Episode 8: Geek Out – Part 2. Mike D’Amato - Back to the Building Blocks: Rancher’s Infrastructure Solution

Hi, this is Pete Tseronis with Part 2 of my conversation with Mike D’Amato, chief engineer at Rancher Government. In Part 1, Mike discussed the required shift in culture and software stacks to avoid vendor lock-in. Today we discuss Rancher's particular infrastructure solution and why their approach could be thought of as going back to the building blocks. Let's talk and close out with a couple things. The future Harvester. It's constantly, I'm sure, in a development state. Paint us a picture of where you're going. I mean, assuming the transformation era is here, people are transforming. Is there something you're excited about in the coming weeks, months, year that you're seeing the federal government migrate to some of what's internal to your company and maybe share some of that?

Yes, we are working on a lot of really cool projects right now. Actually, some of them involve Harvester, some of them are just kind of on those upper layers. It depends on the situation, but the edge, the power I'm seeing on the edge is becoming very impressive. I'm seeing machines that are far edge that have processing power and even GPUs that I've never seen before. So we're able to run Kubernetes out on the edge and do basically AI workloads that, I mean, that's not been a thing previously. So one project for example, is event-based. And so we're taking messaging brokers and event-based Kubernetes workloads and groups of machines that have various sensors on them, and we can gather data from these sensors. And then as the AI processing discovers patterns, you can essentially kick off serverless workloads autonomously. And what's cool about that is I can now spread workloads across a cluster of machines and then kind of optimize the usage of the resources on those machines. And in the past, that wasn't really doable.

You didn't know when a thing was going to happen and there was no way to consume resources. But Kubernetes does that really well where you have resources and you're consuming them from a workload. A very simple example would be like CPU and memory. You could say this workload requires three gigabytes of RAM and two CPUs. I can now consume those on an event-based pattern. So as AI is discovering things, I can process them and spread that work across many machines, if that makes any sense. And all this happening on the edge is just crazy to me.

See, you just got me wanting to talk for another hour. You just blended in the AI dialogue with Edge Compute, which to me, I think of smart devices and zero trust networking and the fact that for our audience, I mean, I hope you heard: Mike just expressed how the world we're living is ubiquitously connected and making sure that you can develop quickly and efficiency and securely it. Sure as heck, sounds like Mike, you do know where that puck's going and you're taking into account the transformation of this AI injection into all businesses. And it sounds to me like Kubernetes and containers are going to be a big part of that AI insertion. So I appreciate that, Mike. The federal government published “Back to the Building Blocks, a Path Towards Secure and Measurable Software”. It was just this past February, and as we were preparing for this, I'm reading through it and doing searches on words like containers and modernization, and it's littered with that. Did you have a chance to look at this, and if so, what really rang true for you?

I did. Yes, I looked through that document. The main points that stuck out to me for sure were the emphasis on rebalancing the responsibilities. And the way I interpret that is basically saying along with DevSecOps principles, we're shifting things more to the left. So the software development side is taking more responsibility on securing their software and releasing things. So what's interesting about this is I feel like it directly corresponds to what drives a lot of the Rancher Government solutions requirements for our software. And so our CTO shop pushed really hard for getting the FIPs 140-2 and now -3 certifications for their software. And there's various other things happening along those lines. We also do like DISA STIGs. And then another point in that document was it mentions Executive Order 14028, I think it was. And that talks about the secure software development practices. So we have Rancher Carbide, which does the secure signing and scanning of all of our images. And I just think that that's what makes Rancher Government really unique is that that's what drives us forward is these kinds of executive orders. And we're trying to fit into the requirements that the US government is actually imposing.

Well, let me just say to that because you brought up a number of important government terminology, the FIPs 140-2, Federal Information Processing standard publication. You mentioned 14028, which really is what kickstarted post the Colonial Pipeline incident, how agencies need to really to be looking at their assets, their cyber physical assets, and making sure that things are in fact secure. And yes, shout out to you for reading it. I mean, this document references the National Cybersecurity Strategy, which I know is something that is not just a document, but a playbook. So I appreciate you highlighting some elements of that. And the fact that Rancher is leveraging it for some of its development is pretty darn impressive.

Well, I could also say that it's a little bit selfish in the sense that I use this kind of stuff when talking to customers to give myself more leverage when I'm trying to introduce these crazy ideas. Sometimes I feel like I talk to people and I'm like, all right, I'm going to come in hot and I'm going to have them come crazy ideas. And then we need to modulate down a little bit and then you tell me where you're comfortable interacting with me and my consulting team. And so when I say stuff like this, usually it's useful. Like I'm not just making this stuff up. I'm not some crazy vendor who has ideas. It's like, these are actual executive orders.

Well, I'll tell you what, you in our prep call and feel free to discuss it. I mean, your ability to convey to me just the fact that you look at what the government's asking and the capability mapping to the Rancher Government tool set is pretty amazing. And I know you do that, but let me tell you, as a former being sold to kind of guy, I love when folks geek out and then tell me, Hey, you all are the ones telling us what our products need to be doing. And that's darn impressive, Mike. So shout out again to you. It's not about your credibility, it's your attention to detail.

Yes, that's where we live. We kind of live in the weeds, so it makes sense.

Well keep doing it, brother Mike. The phrase “back to the building blocks” again, seems simple. What does it mean to you?

If I had to take a guess, I probably would say it's alluding to just redefining how software is built and handled at a secure with security in mind. Like we were saying, it's rebalancing the responsibility. So it's basically putting on CTOs and vendors the requirement of coming out with secure configurations and doing things in a secure way using the correct libraries and things. So instead of coming out with software and then someone later securing it, it's more like we go to the very beginning, to the very core of the software, like the software code itself, the people who make the code and making it secure from there. So when they say back to the building blocks, I guess it's like back to the source.

I 100 percent agree with you, Mike, and to me, I kept thinking of the word foundational. There are foundational principles when one says back to the building blocks, I mean, having a foundation to build from or toward is significant. Can you elaborate? Was I catching your point with that statement?

I mean, I guess it's like saying we're siding software with security in mind from the beginning. It's designed for security, not an afterthought.

And that speaks wonderfully amen to the 800-160, which is stop bolting security on integrate it within. And let me just say this and feel free to comment. I hear people say DevOps and what do you mean by DevSecOps me? It's like the integration of security into that development and that testing and that implementation, right, wrong or otherwise?

Oh, definitely true. Like we were talking about NeuVector, its whole driving factor is the same things that drive your actual workloads. So now I'm defining my security the same way I define where and how my containers are running. So you're taking the same ideas like software development, and we're building that in with your configuration management, and then your security is bundled in with that. So now all that stuff shifts to the left, and the owners of the applications are now able to define their workloads and secure configurations all in one kind of a cycle.

Habits are hard to break, Mike. And if you're in traditional software development, maybe you're comfortable with that habit, but the migration of VMs to a container as environment, what is a habit that you encourage or you see quite often that needs to break?

Well, the first thing I'd probably say to that is we're not necessarily going off of VMs. We're still going to have VMs, but the VMs are more of a means to another layer. They're a means to the Kubernetes layer. And so I see a lot of people still using their older operating systems like Red Hat Enterprise, Linux operating systems, and they're stuck on that because they've been using that for probably a decade or two or three even. And I think that it's important to realize that general purpose operating systems are becoming increasingly unnecessary. And since this whole conversation is about containers, the VMs are really just a means to that, and we need something to provide a good kernel, and the rest of the operating system is essentially untouched, and then it becomes just a means of orchestrating that upper layer.

Mike, with the Broadcom acquisition of VMware, there's a technical migration that will happen from VMware to Harvester, for example. How technical is that? What are the things the customer should at least be aware of is going to happen?

Yes, so as we talked about, it's not an easy shift. There's a lot of things take in consideration physically. We talked about the data centers and all that, but there's also the workloads themselves. We need to analyze them and move them over. The technology differences are also a problem. Harvester, for example, uses Longhorn instead of VSAN. It uses a Rancher instead of vCenter uses containerd as a container runtime, which is running Kubernetes. We're taking all of the things that you normally run on an operating system level and putting it way up inside of a Kubernetes cluster. So your entire mentality of how these things run has to shift.

Mike, artificial intelligence is here to stay. The executive order in October of 2023 later led to the March, 2024 guidance for federal agencies In terms of implementing it, hiring chief AI officers and so forth, I know you understand AI is something that needs to be considered. Can you correlate AI though, and the benefit or lack thereof in terms of workloads?

Yes, so how I see AI right now, so there does seem to be a migration of AI out to the edge. So we're seeing more processing power out on the far edge, and that is now enabling us to even do AI on the edge where it used to be collecting raw data, shipping it to a data center, and then doing processing. We're seeing that now. And these small clusters usually have various levels of sensors and hardware equipment, and then we're all about standardizing things. And so what I kind of see is us building standardized platforms that then can distribute these workloads in an efficient way so that now we can do almost autonomous, autonomously driven workloads based on what it's discovering in its environment. So we can almost say if I see a face that I can do certain types of processing and distribute that workload across an edge cluster, rather than it being just dumb raw data being shipped out. Does that make sense? So now I can facilitate the actual usage of hardware and usage of GPUs, for example, or sensors using Kubernetes technology. So I can say, I need this type of sensor and this type of GPU and the Kubernetes scheduler will find an available node that has that and use it, and that lets me do more with less.

So not only does it make sense, but truly you just gave me a light bulb moment. Thank you for that. And that sounds awfully compelling. So not that its AI is needed, but the fact that it's here, it can truly enhance a lot of that workload and container management. Thank you for explaining that. Hey, man, well look, I like to close out with some parting shot. You've said a lot, you've geeked out quite a bit, and I'm sure our audiences be Googling a lot of the terminology that doesn't have to be as complex as some might think. What do you want to leave with the audience as a result of our talk today? My friend?

I would probably say that we shouldn't be afraid of change and that we shouldn't be afraid of making waves. And if you think that modernizing is the right thing to do, which referring to all the things we just spoke about, then you should be talking to your people about that. I mean, nobody knows better than the engineers who are on the ground and knows that half the time when I talk to people on the ground, they're always in agreeance that they're doing things that are not great, but they don't know what to do about it. And I think that that's a thing that we can collectively fix by just talking about it. And if you think that you can do better, then we should be having those conversations and not just conforming.

Wonderful. No, no, wonderful parting shot. My friend and I was educated, informed, and enlightened. Thank you for connecting not only some geek out dots, but really making sure that anybody who's interested in that transformational, that modernizing journey, that there are folks out there like yourself and Rancher, government ready to heed that call and make it as seamless and painless as possible. Alright, well thanks again, Mike. And a pleasure, pleasure chatting with you, and I look forward to it again soon.

Yep. Thanks for having me.

You got it.