Today’s episode features an interview between Matt Trifiro and Galeal Zino, CEO and Founder of NetFoundry. In this interview, Galeal discusses NetFoundry’s mission to enable innovation, the importance of zero trust networking, his views on the future of edge technology, and much more.
Today’s episode features an interview between Matt Trifiro and Galeal Zino, CEO and Founder of NetFoundry.
Galeal has been a founder and executive for the past 15 years, leading teams that developed the world’s largest VoIP network and built global voice and video communications services.
In this interview, Galeal discusses NetFoundry’s mission to enable innovation, the importance of zero trust networking, his views on the future of edge technology, and much more.
Key Quotes:
“At the base layer, NetFoundry enables innovation. Networking gets in the way of innovation. I've been doing it 20 years, and it's difficult, but we take the networking headache out of the equation. “
“If we try to look at edge in a vacuum, like ‘I'm just going to do all my edge computing in the corner of my store-‘ that's probably not really the right vision. You’re going to have to do a whole lot of compute in other places. Edge data centers, core cloud, et cetera. It really is a continuum.”
“The edge is becoming part of the internet…some of the really awesome innovations that are happening on the device or user side of the network-- autonomous cars, robotics, IOT devices-- the power of those innovations is unlocked when it connects to the rest of the innovations that are happening at the cloud”
Sponsors
Over the Edge is brought to you by the generous sponsorship of Catchpoint, NetFoundry, Ori Industries, Packet, Seagate, Vapor IO, and Zenlayer.
The featured sponsor of this episode of Over the Edge is NetFoundry. What do IoT apps, edge compute and edge data centers have in common? They need simple, secure networking. Unfortunately, SD-WAN and VPN are square pegs in round holes. NetFoundry solves the headache, providing software-only, zero trust networking, embeddable in any device or app. Go to NetFoundry.io to learn more.
Links
Matt: [00:00:00] hello everybody. My name is Matt Trifiro . I'm the chief marketing officer of vapor IO, and I'm also the chair of the state of age project at the Linux foundation. . We're here with Galeal Zino the CEO of net Foundry. Hi Galeal. How are you doing?
[00:00:14] Galeal: I'm great, man. How are you doing?
[00:00:16] Matt: I'm doing terrific. I'm doing terrific. So, you know, before we talk about what net Foundry does and networking and all that, I'm just curious. I mean, you're in, an engineer by background, a CEO by practice.
[00:00:26] How did you get into technology?
[00:00:29] Galeal: Yeah, I got in the way a lot of folks do by walking right into the fire. We used to call it the steam room or the boiler room of a shift mat. It was 98 back then always over IP was the fire room. Right. We were shoveling coal on sort of fire
[00:00:46] to create
[00:00:48] Matt: her that's early days for voiceover IP.
[00:00:50] Galeal: Yeah. Yeah. It was a lot of fun and company.
[00:00:52]it itse, we became the global leader in invoice built the world's largest voice network. No better way to jump [00:01:00] into the fire and get to learn technology.
[00:01:02] Matt: Are you a founder of that company
[00:01:03] Galeal: I was not a founder. I came in as a intern in the network operations center. eventually we
[00:01:10] Matt: and they literally throw you into the boiler room.
[00:01:12] Galeal: Oh yeah, that, that was the boiler room. No better way to learn point.
[00:01:16]eventually was, was CTO there before we went, we did an IPO, we did a secondary, and then eventually sold, after the crash.
[00:01:24] Matt: Yeah. Now for people that aren't familiar with net Foundry, you're actually a wholly owned subsidiary of Tata communications. Can you tell us a little bit about Tata and how, how net Foundry came about and, you know, while you're located here and just kind of, it's a really interesting story. I think.
[00:01:40] Galeal: Yeah, we were part of an incubator type program called shape the future. a lot of big corporates as, you know, run these types of incubator programs too. I think moonshot type opportunities. I think the criteria for shape the future with something has to be a $200 million type [00:02:00] opportunity, in that scenario, Tata acts as like the VC, and you then have the opportunity.
[00:02:09] Two, leave your, position, start a new company, build it completely outside. Of the mothership. so, you know, we, I did everything from scratch, which was actually very smart and very good thing from, for Tata to do there's other incubators, who've tried to kind of, you know, leverage internal synergies, blah, blah, blah.
[00:02:30] Right. That's
[00:02:30] Matt: So, so you were, you're an employee of Tata communications, and somehow you got involved in this program and you pitched internally. Is that how that happened?
[00:02:38] Galeal: Yeah. Yeah. Yeah. Prior, prior to absolutely built a video conferencing and web RTC business. had some connections that actually go all the way back to that taxi, startup that I mentioned earlier, and bill net Foundry, officially as a subsidiary starting last year, meaning that, you know, at Delaware C Corp, but using still, obviously working very [00:03:00] closely, within the ecosystem to develop what we're developing.
[00:03:03] Matt: Right. So let's, let's talk a little about that. So, I mean, w what does Foundry do?
[00:03:08] Galeal: Yeah, but the kind of baseline that we enable innovation. Oh, that's what we tried to do. Networking. It gets in the way of innovation. You know, I've been doing it 20 years. It's difficult. and if we do our job, we take the networking headache out of the equation. Right? So you have an application, you have a solution.
[00:03:30] Okay. It needs private secure, high-performance networking, but you don't want to be a network engineer and you don't want to be held up by the network inside. And so we take that out of the equation, providing as a service, most analogous Matt two, you know where AWS was in 2006, like I can go and I can spin up some instances.
[00:03:53] I don't really know how they allocate the compute blocks to me or you. I don't care. It just works obviously under the covers. [00:04:00] AWS and Azure and anyone else it was doing a tremendous amount of work. That's what net Foundry does. We want to do all the work, behind the scenes, so to speak and make it really, really easy for someone to spin up in that Foundry network.
[00:04:12] Matt: Yeah, and I totally get that. I mean, I came from the cloud world and now I work in the data center infrastructure world. And a while now it seems completely obvious and intuitive, you know, when you're a cloud developer or a cloud person, You're just like you're dealing with these abstraction layers.
[00:04:28] Right. And then you get down down to the end of the, you know, roll up your sleeves. And like, these things have spinning parts with motors in them. Right. They have fans that have cables and like, you know, and yeah. And so, and so if you don't want to get into that business of. Plugging cables and installing routers and, you know, replacing fans, abstraction layer really makes sense.
[00:04:49] And so are you, are you telling me that, , that abstraction layer for networking, prior to net Foundry hasn't really existed in the cloud as part of the cloud services?
[00:04:58] Galeal: It has not. I mean, to give you an idea, [00:05:00] you can either programmatically with our APIs or via web console, you can actually spin up. A global private multicloud network wouldn't have Foundry in minutes. And to this day, there's not a similar technology. Yeah. On the market. It will come. you use the exact right word, Matt it's, it's the proper abstractions and mr.
[00:05:19] Proper controls, right. Being able to get that combination right. Then it's difficult. And we're hopefully continually improving all the time. I'm on that balance, but making sure Matt, that you have the controls necessary to do exactly what you need. Well, that network. And then the abstractions to make it simple for you.
[00:05:37] Matt: Yeah. So let's, , let's unpack all that let's talk about. And the, since this was an ed show, let's, let's, let's bring edge into this. Actually take the leap that, I'm hoping are just going to take and just recognize that the edge is going to become part of the internet.
[00:05:48] Right. It's going to be a part of this global and fabric. And obviously having a network that. Connects workloads that are running in the core potentially on multiple [00:06:00] clouds, to, you know, services that might be running in regional data centers to services that might be running in edge data centers to services that might actually be running on a device or an an on premise data center.
[00:06:11] And you've got a diversity of equipment, a diversity of opinions on networking. all of that, like. If I wanted to build that application, let's say it's an AI application. I'm doing, I'm building my models. I'm training my models in the core. And I'm sending my, my inference runtimes out towards the edge.
[00:06:28] And I've got all these workloads running. I want them connected to a network. If I, if I didn't have Nat Foundry, what would I have to do? And then if I have net Foundry, how does that make my job that much easier?
[00:06:40] Galeal: Yeah, I'll start with the ladder. When that Foundry, we want to let you get whatever that excess you can get. Four G five G wifi ethernet, any internet access. And you should be done at that point, right? That internet connection should give you yeah. Agility, the [00:07:00] reach, the security, the performance, all of the factors that you just articulated at map that basically enable continuous compute to happen in the backend.
[00:07:07] Some compute is going to happen locally. Some of the edge data center, some of the cloud, the networking piece then becomes solved for you without us, without net Foundry. We see two predominant alternatives. If it's a mobile type connection you can take, what's called a private business APM, which is essentially just the equivalent of the VPN.
[00:07:32]the APN basically tells the mobile carrier or something like for Verizon at and T et cetera. It says, Hey, you know, this isn't just Joe public. This is MAPCO. And when METCO comes to the tower, I want you to route it. In a VPN, usually through a couple of other locations, I want you to round it to Matt CO's enterprise assets in some private data center and some cloud, wherever it might be.
[00:07:59]you stitch [00:08:00] together a whole bunch of VPNs, and you kind of get a private network by virtue of dedicated circuits. It works and it can be the right solution for some people. On the other hand, if you have the type of application where nailing up a bunch of circuits, and now all of a sudden your application starts to move or go multi-cloud, it's containerized, it evolves.
[00:08:25] And now you got to kind of redo all those VPNs, lots of problems, and that causes friction for you and it limits your innovation. So our goal is I think that VPN mess out of the picture, you plug into the internet you're done at that point.
[00:08:41] Matt: And so, so I have a relationship with, with net Foundry, , it's an, a monthly fee for your service based on how much I use. How does
[00:08:47] that
[00:08:47] work?
[00:08:47] Galeal: Yeah, it's a SAS type model. and just to take it one step further, Matt, your relationship may be with a solution provider who has put in this Foundry into their solution [00:09:00] so that you're buying a solution, that already has a networking built into it. And you may just go. Your providers single pane of glass, so to speak their web console, whatever it is, where you're kind of putting together, defining your solution.
[00:09:15] And then then the backend, there's some APIs back to them Foundry to make the network magic happen.
[00:09:20] Matt: All right. I assume that this is all programmatic. I can, I can construct and deconstruct and reconfigure this Foundry network, on the fly.
[00:09:30]yeah. And in fact, you know, one of the big trends in, in edge, and I think it's, it comes out of a couple of things.
[00:09:36] One is just the need to respond to network conditions in real time. Right. and also recognition that, You're dealing with probably multiple orders of magnitude, more complexity, in applications and networking, to the point where you actually need programs to do these things dynamically.
[00:09:55]so it seems having the ability to provision, whatever. [00:10:00] Global network. I need, that's what I'm hearing through an API or multiple global networks. If I need them through an API is exactly what you need. And then, just as I provision them, I get billed like I'm spinning up easy two instances on Amazon.
[00:10:12] Galeal: Yeah, usage, usage based Matt in the SAS model. And you're absolutely right. we think the ability to automate, to be able to programmatically impact those networks, that's kind of like table stakes, right? We believe in an edge world that's extremely dynamic and does have a need for things like a front role networks.
[00:10:33] You need that as a starting point and then to go to a step further, having that integrated with the rest of the stack. so that the end customer can essentially buy what we call a turnkey solution stack. That's where it really gets interesting, right? Because I mean, let's face it. Edge is not simple. it just is difficult.
[00:10:52] They have enough problems.
[00:10:54] Matt: Yeah, well, let's, let's talk, let's, let's put a pin in this and come back to your global network and let's talk about, you know, how, what [00:11:00] challenges you see at the edge and, you know, how net Foundry views, you know, some of these solutions, whether it's it's packaging up solutions with partners, or it's just the base technology you're, you're looking to innovate around.
[00:11:11] Galeal: Yeah, absolutely. So we probably have some irrational exuberance here, but bear with me. and that's part of it right at the ability to innovate in ways we haven't innovated before. For example, access to ultra low latency compute. ability to do local distributed processing. What it means by definition is those applications don't exist today, which means the support structures around those applications that exist today, which means that the maintenance management, et cetera, it's all new.
[00:11:42] And so we're going into unchartered territory, which is exactly why we started in that Foundry. Right. We want to enable folks to go into unchartered territory and at least try to take the, the networking piece. How does the wild, wild West, so to speak, meanwhile, on the edge itself, I think [00:12:00] sometimes, you know, folks envision like, yeah, a world class data center, you know, which has a high degree of engineering, for things even like, you know, cooling, you know, things we kind of take for granted unless you walk into one and you're quite cold all of a sudden, yeah.
[00:12:16] Try to put that into a retail store. It's not gonna happen. Right? You're going to do some amount of compute in the retail store. You're going to have to work around the constraints. You don't have a full time. It, the staff there, you don't have AB power. You don't have the proper cooling, et cetera, et cetera.
[00:12:33] And then you're going to have to do a whole lot of compute. In other places, edge data centers, core cloud, et cetera. It really is a continuum. I, I think Matt sometimes if we, if we try to look at edge, like in a vacuum yeah. I'm just gonna do all my edge computing in the corner of my store. That's probably
[00:12:51] not really
[00:12:52] the right
[00:12:52] vision.
[00:12:53] Matt: that sounds like on premises computing.
[00:12:57] Yeah, And so I think that's kind of, you know, it's a sort of a [00:13:00] fake, fake edge computing. You know, my, my, my view is that, well, it's, what I started with is that, you know, the, the edge is just becoming part of the internet. And I think, you know, I don't mean to dismiss some of the really awesome innovations that are happening on the device or user side of the network, you know, autonomous cars and, you know, robotics and IOT devices.
[00:13:18]but really the power of. Those innovations is unlocked when it connects to the rest of the innovations that are happening at the cloud, including the networking solutions like, like you guys are offering.
[00:13:31] Galeal: Yeah. That's that's it is that distributed compute
[00:13:34] model,
[00:13:35] right?
[00:13:36] Matt: Yeah. Well, and as you say, the other thing about distributed compute is it's creates a lot of complexity. And if I can, if I can take some of the complexity out of that equation by offloading it to you and your engineering staff, that could be a really attractive value proposition. certainly get that.
[00:13:50]let's talk a little bit about, you mentioned a global network, and that sounds to me like you have equipment in the field. what does your network look like?
[00:13:58] Galeal: Yeah. [00:14:00] So. We have what we call routers in a nontechnical sentence. So, so forget about like a full Cisco Juniper, Alcatel, Lucent router, right? envision software that we built in house and we spin up and spin down on demand in like containerized and virtualized type four functions on commodity hardware, globally edge data centers, infrastructure as a service.
[00:14:29] Multiple tier one, backbones, these routers Matt, or purchased an internet overlay. And the advantage they provide is if your application now needs to go from point a to point B and more realistically, as you just articulated point a B, C, D E F.
[00:14:48]
[00:14:48]it better have a number of paths to get there. Right? there is internet
[00:14:52] Matt: Yeah. Root divorce. Diversity is really important
[00:14:54] Galeal: Exactly. that's what those routers provide to our end points. Our software end points [00:15:00] natively have the ability to continually look of all the different routes available between those different points in real time. And essentially readdress traffic towards the ASA, the autonomous system from the routers that are providing lowest latency, the lowest packet, loss, gender, et cetera, et cetera, et cetera.
[00:15:21] So essentially. It can be a lot of internet weather out there, but you can still be there in San Diego, enjoying perfect weather across a diverse
[00:15:32] Matt: Yeah. So, so let me, let me say back to you what I, what I think I heard for the, see if we can, triangulate this for the audience, citizen experts in, in networking. So you mentioned that, you know, my job is to get onto the internet, right. And, the internet today works. Right. It's got, you know, Private routes, BGP routes, all this stuff.
[00:15:51]but as you say, it has all of this complexity, that you may not want to deal with. and it's a public network and not a private network. And I might want a private network. And what you're saying is like, [00:16:00] instead of building a private network by literally dragging my own cables around, I guess, would be the ultimate private networks.
[00:16:07] You're saying let's, let's run some secure software at critical intersection points points where the traffic. It comes off of one network and onto another network so that you can route it through software. And then, so you must have these, these containerized workloads, you know, potentially running all over the planet and, and maybe just spinning them up based on your customer demand, because you know, it could be, you could be in a cloud service providers, data center, you could be running on your own hardware somewhere.
[00:16:35] Is that, is that all true? that
[00:16:37]Galeal: Absolutely. So we're making Matt a big bet on the internet, right? The internet is the world's largest, most economical, well, yeah, most resilient network. It's going to keep getting better and better. lots of people are going to build an awesome backbones crossed that including the hyperscale cloud players, including lots of other people.
[00:16:56]And we want to build on top
[00:16:59] Matt: Yeah. [00:17:00] Bring a level of flexibility and configuration, dynamic, configuration and security that I'm not going to get off the shelf in a standard internet routing
[00:17:08]Galeal: exactly rather than the other approach, which some people are doing and may make sense as you try and build your own network and make it the best. Network, out there, you stated the art technology by a lot of them with a lot of lease lines, a lot of
[00:17:21] private lines use best of
[00:17:22] Matt: And your, your name might be Facebook or Google or Amazon, but if it's not, you might want somebody else to have engineered it for you.
[00:17:29] Galeal: Yeah. Better. It's better. If you have an overlay that can take advantage of everything those guys build and everything, everyone else builds. So we're not taking a debt, right? If lots of folks build lots of great networks and they will. Then the net Foundry overlay network, it becomes that much better.
[00:17:46] And kind of the secret sauce there, Mac to a degree is the end point algorithms, their ability to in real time find the best routes you mentioned BGP, right? BGP runs the internet. It's fantastic. The GP doesn't care too much [00:18:00] about latency and packet loss BGB cares like is the route up or not? The tier one carriers, they don't care too much either.
[00:18:07] They often play what we call hot potato routing. They want to get the packets off their network as fast as humanly possible and hand it to somebody else, to keep their cost structures down. so we do the opposite. All right. Our algorithms, they do care about packet loss, latency, jitter. They actually keep the traffic.
[00:18:24] I'm in that Foundry global overlay, as long as humanly possible. Right? Exactly. Opposite of what the tier ones are going to do. and then we create a very short on ramp and off ramp on either side, to deliver that traffic.
[00:18:38]Matt: Yeah. So again, if I could say back, what I think I've heard is, is, you have in software credit, this global overlay network that relies on lots of other people's equipment and network that they're investing time and energy into. And in addition to allowing me to create these. Private networks across the different geographies and locations that I want.
[00:18:55]you're also at the same time Creating a diversity of [00:19:00] routes. So. The fibers cut. Or if, if a router go sideways, you can route the traffic somewhere else. But I'm also hearing that you're, you're monitoring the quality of the different routes and picking the route that is going, you said best, like what would be the best route?
[00:19:15] How, what is it, what is the definition of best and networking in your mind? Or can I specify that as a, as a, as a consumer of your services? Can I say I prefer latency, low latency over, over packet loss.
[00:19:26]Galeal: Exactly. In fact, we use similar example the other day, right? It's best. It's defined by the developer by the application. So the example I use the other day was, Hey, if for some reason you want your packets to circle the planet three times before they get delivered to the destination, you could programmatically
[00:19:45] do that in a
[00:19:46] Matt: So really, really I could, I could, I could build a business rule that says, make sure it goes around
[00:19:50] three times before.
[00:19:51] Galeal: Yeah. Yeah. I mean, your role might say maximize latency and it might live forever,
[00:19:58] Matt: yeah.
[00:19:58] Well, that's, you know, that's, that's [00:20:00] kind of a, another trend you look at like, the work coming out of the CNCF and, folks like that, where, you're treating your infrastructure in kind of a declarative way. You're saying, this is what I want. And then you have another system, whether it's the Kubernetes controller or whatever, trying to bring the system to that, that requirement.
[00:20:16]is that how you think about it?
[00:20:17] Galeal: Yes, because really only the application knows what it needs, and ended up declared as manner. It should be able to say, this is what I need deliver it. and by the way, I might ask you for something else, in the next minute or the next hour or the next day. that's why we believe in this kind of distributed compute model, this idea of trying to like nail up static, VPNs tunnels, MPLS SD wan.
[00:20:42]It just can't keep up. It can't scale. It's on
[00:20:45] agile a quarter. Well
[00:20:45] enough.
[00:20:46]Matt: Yeah. Especially if you're a software developer, right. Yeah. And so can I, can I mix, some of my own networks in with your networks? so for example, let's just say between it's between two cities, I have a [00:21:00] dedicated, long haul that I paid for a long time ago. That works really well. And it can be any BGP route that you can give me.
[00:21:07]can I say when going between two of those cities prefer my private network and if worst case, route it through whatever resilient.
[00:21:17] Galeal: Yeah. We haven't industrialized that yet, Matt, we do have a couple customers who are doing exactly that for use cases like you described. It could also be things like geo fencing, wanting to make sure that certain data stays in certain places, and their ability to leverage their network links to do so.
[00:21:36] So it's not an industrialized off the shelf. Matt can go do it right now, but it is something we've done with a few customers in the few special cases.
[00:21:45]Matt: Yeah, that's really interesting. what is your viewpoint on the state of the edge computing today? You know, I feel it's changed substantially even in the last like 18 months, but I'm, I'm curious, what your perspective, where you're seeing the traction
[00:21:57] in edge
[00:21:57] computing.
[00:21:58] Galeal: Hi, it's awesome. I mean, I can [00:22:00] point just to are our two most recent partnerships, Microsoft Azure stack edge and Supermicro in both cases, our end point software. Is built into their solution so that when that box arrives, the private network is already built into that. We didn't have to go cell Microsoft or sells Supermicro on that type of concept to give you an idea of how far this has come.
[00:22:26] Right. They actually knew ahead of time. Hey, we won to take the private network in headache, out of the equation, right? We
[00:22:34] want to be able to embed
[00:22:36] a net Foundry like solution.
[00:22:39] Matt: plug in and have it work.
[00:22:41] Galeal: Yeah, and that, and that shows the maturity of the solution and the reason they knew that they'd been doing a lot of pilots, right.
[00:22:46] And one consistent observation that came back was is, Hey, we can light up a new edge, you know, really, really quickly, you know, like the Microsoft solution, for example, it comes with Sims. It comes with everything you need and embedded mobile core virtualized on the box. [00:23:00] I'm from a few different providers that folks can have their choice.
[00:23:04] So you can light up an edge, whether that edge is, you know, an industrial site. Agriculture mining somewhere in the field or whether it's like a retail edge, but that when the time comes time to connect back to the enterprise assets, assets, you know, back to the cloud, back to court, et cetera, then all of a sudden it's like, Oh, let's talk about VPN and MPLS.
[00:23:23] And then the conversation dies for a couple months. Right. So, yeah, I think it's just based on our experience, bad and, and relatively small sample size. It's come a long, long way. I don't think this would have happened six months ago before people started down the road. It got to a certain point and realized private networking, secure performance, reliable
[00:23:45] Matt: Now let's let's look at when example is willing to Microsoft or Azure stack, you know, edge devices that's sitting in, in a precision agriculture environment. Let's just say, so I have it, it's on my premises. Right. And it's probably connecting to [00:24:00] a bunch of devices and sensors that it's doing some vocal processing on.
[00:24:03] It's sending stuff up to the cloud. It's doing a bunch of stuff. Does, does, does net Foundry solution extend, all the way to the device?
[00:24:11]Or are you from the Supermicro box up?
[00:24:14] Galeal: Either model, in the case of stack edge, which it comes with an embedded private 5g type option. So like here in the U S like, imagine the CVRs, like deployment, giving you a private network, which is essentially a lamb. Right. And inside that land, you have ultra low latency security of everything you need.
[00:24:32] Now that now you have your private CPR CBRS Island, and you need to connect it to the rest of the world. Now you can do that with enough Foundry software. That's built into that Island. You are quite correct, Matt. If you also want to put in a Foundry on the devices in order to connect the devices, you know, to that stack edge box.
[00:24:51] You could do the same thing. oftentimes that problem can be solved in other ways as well.
[00:24:55] Matt: But if my devices all, all have IP addresses, , and I want them to be part [00:25:00] of, of the end to end fabric for whatever reason I'm doing it. You're saying. And what is that? Is that a, is that a piece of code that you supply me? that I put on the device with the device mainly for him on device.
[00:25:09] How does, how does that piece work?
[00:25:11] Galeal: Great question. so the base level, it's simply an SDK, that you as an application developer or an OEM or hardware provider can take that SDK and use it to connect. Basically any type of device. I mean, we can tie three boards, we can have all types of devices, with those SDKs, we've gone a step further.
[00:25:32] And then on top of those SDKs bill software end points that abstract away the LS, like, you know, Lennox is a little bit different than Mac is a little bit different than Android, than iOS, than Microsoft in terms of how they process packets as they, you know, they come through the Nick and through the chain.
[00:25:49] So we've just done that work for you so that if you have Linux, if you have Mac windows, whatever you take, essentially our packaged endpoint and you deploy that on your device [00:26:00] or your box. Now, again, in the case of the Azure stack edge, Supermicro, micro that's already done for you. Well, let's say it's a brownfield deployment.
[00:26:06]And you have a bunch of video cameras. We have a customer case like this. You have a bunch of video cameras and you want to connect those cameras. You know, we're still running basically on generic x86 compute. You want to connect those to the world, then you just put in that Foundry end point
[00:26:22] Matt: end point is,
[00:26:23] a piece of software that I compile into my code, which is saying, All right. That's that's that provides a lot of flexibility. All right. Let's, let's switch gears a little, you know, one of the things that, that comes up a lot, you know, once you start scratching, the surface of edge computing is security.
[00:26:41]I'm guessing you have some opinions on security. Could you describe, The challenges that edge computing creates for people that care about security.
[00:26:51] Galeal: Yeah, absolutely. Well, first of all, a lot of these environments were offline. to begin with, especially if we're talking about OT type environments, [00:27:00] manufacturing, et cetera. even as they're online, something like a retail store with like a Tiguan connecting
[00:27:07] to
[00:27:08] yeah. Yeah. We, we see them all the time, or , around the world, you know, when you start opening those edges up to the world with internet connections.
[00:27:21] You need to do so in what we call a secure by design manner, like day two security, like put a firewall up, not going to work. These in our opinion require built in security. So just to give kind of the quick picture, you know, traditionally these enterprises, the way they did security. Was was dedicated boxes, dedicated wires, right?
[00:27:48] It's like the bank of fall approach, you know, good luck trying to get into my bank fall. I'm going to make it really difficult for you. Right. That's what that's at the end of the day, what VPN and SD win do. It [00:28:00] made sense. It made sense when there was like one door into that bank vault. Well now, like, as you articulated that, now there's like hundreds of thousands or millions of doors, like.
[00:28:11] And they're moving.
[00:28:12] Yeah. Yeah, exactly. So good luck trying to build a bank vault you and every one of those locations. So that's what we do from a security perspective and in
[00:28:21] offensive.
[00:28:22] Matt: What's the alternative to the bank fault. How, how do you think about and solve
[00:28:28] Galeal: Yeah, actually, you know what? I think it's fairly simple. It's what we do with the physical world, right? When you go to the airport. Well, even though most folks aren't going to the air force right
[00:28:36] now, you know, you're going to identify yourself, and it's going to be authenticated and authorized before you can even get past TSA.
[00:28:45] Right. You know, people don't understand that we don't do networking like in an SDN or VPN, if you're a packet and you've managed to get onto that network. You're in the bank for you, you have free reign. You haven't been identified, authenticated authorized. [00:29:00] Why? Because in traditional networking, you couldn't do it.
[00:29:03] You didn't have the controls necessary. You had things like I described before with proprietary hardware, custom circuits, dedicated circuits, and that Foundry building from the scratch and other zero trust networking providers building from scratch. What we do is our end point that I, that you were asking about earlier, but that end point is going to do.
[00:29:24] When the application says, Hey, I want to talk to a service and Azure, right? I want to talk to a telemetry service. I want to report some data on the sensor. Our software is going to say, that's nice. Let me first authenticate you. Right? Determine who you are. Verify that we do it by way of a bi-directional certificate authentication.
[00:29:46]Certificate in embedded in our solution. so private key, public key, extremely secure, extremely difficult to Fu we have some endpoint hardware root of trust type solutions with certain vendors that make that even better. [00:30:00] So now you can prove who you are and then we go a step further and we say, okay, that's great, Matt, your mat.
[00:30:09] I'm not going to give you a global network just because you're mad. Right. I'm going to take a look at the policy and see what you're supposed to have access to at this point in time. Right. Do you really have access to that service in Azure? are.
[00:30:24]Matt: So
[00:30:24] down to a service level, not, not just a cloud end point level.
[00:30:27] Galeal: Exactly. every session we treat independently from a zero trust perspective, we call it an app. When an application wham like that service requesting Matt, if you successfully identify off the authenticate, you're authorized to use that service, then. We're going to give you access to a transient ephemeral data, plane,
[00:30:52] Matt: Yeah. and maybe just not what I'm allowed to connect to, but also what I need at that moment.
[00:30:57] Galeal: Yeah. That's the policy on your side, [00:31:00] right? So depending on how sophisticated you are, let's say you're an enterprise with an IAM type solution than ad I that solution, right? You may be very sophisticated. Like Matt may be a contractor who has access to a given service on this day. During these hours from this location. Terrific. We can enforce it. Or it may Or it may be
[00:31:18] more wide open than that.
[00:31:20]Matt: Or this device, this device has connection connection to this service. and so I can, I, can I define my own services and apply policies to those two? Yeah. Okay. Okay. So whether, whether I'm using a service on Azure or a service that I'm providing myself or. Services across multiple clouds. I can specify policies that allow.
[00:31:38] Okay. That makes sense. Now, you, you, you mentioned a phrase zero trust, phrase zero and, for, for those of our listeners that, What does zero trust
[00:31:46] mean?
[00:31:47] Galeal: Yeah. So again, the current dominant, private networking model as the, when MPLS VPN, it trusts the network. Right. It says, Hey, if you managed to get inside my bank fall, you're [00:32:00] good. Zero trust says the opposite. Zero. Trust us. We don't trust anybody until we identify you authenticate, you authorize you. Then we will trust that session.
[00:32:12] And in a kind of least privileged access mechanism, like the example we had, right. You have access to this, but not that that's all. That's zero trust. Boils down to now the ability to enforce that with software and make it simple and easy and cloud orchestrated. And like you said, Matt make it. So it doesn't matter if that endpoints in Azure or AWS or GCP or Ali cloud.
[00:32:35] Okay. There's a lot of engineering. Yeah. Or all of them, there's a lot of engineering under the covers for that. Right. But at the end of the day, you know, what you have is a secure by design solution that enables a new edge that previously hasn't been connected to the internet to connect to the internet.
[00:32:55]Matt: Yeah, that makes sense. So, can be assured that any, anything that is [00:33:00] accessing any of my services has been authenticated by you and you've applied my policies to it. So as long as I get my policies, right, and you've mentioned, the other term that I think maybe not everyone understands is, a hardware root of trust, I think is what, what you said.
[00:33:14] Can you just describe what that
[00:33:15] means?
[00:33:16] Galeal: Yeah, we have a few partners, who are who are doing really cool things on the actual Silicon, where they generate an identity. That's essentially a property or influenced by the properties of the Silicon itself. And an environmental is around the
[00:33:31] Matt: Is this analogous to the way you know, Apple is locking down the, the stolen iPhones.
[00:33:37] Galeal: Well there's yeah, there's there's trust and execution environments. and, and Silicon root of trust. The bottom line though, is, you know, what they're doing is they're saying, Hey, if somebody
[00:33:47] perturbs that environment,
[00:33:49] Matt: Yeah.
[00:33:50] Galeal: then it's no longer trusted.
[00:33:52] So it makes it really, really secure.
[00:33:53] Matt: Yeah, it's, it's, it's easier to imagine someone, you know, rewriting the boot rom and changing a piece of software. But if it [00:34:00] has to go into a piece of Silicon it's it's it seems, and, and alter the Silicon
[00:34:10] Galeal: start to get as close as your own
[00:34:11] as possible.
[00:34:13] Matt: Yeah. Yeah, that makes sense. yeah, so one of the things, when you said applications specific networking or application networking, what that made me think of is one of the big innovations that we're seeing coming in five G network slicing.
[00:34:27] Galeal: Yeah. Yeah, in some ways, we often get compared to network slicing from like a, a microsegmentation perspective or even a V Lam perspective, if you're a networking type person. because in this fact, even before we have the type of slicing that five G enables, you can actually do it today over LTE. Which software based micro-segmentation right.
[00:34:55] Cause every one of those app lambs
[00:34:57] and every
[00:34:57] one
[00:34:57] Matt: what you're doing, right. [00:35:00] yeah. Yeah. That's really interesting. Yeah. So, so for those of you in the audience that don't know what networks licensing is, it's the stability over the five G networks to request and then be provisioned, a very, very specific, a slice of the spectrum, so to speak.
[00:35:18]so that you could be dedicated to an application. And the reason this is important is, you get sort of guarantees around that. you know, whether it latency guarantees, on congestion guarantees. So you can say, look, I w I need a, a slice of the network, that's this big. I need it for some period of time,
[00:35:34] and it sounds exactly like what you do.
[00:35:36] So it seems like an interface to that would make a lot of sense.
[00:35:39] Galeal: Yeah. And, and man, it's a one plus one equals three type scenario, right? Like, yeah, you can do. That type of slicing with within founders. Micro-segmentation if you do that on top of
[00:35:50] a private, VIP slice,
[00:35:54] Matt: Yeah,
[00:35:55] Galeal: Cause
[00:35:56] Matt: hardware discreteness that the five G's providing, but you also get the software [00:36:00] flexibility that you're providing in the Indian flexibility. Yeah.
[00:36:02] Galeal: you got it.
[00:36:03] Matt: that's super neat. So what do you see, you know, over the next, next 12 months? Like, what's, what's exciting to you in, in
[00:36:17] Galeal: Innovation is what we wake up for every day. Right. So the fact that, and like you said, edge, it's just saying that we now have a continuum of compute and we can extend it all the way to the application all the way to the device, all the way to the edge. However you define edge. Right. That's awesome. Right.
[00:36:36] That's unprecedented. We didn't have that. Yeah. Before. and history shows us, anytime you, you put some new tools out there, so to speak or new capabilities, people, developers, you know, are going to innovate in ways that we haven't even thought of. You know, I'll use, you know, I can use infrastructure as a service example again [00:37:00] months, AWS, Azure, et cetera.
[00:37:02] Once they kind of enable permissionless innovation. People started doing things that they would never would have done as they first had to file a ticket with it and wait for three months to get access to some server, I'm the DMZ, and then figure out how to access that server from a networking perspective.
[00:37:19]so we liked the fact that we can be a part of that, from a networking perspective, right? We can take the networking friction now and enable folks to innovate without having to worry about how do we get a private network. that enables a distributed compute model. And then number two, Matt, because we've done it all in software because we're born in the cloud because we're API first, what it means is the overall solution can embed the compute, the storage, the networking, it becomes one solution.
[00:37:49] And that's a whole nother area where we're going to see a tremendous amount of innovation, because again, That was impossible before it's most analogous to what we saw with public [00:38:00] web. Right. I mean, when, when, when web one dot Oh, with Netscape, et cetera. Okay. You could do really, really cool things with websites because it was impossible before.
[00:38:11] Well, now, you know, the enterprise side of course has been private networks, MPLS, SDN, VPM. They can't do that type of stuff. Before those types of developers, enterprise developers, they didn't have the Netscape internet equivalent. Well, now we have found what they do. and, and more specifically net Foundry and our partners.
[00:38:30] Now they have ability, to
[00:38:36] Matt: Yeah. And you keep coming back to, you know, sort of, enabling or accelerating any event innovation, which, you know, if you look, if you look back at the, let's just say. Merchants of cloud, right. you know, when, when Amazon first saw the opportunity to lease. Some of its own capacity or to build capacity that looked like it's a total capacity and offer other people, you know, they had a bunch of use cases of mine.
[00:38:57] I mean, one of them obviously running an online [00:39:00] commerce store. but I think if you look yeah, all of the applications that have ever been deployed in AWS, you know, some very large percentage, probably North of 70% weren't imagined at the time it was deployed, they were innovations. And even like on the iPhone, like I don't, I don't think anybody who'd built the original iPhone was thinking.
[00:39:19] This is a great way to order taxis, right. But because there was GPS and, you know, a facet of processor and fast enough connections and all these other things, something like Uber became easy. and so by removing the, the pain and the complexity and the deployment cost. Right. Which is like, we're all kind of doing collectively, we're creating this platform for them X next, a little bit of innovation.
[00:39:44] And, I could see how, how net founder's going to play a really big part in that. And I think it's really interesting. so any, anything else you you'd like to, to, to comment on about edge computing
[00:39:57] Galeal: No other than in your last example, Matt, I think [00:40:00] what you articulated isn't said enough, right? It's it's really, really important. Forget about net Foundry. Just really, really important from an edge compute perspective. I think your analogy of the application is spot on, right? I may have dreamed of building some iOS or Android app.
[00:40:15] Right. But from a cost perspective, time, friction, if I had to go build the iOS, build the
[00:40:21] device, the camera, the GPS, et cetera.
[00:40:24] All right. Not going to have to. absolutely. and, and now again, if you look at what's being done at the edge organizations like LFH, for example, and Lennox foundation, a lot of those projects that are coming out of the open source world, Kubernetes, containerized, what folks like us are doing on the network.
[00:40:46]What folks like vapor are doing, what other folks are doing. You're going to have an ecosystem. Yeah. You're going to have an ecosystem there so that you don't have to. Build the OSTP, you know, the, the GPS, the camera, et cetera, you can build a really [00:41:00] cool, compelling application. And our side, by the way, Matt, we talked a lot about our kind of network as a service, to be clear, we also have, we've opened source the core technology.
[00:41:12] We call it Z d.dev
[00:41:14] so that the DIY crowd. Mm, those like those Anya I for lunch, yes. Zip zip. I'd got to have, so like the DIY crowd, Matt, right. Who just has a project and they want to embed private network and into that project. They can just take the open source and they can do something. Cool. and then when it gets to a point, it needs to scale and they want full network as a service.
[00:41:37] Terrific. Obviously we have an answer for them, but we, we do provide both ends of that spectrum and have the open source. Available to them. and they have a full network as a service term key type solution available to them.
[00:41:49] Matt: That's really interesting. Is there any, a project that's been built on top of the city that you you can describe and point us to that's. That's pretty cool.
[00:41:57] Galeal: Yeah, you'll see out there. I'm getting hugged, you'll see a couple of [00:42:00] projects. one around point of sale that we thought was really cool. A point of sale applications usually have to have kind of. Yeah, just from a compliance perspective, they have to have like their own segment and network or even their own network.
[00:42:12]and if you're the developer that point of sale application, you're basically dependent on other people to deploy it in the right way from a regulatory compliance perspective. So there's a, there's an app up there where they instead using that Foundry SDK so that wherever that app goes, it's natively secure, no matter what they do on there, I'm their network.
[00:42:34]so starting to see, and we just, we just put this open source up there. It's it's, you know, in the true, the spirit of open source, you know, we put it out there early. so that, that, that, you know, folks can really use it at the user submit, pull requests, et cetera. so it's, it's early days, but yeah, we're starting to see some really cool stuff.
[00:42:50] And again, that use case. Yeah. We went to predicted it. Someone else did it and that's what excites us. Right. Anytime someone else picks up the code and does something that we weren't thinking of.
[00:43:01] [00:43:00] Matt: And, and so this, the, the, the, the, the open source tools use the same API as your network, as a service. And so at the moment that I want to go into,
[00:43:10] you know, the full production or the moment I want to, you know, take advantage of your global network. And I want to construct myself, like, it's just a simple swap out.
[00:43:17] Galeal: Yeah. Not even a SWAT. So there's a set of rest API APIs that essentially connect, that what we call zzz ITI infrastructure. Up to an orchestration platform, which enables the full network as a service type solution. and so the men that you want to
[00:43:42]Matt: terrific. Well, Galeel, I've really enjoyed this conversation. I really enjoyed. Learning about, the, the latest in, in overlay networking and zero trust,
[00:43:52] Galeal: Yeah, much appreciate the dialogue.
[00:43:58]most people get bored pretty quickly of all [00:44:00] the networking guts. So thank you, for bearing with us in
[00:44:03] asking some excellent questions.
[00:44:04] Matt: audience has kind of is going to love it. I think this is, this is really innovative stuff you're working on,
[00:44:11]