For this special edition of TCP Talks, Justin and Jonathan are joined by Travis Runty, CTO of Public Cloud with Rackspace Technology. In today’s interview, they discuss being accidentally multi cloud, public vs private cloud, and cloud migration, and best practices when assisting clients with their cloud journeys.

Background

Rackspace Technology, commonly known as Rackspace, is a leading multi-cloud solutions provider headquartered in San Antonio, Texas, United States. Founded in 1998, Rackspace has established itself as a trusted partner for businesses seeking expertise in managing and optimizing their cloud environments.

The company offers a wide range of services aimed at helping organizations navigate the complexities of cloud computing, including cloud migration, managed hosting, security, data analytics, and application modernization. Rackspace supports various cloud platforms, including AWS, Azure, and GCP, among others.

Rackspace prides itself on its “Fanatical Experience” approach, which emphasizes delivering exceptional customer support and service. This commitment to customer satisfaction has contributed to Rackspace’s reputation as a reliable and customer-centric provider in the cloud computing industry.

Meet Travis Runty, CTO of Public Cloud for Rackspace Technology

Beginning his career with Rackspace as a Linux engineer, Travis has spent the last 15 years working his way through multiple divisions of the company, including 10 years in senior and director level positions. Most recently, Travis served as VP of Technical Support of Global Cloud Operations from 2020-2022.

Travis is extremely passionate about building and leading high performance engineering teams and delivering innovative solutions. Most recently, as a member of their technology council, Travis wrote an article for Forbes – Building a Cloud-Savvy Workforce: Empowering Your Team for Success – where he discussed best practices for prioritizing workforce enablement, especially when it comes to training and transformation initiatives.

Interview Notes:

In the main show, TCP has been talking a lot about Cloud / hybrid cloud / multi-cloud and repatriating data back to on prem, and today’s guest knows all about those topics.

Rackspace has had quite a few phases in their journey to public cloud – including building a data center in an unused mall, introducing managed services, creating partnerships with VMware, an attempt to go head to head with the hyperscalers, and then ultimately focusing on public cloud and instead partnering with the hyperscalers.

Rackspace has both a focus on private and public cloud; when it comes to private cloud they focus mainly on VMware and OpenStack, whereas in the public cloud side, Rackspace partners with the hyperscalers to assist clients with their cloud journey.

Quotes from today’s show

Travis: “We want to make sure that when a customer goes on their public cloud journey, that they actually have a robust strategy that is going to be effective. From there, we’re able to leverage our professional services teams to make sure that they can realize that transformation, and hopefully there *is* a transformation, and it’s not just a lift and shift.”

Travis: “A conflict that we continuously have to strike the balance of is when do we apply a cloud native solution, and where do we apply the Rackspace elements on top. The hyperscalers technology is the best there is, and we’re probably not going to create a better version of “x” than AWS does – nor do we want to.”

Travis: “We favor cloud native. Every single time we’re going to favor the platform’s native solution, unless the customer has a really really strong opinion about being vendor locked. Which sometimes they do. And if that’s the case we can establish a solution that gives them that portability. But for right now, the customers are generally preferring cloud native solutions.”

A bonus episode of The Cloud Pod may be just what the doctor ordered, and this week Justin and Jonathan are here to bring you an interview with Sandy Bird of Sonrai Security. There’s so much going on in the IAM space, and we’re really happy to have an expert in the studio with us this week to talk about some of the security least privilege specifics.

Sonrai (pronounced Son-ree, which means data in Gaelic) was founded in 2017. Sonrai provides Cloud Data Control, and seeks to deliver a complete risk model of all identity and data relationships, which includes activity and movement across cloud accounts, providers, and third party data stores.

Start your free trial today

Sandy is the co-founder and CTO of Sonrai, and has a long career in the tech industry. He was the CTO and co-founder of Q1 Labs, which was acquired by IBM in 2011, and helped to drive IBM security growth as CTO for global business security there.

One of the big questions we start the interview with is just how has IAM evolved – and what kind of effect have those changes had on the identity models? Enterprise wants things to be least privilege, but it’s hard to find the logs. In cloud, however *most* things are logged – and so least privilege became an option.

Sonrai offers the first cloud permissions firewall, which enables one click least privilege management, which is important in the current environment where the platforms operate so differently from each other. With this solution, you have better control of your cloud access, limit your permissions, attack surface, and automate least privilege – all without slowing down DevOps2.

Is the perfect policy achievable? Sandy breaks it between human identities and workload identities; they’re definitely separate. He claims, in workload identities the perfect policy is probably possible. Human identity is hugely sporadic, however, it’s important to at least try to get to that perfect policy, especially when dealing with sensitive information. One of the more interesting data pieces they found was that less than 10% of identities with sensitive permissions actually used them – and you can use the information to balance out actually handing out permissions versus a one time use case.

Sonrai spent a lot of time looking at new solutions to problems with permissions; part of this includes purpose-built integration, offering a flexible open GraphQL API with prebuilt integrations.

Sonrai also offers continuous monitoring; providing ongoing intelligence on all the permission usage – including excess permissions – and enables the removal of unused permissions without any sort of disruptions. Policy automation automatically writes IAM policies tailored to access needs, and simplifies processes for teams.

On demand access is another tool that gives on demand requests for permissions that are restricted with a quick and efficient process.

Sandy: “The unbelievably powerful model in AWS can do amazing things, especially when you get into some of the advanced conditions – but man, for a human to understand what all this stuff is, is super hard. Then you go to the Azure model, which is very different. It’s an allow first model. If you have an allow anywhere in the tree, you can do whatever is asked, but there’s this hierarchy to the whole thing, and so when you think you want to remove something you may not even be removing it., because something above may have that permission anyway. It’s a whole different model to learn there.”

Sandy: “Only like 8% of those identities actually use the sensitive parts of them; the other 92 just sit in the cloud, never being used, and so most likely during that break loss scenario in the middle of the night, somebody’s troubleshooting, they have to create some stuff, and overpermission it . If we control this centrally, the sprawl doesn’t happen.”

Sandy: There is this fear that if I remove this identity, I may not be able to put it back the way it was if it was supposed to be important… We came up with a secondary concept for the things that you were worried about… where we basically short circuit them, and say these things can’t log in and be used anymore, however we don’t delete the key material, we don’t delete the permissions. We leave those all intact.”

In this episode, Andrew Krug talks about Datadog as a security observability tool, shedding light on some of its applications as well as its benefits to engineers.

Andrew is the lead in Datadog Security Advocacy and Datadog Security Labs. Also a Cloud Security consultant, he started the Threat Response Project, a toolkit for Amazon Web Services first responders. Andrew has also spoken at Black Hat USA, DEFCON, re:Invent, and other platforms..

Datadog is focused on bringing security to engineering teams, not just security people. One of the biggest advantages of Datadog or other vendors is how they ingest and normalize various log sources. It can be very challenging to maintain a reasonable data structure for logs ingested from cloud providers.

Vendors try to provide customers with enough signals that they feel they are getting value while trying not to flood them with unactionable alerts. Also, considering the cloud friendliness for the stack is crucial for clients evaluating a new product.

Datadog is active in the open-source community and gives back to groups like the Cloud native computing foundation. One of their popular open-source security tools created is Stratus-red-team which simulates the techniques of attackers in a clean room environment. The criticality of findings is becoming a major topic. It is necessary when evaluating that criticality is based on how much risk applies to the business, and what can be done.

One of the things that teams struggle with as high maturity DevOps is trying to automate incident handling or response to critical alerts as this can cause Configuration Drift which is why there is a lot of hesitation to fully automate things. Having someone to make hard choices is at the heart of incident handling processes.

Datadog Cloud SIEM was created to help customers who were already customers of logs. Datadog SIEM is also very easy to use such that without being a security expert, the UI is simple. It is quite difficult to deploy a SIEM on completely unstructured logs, hence being able to extract and normalize data to a set of security attributes is highly beneficial. Interestingly, the typical boring hygienic issues that are easy to detect still cause major problems for very large companies. This is where posture management comes in to address issues on time and prevent large breaches.

Generally, Datadog is inclined towards moving these detections closer to the data that they are securing, and examining the application run time in real-time to verify that there are no issues. Datadog would be helpful to solve IAM challenges through CSPM which evaluates policies. For engineering teams, the benefit is seen in how information surfaces in areas where they normally look, especially with Datadog Security products where Issues are sorted in order of importance.

Security Observability Day is coming up on the 18th of April when Datadog products will be highlighted; the link to sign up is available on the Datadog Twitter page and Datadog community Slack. To find out more, reach out to Andrew on Twitter @andrewkrug and on the Datadog Security Labs website.

Top Quotes

• “I think that great security solutions…start with alerts that you are hundred percent confident as a customer that you would act on”
• “When we talk about the context of ‘how critical is an alert?’ It is always nice to put that risk lens on it for the business”
• “Humans are awesome unless you want really consistent results, and that’s where automating part of the process comes into play”
• “More standardization always lends itself to better detection”

In this episode, Ravi Mayuram highlights the functionality of Couchbase as an evolutionary database platform, citing several simple day-to-day use cases and particular advantages of Couchbase.

Ravi Mayuram is CTO of Couchbase. He is an accomplished engineering executive with a passion for creating and delivering game-changing products for startups as well as Fortune-500 industry-leading companies.

Notes

Couchbase set out to build a next-generation database. Data has evolved greatly with IT advancements. The goal was to build a database that will connect people to the newer technologies, addressing problems that relational systems did not have to solve. The fundamental shift is that earlier systems were internally focused, built for trained users but now the systems are built directly for consumers. This shift also plays out in the vast difference in the number of consumers now interacting with these systems compared to the fewer trained users previously interacting with the systems.

One of the key factors that sets Couchbase apart is the No-SQL Database. It is a database that has evolved by combining five systems; a Cache and Key-value store, a Document store, a Relational document store, a Search system, and an Analytical system. Secondly, Couchbase performs well in the geo-distributed manner such that with one click, data is made available across availability zones. Lastly, all of this can be done at a large scale in seconds.

Regarding the global database concept that Google talks about, a globally consistent database may not be needed by most companies. The performance will be the biggest problem as transaction speed will be considerably low. Couchbase does these transactions locally within the data center and replicates them on the other side. The main issue of relational systems is that they make you pay the price of every transaction no matter how minor, but with Couchbase, it is possible to pay only the cost only with certain crucial transactions.

Edge has become a part of the enterprise architecture even such that people now have edge-based solutions. Two edges are emerging; the Network edge and the Tool edge where people are interfacing. Couchbase has built a mobile database available on devices, with sync capability.

As a consumer, the primary advantage of bringing data closer to the consumer is the latency issue. Often, data has to go through firewalls and multiple steps which delays it but this is the benefit of Couchbase. The user simply continues to have access to the data while Couchbase synchronizes the data in the back.

One of the applications of Couchbase in healthcare is insulin tracking. With many devices that monitor insulin which must work everywhere you go, Couchbase Lite does the insulin tracking, keeps the data even in the absence of a network, and later syncs it for review by healthcare professionals. This is also useful in operating rooms where the network is not accessible. The real benefit is seen when the data eventually gets back to the server and can be interpreted to make decisions on patient care.

The Couchbase Capella Service runs in the cloud and allows clients to specify what data should be sent to the edge and what should not be. This offers privacy and security measures, such that even in the loss or damage of a device, the data is secure and can be recovered. To effectively manage edge in devices, a lot of problems must be addressed to make it easier.

One of the concerns for anyone coming into Couchbase Capella is the expense of data extraction from the cloud, however, Couchbase is available on all three cloud providers. Also, with Couchbase, there is no need to keep replicating data as you can work on the data without moving it, which largely saves costs.

Other use cases for Couchbase include information for flight bookings, flight crew management systems, hotel reservations, and credit card payments. To learn more, visit the Couchbase website. There is also a free trial for the Couchbase Capella Service.  

Top Quotes

• “The modern database has to do more than what the old database did”
• “Managing edge in devices is not an easy thing, and so you have to solve a lot of problems so it becomes easier”

In this episode, Peter sits with Rahul Thakkar to discuss the revolutionary AWS SimSpace Weaver, highlighting its unique function and applications across several industries.

Rahul Thakkar is the Director and General Manager of Simulation Technologies at Amazon Web Services. Before AWS, he held multiple executive roles at Boeing, Brivo, PIXIA, and DreamWorks Animation. He is an inventor, and global technology executive with a background in cloud computing, distributed and high-performance computing, media and entertainment, film, television, defense and intelligence, aerospace, and access control.

His film credits include Shrek, Antz, and Legend of Bagger Vance. In 2002, he was part of the team that won an Academy Award for Shrek as the Best Animated Feature. Again in 2016, at the 88th Annual Academy Awards, Thakkar received a Technical Achievement Award.

AWS SimSpace Weaver enables customers to run extremely large-scale spatial simulations without having to manage any of the underlying infrastructure. It also removes the complexity of state management of entities as they move about the simulation. Previously, carrying out such simulations would be done sequentially, in a cumbersome manner over years but now it can be done in parallel in weeks. Different organizations have tried out this functionality for several scenarios and the results have been amazing. This value was largely made possible due to the approach of working with customer feedback.

Rahul’s interest in the cloud came much later in his career which started initially in the R&D department of the Motion Picture industry where he created many of the complex graphics in movies. He later moved into a small start-up that was developing technologies for satellite imagery and mapping, and from here he moved to aerospace. Generally, he observed the problem that it is very expensive for companies to maintain their infrastructure when dealing with simulations. It also would drain resources and distract from the main focus of the company. Eventually, knew he had to use AWS, and now he works with them.

All the other primitive tools within AWS are being consumed to build the service. There is also the ability to write to S3 so that customers can write the simulations out. This helps customers to remember how the simulation played out.

Relating this new service to the metaverse, Rahul believes that when it comes to the metaverse, each organization has its vision of what it should be. However, AWS built the tools to empower these organizations to build their metaverses. Despite the possibility of having competition from Azure or GCP, the focus of AWS would remain on the customer and their needs, innovation on their behalf.

Identifying new problems that the service would be very applicable for is a great challenge that AWS relies on customers for, to help AWS envision where they want to go with the service. There are definitely many companies running simulations but it is hard to predict how many would migrate to the AWS SimSpace Weaver because it is still a new product. Nonetheless, a lot of industries are interested in this new service. These include smart cities, organizations ranging from local to federal or international, logistics and supply chains, large-scale event planning, or any situation where there is a need to simulate a large problem with digital replicas of the real world.

• “The fact that we worked from the customer backwards is something that allowed us to deliver the kind of value that they’re getting right now with AWS SimSpace Weaver”
• “Each one of these organizations have their own vision of a metaverse”

In this episode, Christine talks about her company, Honeycomb which runs on AWS, with the goal of promoting observability for clients interested in the performance of their code or those trying to identify problem areas that need to be corrected.

Christine Yen is the Co-Founder and CEO of Honeycomb. Before founding Honeycomb, she built analytics products at Parse/Facebook and loved writing software to separate signals from noise. Christine delights in being a developer in a room full of ops folks. Outside of work, Christine is kept busy by her two dogs and wants your sci-fi & fantasy book recommendations.

Honeycomb is an observability platform that helps customers understand why their code is behaving differently from what they expected. The inspiration behind this software came after Christine’s previous company was acquired by Facebook and they realized how software made it very easy to identify problems in large code data within a short time. This encouraged them to build the tool and make it available to all engineers.

If the first wave of DevOps was Ops-people learning how to automate their working code, the second wave would be helping developers learn to operate their code. Honeycomb is designed intentionally to ensure that all types of engineers can make sense of the tool.

Honeycomb has always come up with ways for customers to use AWS products and get the data reflected in Honeycomb to be manipulated. Over the last few months, they have ensured that it is possible for clients to plug into CloudWatch Log and CloudWatch metrics, and redirect data directly from AWS products into Honeycomb instead. Clients can also use Honeycomb to extract data based on what their applications are doing. This applies to performance optimization, experimentation, or any situation where a company wants to try a code to see how it performs on production. The focus remains on the application layer. Before Honeycomb, no one was using observability in this context.

The pricing of Honeycomb is based on the volume of data, which makes it predictable and understandable. Unlike when the pricing scale is based on the fidelity of the data, which can be quite expensive.

Challenges within the observability space: The question is how to help new engineers learn from the seasoned engineers on the team through paper trails left by the seasoned engineers. This is a problem that can only be solved by enabling teams to orient new engineers on their systems without having to create another question as part of the code.

Building an AI Approach in Honeycomb may not be suitable because of the context involved, since training effective machine learning models relies on a vast amount of easily classifiable data and this does not apply in the world of software; every engineering team’s systems are different from every other engineering team’s systems. Honeycomb is interested in using Al to build these models in order to help users know what questions to ask.

With Honeycomb, usage patterns are much more dependent on the curiosity and proficiency of the engineering team; while some engineers who are used to getting answers directly may just leave the software, those who have a culture of asking questions will benefit more from it.

• “Not having to predict ahead of time what matters, is making such a difference in our ability as engineers to get ahead of issues, identify them quickly, resolve them”
• “We’re out of a world where any individual engineer holds the entire system in their head”
• “Observability is the only way forward as we make our worlds ever less predictable”