then someone will be mad >> well to that same to the same thread. So, as we talked about security and stuff like that, I I'veloved what I've been hearing about the cloud manage capability, but Ido have a certain level of concern about like we're now taking the storage layer that historically has been hidden behind multiple layers of things that block it from the out the big wide world and now we'regiving some manageability and observability to the outside world. whatkind of controls do we have aside from just basic arbback toprevent access to control access to that cloud manage endpoint and things like that for our organizations so MFA you know ACL's things like that I mean what are we talking >> I want to add on that governance yes right like overall overreaching governance from um all the things that you mentioned but also like data sovereignty data residency all that like what are we doing about that. >> So yeah, so specifically on the hyperscaler say if you take AWS there are keys you take Google cloud there are service accounts so we tap into what the clouds are doing in that perspective and just utilizing it for our own products within the hypers scale. Yeah, and I wanted to add to that. It's like um so you know many of the conversations we have are around security and security policies and knowing who has access in the cloud sense. It's which who has access to which resources and it could be down to the individual resource you know bucket name ora single EC2 instance or what have you. And so um our policies are obviously because they do utilize say AWS IM it's not u it's open it's something that you can go in there and you know what our policy is asking your systems todo whether it's provisioning or deleting or um building a new one and that's part of the I guess the transparency thatthe Google team mentioned as well is you need to know what it's going to do. So um it's aligning with them and then also using it as much as possible. Um but oh >> I was just going to say as well you were asking about cloud manager specifically it sounded like >> yeah cloud manager you can configure um federation so that it federates over to your own organization and then have MFA associated with that as well like every time we sign in you know we have to approve a key or you know hit it on authenticator to be able to get in. So that's another line of defense that you were kind of looking for there as well. So I'd like to extend it out, right? Because this is all talking about building the storage piece of it, right? So what happens when you know the goal is to provide developers their playground to build an application or a service out to the rest of it. So um how is so if I'm a developer and I'm consuming storage to display as part of a application is that on them to keep that locked down to the right degree or is that on the storage side to keep that locked down? >> I mean I could just start off with like >> I got it Mike. Yeah. >> I mean everything starts off with a good cloud architecture right for your organization. And so, you know, we have customers that have, you know, thought they were going to start small and then, you know, they built sort of a very simplistic sort of architecture in terms of how the networking andtheir design ofum folders and projects and how we sort of lay that all out was relatively straightforward. And then they realized, oh wait, I now have 300 teams in my organization. All of them are accessing different data resources. They all have uh sort of a staging, they want staging areas and production areas. Some of them are on prem and they want to access data and they you know it gets really complicated. The point being is then they actually rewrite the entire cloud architecture in terms of the networking design the project folder layout you know the access control mechanisms and that then once they have that then all of a sudden that's when you know NetApp would come into play and just saying okay well now we're deploying into that architecture and then how do we make use of how they've set up the roles and the service accounts and uh the access control and everything else. somebody like from our side the ops size istrying to understand the best practices where would they look to get um templates for that would we look to our very familiar um onprim storage providers or would we look to y'all for that kind of out >> out like who's the guy who's the guiding reference of a governance standpoint because governance and security are comp they're two separate functions but they are related Iwould take responsibility intous in the sense that asI said uh you know every cloud has their own sort of reference architectures in terms of how you build secure uhsystems andar deployments and so I would say you'd want to probably start with the specific clouds uh white papers and best practices guides that we have on our website and you know work with ourteam right in terms of deploying that out for the organization and then it's really about how do we complement all of that right with the storage services that>> I yeah >> it is yeah I find thatshared architecture I mean a lot of the um the white papers andon Google's in Google docs docs.g Google cloud um uh are you co-authored byNetApp because weknow that we are part we have to fit into that ecosystem as well of however you've decided to architect your solution so the reference architectures um yeah weprovide input into that or we or help author them and so that's where I would definitely start in the cloud provider what cloud manager then does or what the services then do is give you that consistent experience if you do happen to have that in other cloud providers you know that there's going to be a way to achieve your high security or your compliance requirements or um you know your role based access because that's the NetApp promise ina sense of our products that we will be able to deliver those that capability to you.>> Um oh >> in the end all you got to do is just phone the Uber engineer, ask them their password and apparently just give it away and you take over the whole thing. [laughter]>> Yeah. >> Yeah. >> Yeah. >> All this stuff doesn't mean anything. >> Jeez, [laughter] you're so positive till then. Iwill say toyour original question, I think this is one of the interesting things we struggle with. If you go back 15 years ago and you set up a storage array, right, you put the management port on a separate subnet and you called it a day, right? And it was a little bit of I don't want to ask security by obscurity, but it was close to an air gap, right? But not really. And Ithink that we all struggled with the first day you could actually manage a storage array but do it from the cloud, right? It was a brand new paradigm, right? for us or anyone else. And this isn't NetApp specific. I think this would be true for any of our competitors or cooperators in the industry, right? Andin some ways, I even myself, I'll freely admit it, at first kind of was resistant to the idea as someone who's been around for a while. And it's like, whoa. But then you realize, I mean, the principles of zero trust and everything. You should assume that your management network is on the public internet, right? I mean, it'stheassumptions of zero trust is that your data center is already compromised, right? And at any time it is compromised. And so the good thing about putting something on the public internet is it means you have to focus on the things that are truly important, right? Multiple admin verification, all of the structures that Google Cloud and others have put in place because you can't just rely upon the oh someone can't route to that IP address as a method of security because that's not a true method of security anymore. So by removing that as a crutch to be quite honest and it's a really helpful crutch because it makes us all feel like we can fall asleep at night, right? That there's a firewall and it's a separate subnet and everything that's not it's not a valid crutch anymore. And so we've got to adopt more secure and more sophisticated methods for this age. >> Yeah, you bring up the perfect thing of assume it's compromised and now what do you do? It's not necessarily about detection pre detection and pum to your thing about governance. This is something that came up. talked about data sense before and Chuck yes you brought up the thing of like let's find a file owner and it's connected to active directory and the first thing that hits me it's like okay it's metadata storage >> but is it then maintained in an immutable state somewhere as a point over time because you know Puml and I say something naughty at our company and we get fired and all of a sudden our active directory is removed and so is that metadata that the stuff that we touched right before we got fired oh yeah we did something naughty to the file system as well is you know just what got us knocked out of the company. >> I'm always naughty. Okay. >> Is there like because that itself has to be maintained for an incredibly long period of time because we don't know when it occurs by the time you ransomwarestarted two years ago. You it really bad things happened today but it was there a long time ago. And that's part of the problem is having this sort of immutable continuous record as a time series that you could go back and say like ah a series of events occurred that I can go back and have this in this true sort of immutable reference to then go back and record that the thing that happened today actually began six months ago. >> Well, not just ransomware, but what about litigation lawsuits? They happen. People leave companies and next there's a lawsuit over, you know, whatever situation. you've got to go back and dig up that data. Like >> I I'd say that's one of the advantages that NetApp has ishavingthought about this for a reallylong time that people do keep data for a very long time. And so when it comes to moving that data into the cloud or having it in a different you know suddenly we're starting to run different kinds of applications. We're still thinking about that andthatis still one of the things that yes, we know that c people are going to want to keep data around for 10 years, 25 years, the lifespan of a patient orwhatever it happens to be and that should be something that thedata management system should be able to tell you. So I think that's one of the core tenets for us is that your data requirements don't change whether you want to run it in Google, you want to run it on premises and the tools should be there whether they are autonomous in the system itself like um what Chuck mentioned where it's automatically taking a snapshot if it detects something that might be ransomware to the more kind of okay I'm actually I'm going to set a policy and this policy is going to tell me when things are going to be kept through to data sense which is lit saying what is that data? Where is it? So I think of it as almost a layer cake. I like food analogies. So a layer cake of or pancake stack of data considerations thatwe have thought about through the years and now we're bringing that across the board where wherever you go. >> Even as simple as the odd thing that happened personally experienced this, right, where we had a full audit that was done. I worked in a large financial services firm. Just go over my lint and you'll figure out who they are. But you know we got regular audits as we should proudly survived them all and but one thing came in they said hey let's check is this user here and this user was let go normal like they were summer students and then you go and you check Active Directory and like they weren't deleted they're right here and then we realized like oh because they were hired back the next summer right >> and so in that case where we had a file that was owned by somebody and then you know it was deleted or something like an activity occurred triggered by a user behavior and then we mark that and we say like all right good immutable log a record of that thing occurring and then that user gets let go and then you hire somebody that's their exactly the same first initial last name >> it happens >> what are the records is it a is a UYU ID or there other thing that anyways there's questions that you shouldn't have to answer to some idiot nerd like me on a panel right now but things to think about as we look about that >> things I wanted tosay on that whole discussion one is that um Lisa can we Please have Door Dash bring uh Phoebe Eggma Muffin because she's obviously still hungry. Second is that one of the things that we're trying to do here is with our cloud volumes platform because you bring up retention and things. Remember this is the customer's data. We are not becoming the data warehouse,>> right? >> right? >> right? >> There is so much data that's available, but it's your file systems and your data and how long you choose to keep all of it. It's your data. It's your logs. Your metadata is in your file systems. The problem is that it's been out there for years. If you go back to1995, you could keep data for 10 years. You just couldn't figure anything about it. You know, you have an employee that left. He said, "I did this." What you could never prove it. So, what we're trying to do is give the intelligence to be able to mine that data and make it available to you. If you have that lawsuit, you need to be able to show what did and didn't happen. >> But, I just want to draw that distinction that it's not we're not keeping cloud manager is not keeping metadata about your data at all. Right. >> You have it. >> You're helping classify it. >> We'reclassifying your data by tagging your data with the tags you wanted. But that's your data in your metadata. It's not in our account. So, >> but we can search for it if we need to. We need to find all thousand cat pictures of yours. >> But you know what? IfI if I in my account I say look I don't want to keep anything more than six months. Nothing. Um deleting all file systems, all objects, all this, all that. And three years later somebody brings a lawsuit against me. I can't go to NetApp to say I need to know what happened two years ago. Those logs are gone because that was my data. You know what I mean? And so that'sthe shared and I think it was somebody Yeah. shared responsibility. Correct. Zero trust, >> shared responsibility intelligence to allow you to do everything you need to in that model. >> We app call that not my circus, not my monkeys. [laughter] So I want to touch on when we're discussing compliance, we're discussing governance. There's something that we that is kind of like I don't know where it is. I always think of it it's a as a step down from governance but it's called standardization and we always think of it in terms of like data uh metadata tags which you just brought up. um what solutions in terms of like self-service and uh not self-service uh self-healing and automation tools can net up bring to the table in terms of I have agold bronze um and whoever's between gold and bronze silver um tiering and I've got a workload that's not bronze it should be gold is there some sort of like self-healing there I have a Kubernetes cluster that has differentspeeds you know this one pod is supposed to be on this one uh solution is those type of self-healing and then one last uh use case which is PII which you showed which was perfect but PII is really great when it's where it's supposed to be and it's not always where it's supposed to be. So are these things that y'all are investigating or these things that you already have available?>> Someof them Ican't say that we can solve all the problems in the world but as an example some >> I could say that >> I could [laughter] say that but I would get>> I would get Baxter's keeping an eye on me.>> Exactly. So first of all interms of some of the things that we showed here in terms of provisioning infrastructure for the type of job we showed you some very basic but there are higher levels where I can create templates and said based upon this user in this role doing this type of job here's the kind of infrastructure which gets you part of the way there you actually saw a little bit of that with the SAP HANA implementation that can be templatized and automated so that if I'm doing an SAP HANA workload it's always going to be the right level of storage in this case withthe right level of throughput happens a You mentioned Kubernetes happens a lot because as we talked about it's incredibly dynamic. You know the I read about a month ago, two months ago I read that the average lifespan ofa node in a cluster is measured in seconds >> literally like it was like 87 seconds or something. It was crazy to me what they didn't even refer to as minutes because it was fractional. This stuff comes and goes and it's up and down. So making sure that you can have the right class of resource file um applied at the time that's part of the automation process thatwe help with. And in addition to that when you're looking at the monitoring things like ourobservability capabilities provided by the cloud insights engine says I can have performance levels set. I can monitor thousands of things. I can have my dashboards [snorts] set up that if something is not performing according to its SLA levels, it's flagged for me. And evenmore than that, the ML can learn as to what the likely steps are to take. doesn't yet autonomously do things like uh for example if I have anumber of processes running on a single node in a Kubernetes environment and one of them starts to hog all the resource spew start to write a whole bunch of files I had because sometimes these things are small amounts of storage Ihad 10 gig assigned>> for these five because it comes and goes it's feral shouldn't be but all of a sudden one of them is furiously writing and creating data and CI says the other four soon I'm going to be out of storage space and you're going to get andout of space condition sent to you, it will say these other four, they'reabout to be compromised. You may want to do X, Y, and Z. You may want to spin up another VM, move this over, uh move the offender over and provision more storage, for example. So, we're getting there in terms of a automate and templatize the provisioner resources. B monitor what's going on with the SLAs you set, we can't do it. So the user of the system has to set those monitor all these thousands of different points for storage performance, IO throughput, network performance, compute performance, application and database performance, and let you know when you're crossing the red line and if it does provide you with here's the next three things that we recommend you do. That's where we are today. Ican't wait till next year when we have this same session and see. >> Yeah, neat to see the that ability to sort of stream that data for persistence somewhere else. And I think that's where more large the enterprises start getting to where they ultimately you know whether it's just you know pouring it in and treating a cafka subscription so they can capture stuff for their own stuff but it's keeping it in some sort of time series database as you mentioned >> not your circus not your monkeys mycircus so I could now in using an ability to stream that data instead of wait for it to write commit pull it like FTP it sftp it around the old school way right team hardware So, but I want to go now to this data is being streamed somewhere. Can I stream it now to a central repository and then do other exciting things like fire Google ML services at it andreally see what's going on so that I can better operate my environment. I think it goes full circle to where wevery started at the very beginning of the day which was that it's not just collecting the data about the storage that you care about because if okay my storage isbusy so what maybe that's a good thing but it's what is my workflow what is my application trying to achieve and that's where we want to get to as a holistic you know with our partners at Google with all the tools that we have at our dis at our availability but also giving them to you and then that might end up in a different system depending on who you are and where you happen to be. So I think we have one more question. >> At the beginning of the day, >> you said that multi cloud initiatives have historically been happening by accident.>> M&As, whatever like that, somebody accidentally swiping a credit card. >> Yeah. >> Yeah. >> Yeah. >> Andthat now people are deliberately architecting formulticloud. How many withoutsaying without saying anything how many are you what customers are deliberately creating multi-hyperscalerenvironments>> andwhat's that use case look like >> you guys want to take this do you have I'm one of them but I want to take [laughter] >> yeah Iam a customer um I will not say my employer but we are deliberately building uh multicloud enablement program so that we can bring in officiallyuh additional cloud services that are outside of our current existing cloud platform so that it's governed in an enterprise way because like you said it was I don't say it's accidental but it was things just came about right um soyou got to pull stuff together and building a program like that is verycomplex because you have to upscale your existing engineers that know hybrid that know on premises but also the other cloud provider but now they're faced with oh wait we have all these additional clouds are now official what's going to happen with us are you hiring new people I it'sbeen afun and rough six seven months for me personally challengingum and we're looking at it from a phase perspective initially. Let's get these additional clouds up and running with all those foundational components, you know, landing zones. Bring them up first so they have all that governance. Take lessons learned from the other side. Bring it over less technical debt, you know, let's learn from our lessons from past mistakes so don't repeat it in the new clouds and then let's build a new target operating model. >> But isthat is that the why behind So I'm the why is cloud crazy, right? Cloud sprawl.>> Why is cloud crazy? >> Yeah. Like it just it became mad. Well, not madness, but cloud sprawl. There's services out there that were getting deployed. >> But that's still speaking to the first point of it of the accident. That's not right.>> One of the other things is we live in a world of merges and acquisitions. >> Sure. >> Sure. >> Sure. >> So two companies merged. One would have one cloud strategy, the other would have one other cloud strategy. NetApp is kind of the link between the two. We cater to this cloud. fabricator to that cloud and make sure that >> but that's still the accident that'snot the you guys are all talking about the accident right >> well Iwill say one more I get the last word so Ido think that um okay there's the choice to say I want I have different business units they want to do different things different applications different clouds but I also think that there andthere's obviously um I want to balance my risk I think these are use cases that are valid and they have a you know they're not necessarily something technical that they say how I'm going to architect this. But I think there's that um really there's wanting to use the right tool at the right time for the right job and that may change. So it's not to say that I'm multicloud because I am all in one cloud provider and then I'm going to start using another one and move everything there and maybe I'm halfIt's because things change over time and that may just make more sense. I don't think that's accidental. I think that's an intentional decision to say I want to put it where it makes sense. >> That makes sense. Iget that >> it's a little bit of accidental and it's a little bit of um >> adapting to your business needs as your business grows yourbusiness needs changes so you are adapting you know six seven years ago this was the need but now that scope has changed and the business is actually evolving faster than it and it usually is it is usually the last to jump on the train because we're a little bit fearful of things but it's businesses is evolving to what the business wants to do to be competitive to get, you know, to basically make money. It's our paycheck.>> The other thing iswhat if you're in the middle of and I think the way y'all started off was perfect. We're talking about theseum workflows, right? So, we're talking about these work pipelines, which that's all developer CI/CD talk until now that we're actually able to deploy everything as code to help them in the cloud, right? So maybe what the business needed at the time that they conceived the application and someone's on their laptop building it out in a particular cloud made sense to be on that cloud. But the services they need to scale it and deploy it globally and to make all the money off of it aren't available on the cloud they developed it on. that because it now has become smart enough to understand what services are where they can advise them, okay, we really need to go here and here's the way we're going to get there and this is how we're going to get there.>> There's some of that that's is kind of typical. The same things happened on prem. Yay, I have a whole bunch of servers. You know, if we put some VMs on this, we probably can do this faster for you and get more performance for it. And that happened in the middle. Always put the train tracks out in front of the train. But sounds like you're trying to get ahead of doing that part, that train track.Uh, [clears throat] a little bit of both. >> Get ahead of the train. I like that. >> Yeah, [laughter] we're running along the with the train. Trying to catch with it. No, it it's a little bit of everything. What? You know, itreally is because it's trying to get ahead, trying to wrangle everything back together so we're all not doing whatever. But then it's also like our business partners, they're evolving, too. So, we have to evolve with our business partners. It'sa very complex question.