Episode 1: Geek Out with Brandon Gulla - Part 1: Dispelling the Open-Source Myth

Intro:

Hey, this is Pete Tseronis. I'm super excited today to be with you and my guest and colleague, Brandon Gulla, Chief Technology Officer at Rancher Government.

We are going to geek out a little bit, but we're also going to talk a lot about what it takes to move the needle in government, how to pick the right solution, or more importantly, complement that solution with those investments that our federal government makes every day of the week, and really discuss how Kubernetes, cloud computing, cybersecurity, containers, distribution, all these terms that are associated in the wonderful world of open source, really are not that complicated because the storyteller that he is, Brandon Gulla, is not just that, but he has helped dispel the myth that this is really confusing.

We're going to jump into that and we're looking forward and hope the audience, while you're listening, is Googling the heck out of, not only who he is, that being Brandon, but really a lot of the topics we talk about because we want to educate, inform, and enlighten. Without further ado, I'm going to brag a little bit about you, Brandon.

Aside from your title and the fact that you're a big fan of the Outer Banks and that you're a Virginia Tech Hokies, this guy, title aside, has worked inside and outside the Beltway. He understands the government mission, which is very vast and diverse folks. The government has 430-some agencies each with their own mission. His ability to apply technology capability to federal mission is unique. You're going to hear a bit about that.

I'm going to kick it back to you, Brandon. I always like starting with the humanizing of individuals and then we'll get to that technology, but for starters, just tell us a little bit about your journey, both personal and professional, what's influenced you, what brought you to Rancher Government, and why you like working there so much. Let's get that passion out.

Appreciate it, Pete. First of all, thanks so much for having me today. It's an honor to be here. Huge fan of your work and having an opportunity to collaborate and communicate this, I'm really excited.

First off, my career. I've always been engaged in the computing sphere. Once upon a time ago, I wanted to just make video games. That was the thing, but of course, that type of mentality evolved with the booming of computers and of course Web 2.0. When I went to Virginia Tech, studying both business and engineering, it was important to me to be more than just the dot com type of commerce bubble. I wanted to give back.

I had an opportunity coming out of college to jump in directly within the IC and actually jump in as a contractor, really providing a lot of value at that point around Java, which, of course, has evolved, but what was important to me was giving back and being a part of the mission and accelerating the mission in any way possible.

I was lucky enough to be in a great organization focused on research, more on the academic side, and applying those research principles, especially around data science and statistics to distributed computing with massive scale. When you're working with clusters the size of thousands of nodes, you really have to boil things down to their lowest common denominator to be able to scale effectively. That was a challenge that really appealed to me and thankfully I was able to thrive in.

Once I got started there, I wanted to grow my mentality and support other agencies, and I saw the challenges that many agencies had in adopting cloud native concepts. The world was blowing up mid-2010s with all things AWS, cloud. Containerization was starting to come into play and the ability to carve up, compute, and commoditize distributed computing to be less academic and more performant and consumable.

While that makes sense for the general public, trying to transpose those types of technologies into an air-gapped setting was very difficult. Many of the customers I supported work in highly regulated environments with air-gapped networks or DDIL, and you don't have the personal security blanket that comes with the cloud and all the managed services and resiliency and high availability.

It's very much a dependency nightmare when it comes to bringing all of those dependencies with you and having them perform in an air-gapped. It was important to me to try to accelerate the mission and to give back, to make that challenge easier for both the warfighter or operators and the like.

Kubernetes came to be, and Kubernetes, for those who aren't aware, is a great technology and ecosystem driven to take modern Linux and Windows applications and have them thrive on top of distributed computing clusters without sacrificing resiliency, high availability, or even performance. While that sounds well and good, if AWS or Azure GKE puts it out, on-prem is very hard.

It was when I started messing with other technologies and seeing the challenges and frankly, the opportunities from a commercial sense and how to make this easy for our government customers, that's where I came across Rancher. Where the competitors took a team of three engineers in weeks to get up and running an air-gapped, I stood up a Kubernetes cluster and air-gapped environment, and under eight minutes.

At that point, I knew something was different. The mentality here was different, and I wanted to extend that mentality into a philosophy and find a way for it to accelerate the warfighter.

Brandon, let me riff off a little of that and just again, thank you for kind of going deep and also keeping it at a level where anybody watching is most likely going to be writing down or searching on some of the terms you mentioned. You mentioned containers, you mentioned Kubernetes. Heck, it took me a couple of days to actually be able to say, "I can go explain Kubernetes to my mother-in-law."

That is something I think in any conversation or lecture I'm sure that you've given is it requires folks, customers, in the case of the government to understand that capability. You mentioned your journey and just seeing how the world's changing, right? We may get into some zero trust here in a minute, but if we're not going to trust all the devices that are connected, ubiquitously connected worldwide, having the right solutions and tools and the people, whether it's your cloud service provider or a Rancher Government, integrator support personnel person, this is not a one trick silver bullet solution. It takes folks who understand that mission.

For all those government folk out there working with a partner, in my view, and again, I spent a good bit of time in government. I was a two-time cabinet level CTO, I used to challenge folks like you, Brandon, to say, "Do you know my mission? Do you know what I care about," because I believe you probably have a technical capability that can complement my existing investments, and I know that that is something that you will hit on. Thank you for bringing that up.

Also, for my other favorite word in a world where we live, where critical infrastructure is at risk, you mentioned warfighter, water, treatment facilities. I think of our air that we breathe in, the food, resilience matters and speed and flexibility matters. Thank you for that.

Let's jump in though to an awesome story. I know it was abbreviated. Folks, go look at his profile on LinkedIn. You'll be pretty impressed. Brandon, I look up Rancher and I'll get a hit on SUSE. I look up Rancher Government, and I may get something that says government solutions. Can you just kind of speak to just high level that relationship and at the end of the day, just to maybe demystify any confusion that's out there?

Yes, absolutely. We got started with what was then called Rancher Federal in January of 2020. We were a part of the Rancher family from a philosophy and from a technology standpoint, but at the time, the company behind Rancher, what was then called Rancher Labs, was an emerging startup, a multinational startup doing follow-the-sun support around the world with a gamut of different customers and technologies.

We wanted to focus and enable the government specifically. We stood up a separate organization called Rancher Federal, that I'm proud enough to be a co-founder of, focused on serving the government's needs. As you and I both know, the government has many unique challenges, especially when it comes to high security or compliance, all things air-gapped, DDIL, infrastructure requirements, it's a specialized market.

In order to serve that specialized market, we wanted to build an organization that understood those challenges and equipped those customers with people that understood these things. We shouldn't have to go have us being Rancher, go on site and ask a customer, "What's JWICS? What's Zypper?" That's where we come in with the domain expertise to be able to come in and accelerate our customer's mission on day one, rather than on the job training.

You asked about SUSE. In December of 2020, not too long after we started Rancher Federal, SUSE actually came along and SUSE, for those who aren't aware or maybe forgot, SUSE is actually a huge player in the Linux market with over 30 years of experience, providing open source software and most importantly enterprise operating systems. While they're huge in Europe, they're expanding and growing here in America as well, but they purchased Rancher Labs and Rancher Government.

Being that we are focused on the US government and their sensitive needs, we being Rancher Federal, became Rancher Government and continued to operate independently, but under the SUSE family. We are a FOCI-mitigated organization, which stands for Foreign Ownership Controlling Interest, where we serve as the firewall between our customer's needs and our parent company. We are still tactfully built to serve our customer's needs, but without any of the opportunity to not respect the sensitivities of our customer's missions.

I love it, Brandon. The government market is unique, and we're going to dive in a little bit of some of those leading legislative or policy-focused or guidance documents that a lot of people in the commercial world might say that doesn't apply to us. I think when we hit on a few of them, and we're going to do that for our audience, we're not going to explain the details, but these are documents that everybody should be reading, and we'll get to that. I appreciate that.

I want to just do a shout-out that I love the mission, I love the vision and love the values because if anybody looks at who Rancher Government is, just for the audience, empowering the US government through the adoption of innovative, secure mission, enhancing technologies, I love that being the preferred provider of open source and cloud native technologies, again, that correlation we'll get to, but I love the value which reflects open government principles.

Anybody in the government, in 2009 that heard, if we do a better job being participatory, collaborative and transparent, we will move the needle. It says right there, you value integrity, collaboration and transparency and a commitment to open source. Rock on. I love it. Thank you again for that little bit of background.

Let's dive into this because I like to get into what makes you special, but at the same time, you're going to need to keep that professor hat out and maybe the cliff's notes version because you're going to throw out some terms. We talked about Kubernetes.

Open source though, is something that I think gives people the heebie-jeebies of what does that really mean? It's coding. It's like I have to have special people who know this, that, and the other, but the three big things I've read about when it comes to Rancher are things like, you got to have the skill sets. You want to be able to rapidly prototype, and you have to concern yourself with vendor lock-in. All that being said, what makes Rancher Government unique when it comes to its capabilities?

Great question. You mentioned why open source. Isn't open source scary? When I think of open source, I think of three unique i's, if you will. It's innovation, iteration, and inheritance. Those three things, I think, are very important to the US government today.

Innovation, that speaks for itself. We all need to be doing better. We need to push the mission right by taking requirements left and build in a lot of capabilities into the product and alleviate that from the operator downstream. That's innovation, speaks for itself.

Number two is inheritance. Today, the only way that we can speed up the ability to serve mission is by moving faster, moving our time from code commit to being deployed in the field faster. The only way we're going to get there is by accelerating the path to production, and that's through the cyber assurance process.

Every agency has their own CSO, their own cyber assessors. We need a way to iteratively accelerate the mission, and that's by taking pockets of trust where you're maybe validating a certain operating system, maybe a certain data center, and building on that inheritable chain. You don't want to have to push out a new update.

Say for example, let's say if you're Bank of America or some other FinSec app and you sign up for an account and you have a zip code and they want to go in and change that zip code or say they want to add a zip code, maybe a new zip code opened up in some county, they don't need to push out a brand new bankofamerica.com app. They go in and they do an iterative build, and they're not going to do a full cyber assurance process from that zip code field all the way down through their application. They need to inherit that trust all the way up.

We've seen this through the great work of the Air Force and others within the DOD and IC, this concept of, excuse me, a continuous ATO, that's trusting the technology and having that technology pre-assessed. That's just a checkbox that's already filled out whenever a mission tries and wants to go into production or into mission. We need a way to get to mission faster. The way that we do that here at Rancher is through declarative security certifications as well as principles.

We're proud enough here to have two active DISA STIGs or Secure Technical Implementation Guides, which are essentially a recipe for proper secure configuration for software deployments that we have in-house in partnership with DISA. We're working on a third right now.

Additionally, we believe in declarative trust through the NIST program as well. We've actually submitted and have an active NIST validated encryption module for FIPS 140-3. I don't want to go too in the weeds there, but it's very important to have declarative assurances with the US government and show them that we are a trusted force and that we can be inherited from.

I love it. I love it. I love it because it's not like the government can just buy direct. You have an ecosystem, I would imagine at Rancher, with third-party solution providers or resellers. Forgive me, a lot of these terms, I didn't know. I thought when I was in government, I'm buying right from Rancher, and then I come out into the world I've been in for eight years, and it's like, "There's a distributor, there's a reseller, there's a channel partner, there's all these integrators," some of which you've worked in the past.

That tapestry that is woven is so critical to ultimately a solution or a capability at Rancher, and we'll get to some of those new vector RKE2, it's got to work and a lot of people are dependent. Thank you for that. By the way, I know you talked about innovation, inheritance, and [inaudible 00:15:48].

I think it's important for us to continue to iterate and make things better. You mentioned open source, right? We are an open source company. A lot of what we do, the vast majority of everything we do here at Rancher Government is completely open source. The only way that we can do that is because open source has laid the pathway in front of us. For those who aren't aware, open source means building software components or software code and putting it out there for the world to use, whether that's within business or extending or iterating on top of.

Kubernetes, itself, is a very fancy word, but it's a great platform to distribute Linux and Windows applications across clouds, if you will, and build in the common assurances such as disaster recovery, resiliency, high availability, and security comes later as it often does, but we extend on top of that.

The team up at SUSE, the Rancher engineering team, has put out the Rancher manager, the Rancher multi cluster manager, but here at Rancher Government, we've iterated on top of that iteration of open source. What we're doing is we've actually built a new capability internally called Rancher Government Carbide and Carbide, much like many of our wedding rings and tungsten carbide, it means a hardened state.

We actually take the open source community distributions from Rancher, and we bring them in-house and rebuild them to government specs and standards. Things like software, bill of materials, attestation reports, digital signatures, we essentially take the open source version, wrap it in body armor, and then add specific capabilities that only really make sense for our US government missions and customers. We are iterating on top of that open source standard that we're so proud to help support, but build a tactical distribution specifically for our mission operators.

Brandon, I hear that wrapper, which is special to the federal government. I could imagine that when you're sitting with a customer and there's that flexibility and that customization needed, aside from meeting the compliance, do you find that a lot of the agencies say, well, my mission and maybe it's my security parameters are different than again, there's 436 of these agencies, do you find that you have to do a bit more so you're not conveying, "Hey, buy our stuff and it'll work. It's plug and play."

There's a lot of that iterative, if you will, discussions with the end customer to make sure they're getting the Rancher Government solution that meets that mission. Is that fair to say?

It is, but we, here at Rancher, unlike some of those in the community, we're very non-prescriptive. We are decoupled from the infrastructure, the operating system. We're all about choice. Even if you're not using our Kubernetes, but you want our Rancher manager, multi-cluster manager to be that management back plane for your entire Kubernetes enterprise, you can bring your Kubernetes clusters to us and we'll bring them in-house as a first class citizen and manage them, secure them, and operate them from day two and beyond.

To your point about being able to fit into a mission round hole with a square peg, that's not what we do here. We're all about choice. Like I mentioned, we're non-prescriptive, but that flexibility is what's empowering missions today and accelerating their path to production.

One of the more public use cases we can talk about, unfortunately, many we can't, but one of our more public ones we can talk about is some efforts that we  had a team of engineers, myself included, go out to Beale Air Force Base, be a part of the team that actually put Kubernetes in the nose cone of a U-2 spy plane.

While that's cool, for the obvious reasons, what I don't want people to lose sight of is the U-2 spy plane, who knows when it actually first got created, but it's a 65-year-old bird. If we can help modernize a 65-year-old spy plane, what excuse do you have for your mission today in government that may be 10 years old, 5 years old, or using a legacy technology?

I don't want people to think that cloud native and certainly our Kubernetes stack or any Kubernetes stack is exclusive to greenfield applications or organizations that are starting fresh. There's an opportunity for any mission, any application to be adopting cloud native technologies and capitalize on all the accelerations that they provide.