VMware’s Kubernetes GM On Dell Integrations And Security Plan

“We are making security an intrinsic part of the platform instead of a surrounding set of individual products focused on individual, narrow pieces of the security story,” said Ray O’Farrell, VMware’s executive vice president and general manager, in an interview with CRN.


‘VMware Is Resilient’

Ray O’Farrell believes VMware can be the dominant market leader in Kubernetes through a differentiated security strategy, innovation roadmap and unique integrations with the Dell Technologies product portfolio.

“We are going to focus on Kubernetes and we’re going to do it in a multi-cloud fashion,” said O’Farrell, VMware’s executive vice president and general manager who is responsible for the company’s strategy and operating model for delivering the Kubernetes platform of the future. “What we’re now trying to do is make sure that if people are using containerized Kubernetes applications, whether it’s private or public clouds, that we’re able to offer them the build, manage and run technologies coming from our application [business unit] as well as the security technology coming from our security [business unit]. We want to expand how containers and Kubernetes are secured.”

O’Farrell leads VMware’s Modern Apps business unit which includes VMware Tanzu, as well as the teams of Pivotal Software and Heptio, the startup launched by Kubernetes creators Craig McLuckie and Joe Beda that was acquired by VMware for $550 million.

Sponsored post

In an interview with CRN, O’Farrell breaks down VMware’s Kubernetes roadmap, opportunities ahead around the “wide edge,” and application innovation currently being leveraged by the U.K.’s National Health Service to track COVID-19.

How will VMware’s Kubernetes capabilities become more integrated with VxRail and Dell Technologies’ hardware?

When you think about where most Kubernetes and cloud-native applications are running today, it tends to be in the cloud. So that’s where a lot of the focus has been. But more and more we see the immergence of this, what I call, the ‘wide edge.’ What I mean by that is compute living in a data center, living in hyper-converged infrastructure or living in telco infrastructure, which is not necessarily a large and sophisticated cloud, but it’s a relatively large amount of compute. That’s different from the deep and embedded edge.

So, in the wide edge you’d see a hyper-converged system like VxRail living on a factory floor or living in a cruise ship or in the centralized area of a telco organization. When we look at all of those today, just like the rest of the industry is embracing containers and Kubernetes, the same is beginning to appear in the wide edge. There are some very interesting opportunities for VMware at that wide edge because of our relationship with Dell, as well as other large server and hardware providers, but with Dell’s hyper-converged infrastructure in particular. And even around some of the products Dell has around gateways and embedded compute infrastructure.

How does Tanzu play a role in the VMware-Dell innovation roadmap ahead?

The very first product we released with Tanzu, VMware Cloud Foundation (VCF) Tanzu, that is the same software that we use when we build up the large hyper-converged infrastructure products with Dell. You can see that we have an immediate focus on that on-premise, hybrid story. We will be focusing on scaling that down to be more appropriate at the VxRail level as well. This is going to be a new and important area where you’re going to see a common management approach being taken across my cloud-native applications when they run in the cloud, when they run in a hybrid cloud and then when they run at this wide edge.

Where VMware and Dell are in a unique position is the ability to stich those things together at the wide edge. Because in many cases the ability to have insight into the infrastructure layers of the software and the application layer of the software running on top of Kubernetes or orchestrated by Kubernetes, that’s the unique combination we can bring to bear from a performance and security point of view. That alignment around HCI is going to be very important. I think wide edge is going to be a hot new area for Kubernetes and for containers in general.

How is VMware’s security portfolio and strategy a Kubernetes differentiator?

Kubernetes introduces new challenges from a security point of view. We are going to focus on Kubernetes and we’re going to do it in a multi-cloud fashion. We built my [Modern Apps] business unit with various technologies in there, and we also built out our Security business unit, which is where Carbon Black has gone into. What we’re now trying to do is make sure that if people are using containerized Kubernetes applications, whether it’s private or public clouds, that we’re able to offer them the build, manage and run technologies coming from our application BU as well as the security technology coming from our security BU. We want to expand how containers and Kubernetes are secured. One of the activities there was the recent acquisition of Octarine. It focuses on containers and Kubernetes-based security to become an integral part of the broad Carbon Black service that we have. It’s part of the broader story.

So, we look at Kubernetes security in three basic buckets: The first is supply chain management. For example, ‘I am building an application leveraging a combination of open source and containers. Where did that come from? Is it secure? Even within my large enterprise, where I have lots of different developers that are coming from different groups, do I have a cohesive way to build a catalog of good containerized applications?’ I refer to that broadly as supply chain.

What are VMware’s other two Kubernetes security ‘buckets’?

The second is a more classic sense of my ability to look inside the application itself – everything from trying to understand if the application is doing something anonymously, to what is it doing in terms of access to network. So, I’d use technologies like Carbon Black or on the networking side, I begin to use more of the advantages of NSX and software-defined networking to understand the behavior of the container in terms of the interface back to the real world through the network. Containers are popping up and shutting down – they’re very dynamic. So, you need to be able to understand very carefully from a networking point of view and our NSX products focus on that.

The third area, which is now really emerging, is in terms of how it relates to the application, it is core to what [VMware CEO] Pat [Gelsinger] calls intrinsic security. It’s to say that the infrastructure itself and the application framework, which are used to build the applications, should actually be fully aware of the security policies and the security status which you as an enterprise want to bring to bear. So what you’re seeing there is, instead of saying, ‘I’m going to need additional products to deal with my network security, to deal with my data encryption, to deal with my virus checking inside the software, etc.’ – most of that should be coming intrinsically from the platforms themselves. That’s a key message from Pat and where Carbon Black and some of the other acquisitions have been focused on. We are making security an intrinsic part of the platform instead of a surrounding set of individual products focused on individual, narrow pieces of the security story.

Why should channel partners be pumped about VMware’s Kubernetes roadmap ahead?

If you look at the portfolio, it consists of two broad buckets. Product direction ‘A’ is appropriate to the VMware channel selling vSphere and so on, as we begin to bring Kubernetes itself down onto the infrastructure layers. You saw this in Project Pacific, which is essentially vSphere – or more specifically VMware Cloud Foundation (VCF) at this point – with Kubernetes components built into that package. That is sold in the same way existing VCF is sold and the same way vSphere products are sold. It’s a great opportunity for many of our channel partners who are used to selling and working [with] VMWare to be able to say, ‘Now I can also bring a Kubernetes solution to my customers.’ In the short-term, that’s probably the most relevant channel play in this space.

Product direction ‘B’ is focused on a deeply integrated stack focused on organizations who say, ‘I want to have a really good integrated story for what my developers are doing. I’m focused on velocity of development above all things. I want to be able to leverage everything from data services to even managing the application development itself with a singular approach.’ That is the product Tanzu Application Service. That’s already shipping out there. It’s based on the Pivotal PaaS product. We’re going to see new versions of that appearing, which is basically a version where we add more and more Kubernetes support into the bottom of that stack.

What’s one unique way VMware’s technology is being leveraged to help combat the coronavirus crisis?

Let’s not forget that Pivotal has a significant team focused on actually building applications and helping companies build applications. As the COVID-19 situation began to hit various enterprises worldwide, a lot of them began to realize, ‘I need to build applications in response to this quickly. Who can I turn to do to that?’ Pivotal has a long history of being able to ramp-up and build applications quickly and get the outcomes that you need in a very short time period.

One of the projects that is getting a lot of attention is with the National Health Service (NHS) in the U.K. around contact tracing. This is an application from which your mobile device begins to allow people to indicate if they believe that they have COVID-19 symptoms or if they just had a test, to be able to register that. Then what it does is begin to understand the people from whom this person has been close to and begins to warn others about it. So it works in cooperation in the human contact traces that you hear are so important to try to limit the spread of COVID-19.

So that’s an example of where we’re able to take Pivotal Labs, building an application very quickly – and this happens to be a mobile device application – then building the backend infrastructure to also be able to support that application. VMware can address both sides of that story in a very cohesive fashion. We’re seeing more and more of that demand for that type of application coming from VMware. That’s a new thing for us.

Give me your bullish thoughts on VMware’s future?

There is a sense or resilience that a company or team needs to be able to take advantage of new opportunities and build those [capabilities] for customers. But also, to be able to react to the unexpected things which occur. My feeling and my sense of VMware, both as an engineering team and as a company, is that VMware is inherently a very resilient company. VMware builds resilience into everything that we do. That’s why I’m bullish about the company’s future. Because I can’t predict what will happen on the other side of COVID-19, for example, but VMware’s culture and resilience allows us to be able to deal with those things. For instance, with COVID-19, we were privileged to be a company that is highly distributed – 99 percent of our engineers are now working from home. At the same time, we were able to do that for many of our customers. So, I’m bullish because VMware is resilient. We have engineering processes and a management approach, which is pragmatic in saying, ‘Okay, here’s a problem. Here’s a challenge. How are we going to deal with it?’ That is the essence of VMware.