Pat Gelsinger On VMware’s ‘Radical’ Security Plan And Andy Jassy ‘Bro Hugs’
“Five years ago, I stood on stage and said, ‘If you use Amazon, you’re stupid.’ And Andy [Jassy] would stand on stage and say, ‘If you run a data center, you’re stupid.’ Now we’re doing bro hugs at re:Invent on stage and declaring a joint, hybrid future,” said VMware CEO Pat Gelsinger in an interview with CRN.
Gelsinger On The Record
CEO Pat Gelsinger knows that VMware has the ability to take the security market by storm thanks to the virtualization leader’s bullish innovation and go-to-market strategy.
This month, VMware unveiled its new Service-Defined Firewall, aiming to provide intrinsic security by leveraging its position in the hypervisor for full stack visibility and control of applications and the services that comprise them.
“We do think of it as a very radical innovation as we go think about security from an application [standpoint]” said Gelsinger, in an interview with CRN. “We have two assets that nobody else on the planet has. We have the VM [virtual machine]. We’re building this intrinsically into the VM.”
In an interview with CRN, Gelsinger talks about VMware’s security differentiation, NSX versus Cisco ACI, further integration with Dell and whether or not his ‘VMware’ tattoo is real.
How does your new Service-Defined Firewall differ from existing firewall solutions from your competitors?
What we’re trying to distinct is the interior traffic versus the edge traffic. Today’s firewalls largely sit at the edge and are monitoring things coming in and out of the data center. We argue that an application or a service in this case is very much about VM to VM traffic or micro-service to microservice traffic – so that interior traffic in the application is far more important than the edge traffic. … [For edge traffic], you’re looking essentially at protocol traffic with no understanding of the applications. We’re saying, ‘What you need to do is the fundamental view of firewalling and security meets the application centric,’ and that’s what the Service-Defined Firewall allows you do. It’s primarily focused on east-west traffic as oppose to north-south traffic, if you use that terminology. We believe it’s a far more leveraged point that can only be done in software that allows us to scale and it’s truly distributed. It can be entirely agile in the sense that, if you move the container or the VM, the firewalls go with it, the relationships between it and the other services go with it.
How does the Service-Defined Firewall change the way VMware approaches security?
So compared to micro-segmentation that we did before -- which was largely layer 2 or layer 3 firewall -- this is full state, full level 4 through level 7 firewall capability as well. In that sense, we fully expect some people to say, ‘Why do I even need edge firewalls anymore? My data center has no edge. My application have no edge as well.’ So we do think of it as a very radical innovation as we go think about security from an application [standpoint]. It builds on what we did with NSX and micro-segmentation, but also includes integration in our AppDefense, so it really leverages the typology’s that the VM understands. And it builds on this idea of intrinsic. It’s not another thing to manage. You’re managing it as part of the NSX and SDDC environment.
How do you plan to leapfrog VMware’s security competitors?
We have two assets that nobody else on the planet has. We have the VM. We’re building this intrinsically into the VM. A lot of problem with a lot of security today is they end up being agents that you add into the guest environment. If you’re an attacker, the first thing you do is turn off the agents. Right? Those techniques of turning off the agents or spoofing the agents, there’s probably 100 free kits you can download to do that. The VM can’t be turned off. This sits as a capability inside of the VM. So essentially you’re application and guest centric, but your outside of the VM, so you can’t be turned off. So that is essentially like, I have beach front property that nobody else can touch when they’re looking at that application. That’s one asset that is very powerful, game-changing from our perspective.
What’s the other asset that gives VMware a leg up?
With our NSX, I now have an enforcer point, where you can see the network traffic and see all of it from an application-centric [point of view]. So the VM is handing traffic into NSX and then to the microsegments -- there’s nothing else sitting in-between that. You don’t have to hairpin to some remote firewall or some other service. You have that explicit point right at connectivity into the networking layer that either gives you visibility of all traffic coming in or enforcement of traffic going out. Those are two very powerful points that we don’t think anybody else is anywhere close to us in being able to do those two things for very fundamental, technical and market-based reasons. Now that we’ve launched NSX, Azure and Amazon as native services as well -- it’s built into VMware Cloud on AWS – we’re now stretching those points into the cloud. With SD-WAN we’re stretching those points across the wide area network as well.
Talk about AWS Outposts and your relationship with AWS Andy Jassy?
As we go on to Outposts, we clearly are saying, ‘Hey this is the next phase of our relationship.’ I like to joke about the fact that, five years ago, I stood on stage and said, ‘If you use Amazon, you’re stupid.’ And Andy [Jassy] would stand on stage and say, ‘If you run a data center, you’re stupid.’ Now we’re doing bro hugs at the Re:Invent stage and declaring a joint, hybrid future. We’ve come a long way. And now everybody – Google, Amazon, Microsoft, etc. – is talking about the hybrid future. The hybrid future is exactly why IBM spent $34 billion to buy Red Hat when they position it. Everybody agrees. VMware and our partner community are now uniquely enabled to deliver that, and Outposts is another vehicle to accomplish that.
How important is VMware’s integration roadmap ahead with Dell?
We’ve had great success and momentum in our Dell partnership. If you think about what we’ve done over the last two years with Dell, we’ve made great process in what we sell and do with them. A lot of it was just foundation building. VxRail is clearly at scale now. For Dell, it’s a $2 billion run rate business into what’s arguably a $50 billion or $60 billion market. Wow, there’s a lot of market opportunity. Similarly with the client business, we’ve now integrated Workspace ONE natively into Dell clients, and it’s part of [Dell’s] ProManage and ProDeploy offerings. We’re just getting started with Dell. There’s a lot of areas of the market like state and local, and some of the emerging markets like China, where we’re just barely gotten those engineers started. I really view that we’ve laid down a lot of foundation and the Dell resellers are now well enabled with good solutions in hard. We really think that they can start to scale the capabilities that we’ve all worked hard to create.
Has Dell Technologies becoming a public entity this year helped VMware in any way?
You have look at that through a couple of different lenses. Let’s just be a financial analyst for a second: the markets have liked it. There was a structural problem with the tracking stock, where there was always arbitrage trading versus the tracker versus the VMware shares -- so that put downward pressure on the VMware shares. The markets like when a company is using their balance sheet effectively. … It has also reinforced our relationship with Dell, but also the independence and governance of VMware. If you look at us, the [Dow Jones Industrial Average] from the beginning of the year is approximately 12 percent, and VMware is 30 percent. We’re doing pretty good. And that includes all of the dividend that we just issued. The markets said, ‘It’s good with a solid independent VMware with a turbocharger named Dell that’s out for their best interest. They have good independence and a nice clean trading structure.’ The market has liked it. … Most importantly, customers like it.
Your channel chief, Jenni Flinders, told us that you’ll be overhauling VMware’s partner program? Can you give us an update?
We love Jenni. She lived in the channel, she’s very partner centric and we’re thrilled to have her on our team. She is truly shaping that program for us. VMware has grown very well over the last couple of years, but our partner programs haven’t been growing as well as our direct programs have. So the direct selling motion, we’ve seen better growth in that area than we’ve seen in the partner growth. That’s always a little hard to discern because a lot of it ends up being partner fulfill as oppose to partner-led. Our view is, the partner created business hasn’t grown as fast as the overall VMware business has grown. So we believe that we haven’t done as much in that route to market as we need to be. Jenni is attacking that problem. We have brought out Master Services Competencies that we launched last year to good reception. There’s are other changes to the partner program that we will be rolling out because we really see this fundamental need to help our partners and our channel to be more effective with VMware. I want to double the size of the company over the next five years. That’s a tremendous set of opportunities for the partner community. Partners are essential for us if we’re going to see that kind of growth rate. It’s a huge priority for me personally.
Can you talk about VMware NSX versus Cisco ACI?
ACI is bound to the physical network of Cisco. [Cisco’s] ability to extend the physical networks that are automated – well, those things are good, but you’re still bound to the physical network environment of Cisco. What we’re seeing is customers are increasingly resonating with the VMware NSX Virtual Cloud vision because it’s multi-cloud. Because it’s multi-data center. Because it now has software-based Service-Defined Firewalls. Because it has native embodiments on Azure and Amazon. Because it has integrated policy. Because it’s integrated to the container solution. These are all use cases that ACI doesn’t address, and it’s never going to be able to address. Our vision and strategy is so much more comprehensive than ACI. It’s really like comparing a bicycle that’s great and wonderful, to a Lamborghini and say, ‘Which one are you going to take out to the track this weekend?’ I mean, it’s just not even [comparable]. But we’re happy with saying, ‘Hey, we’re happy to support to the bicycle -- it works just great on NSX.’ They have a good number of our 10,000 NSX customers. We have hundreds that are running ACI underneath NSX. We’re very happy with that, but don’t confuse the Lamborghini with the bicycle.
The world wants to know: Is that ‘VMware’ tattoo on your forearm you unveiled at VMworld last year real or take?
So I’m giving the keynote that it was fun and there was great energy in the room. After the keynote, I’m running around like crazy. I call my wife at 9:30 p.m. that night. The only thing she said to me is, ‘You better have gotten rid of it before we go on vacation.’ There was nothing like, ‘Great keynote, honey. How are you doing?’ – no, it was, ‘You have better gotten rid of it before vacation.’ It was one of those long-term temporary tattoos. It’s successfully been eradicated from me. We did go on vacation and my wife still loves me and is married to me.