The Importance of Having Visibility Into Containers

Key Takeaways

hi my name is Alex Williams founder of the news stack and you are listening to the new stack analyst podcast we look at application development and management at scale cig is a sponsor of our ebook series on Docker in the container ecosystem learn more about CTIC perspectives on these timely and important subjects in our latest ebook about management and monitoring in the docker and container world the ebook is available for download at the new stack. now let's get to the show hey it's Alex Williams the new stack here for another episode of the new stack analyst today we are talking about monitoring with Loris deani founder of assisting and the creator of the popular open source tool by the same name hello lores how are you I'm great and good morning good morning and good afternoon to you because you are doing this interview from your vacation in Italy yeah from a beautiful Village in the Italian Alps ah yeah I remember our conversations about skiing in those Alps and stuff and like the beauty there and so hope you're enjoying that Loris want to thank cytic very much for being a sponsor of our ebook series on Docker container ecosystem the fifth book is is about monitoring I think it's going to be one of the most interesting books that we that uh that we do I'm looking forward to this conversation here where we're going to talk about monitoring and some of I think the intricacies of it in and how it really reflects the changing architectures that we see we're also joined by Ben ball co-anchor for the for this episode of the new sack analyst hey Ben how are you hey how's it going great and Ben manages uh the uh overall strategy and production and direction of our of our ebooks and so Ben thank you for join yes always good to be here and uh great to talk to cytic about this topic because uh this is something we're thinking a lot about for the upcoming book great Loris why don't we just get started why don't you just tell us a little bit about Cy and you know your own background because you also were the creator of wire shark and tell us about the story that that you like to tell about why you decided to start cting and providing some context about what wi shark as well let's see where should I start when when I was in kindergarten no that's to too far back in the past um yeah I've been involved uh uh in uh open source uh and uh application and network monitoring for many years now as you were saying I've also been involved uh in the warer project uh since uh quite early on especially from the packet capture uh side having build a popular open source packet capture Library called wind pickup and um I was very excited and very interested about the New Waves uh coming into it especially my background was in network level visibility my company was acquired by riverbed where I spent quite a bit of time working on uh uh monitoring and visibility from the network side and I quickly realized that uh um vintage points that we traditionally used to analyze uh application performance and infrastructure performance like for example Network spam ports router spam ports or network TS were not uh available anymore because the network in a heavily virtualized or cloud or containerized environment doesn't really exist anymore as a vintage point because there are layers of virtualization both at the operating system and the network layer so uh I started wondering how do we solve the visibility problem for modern infrastructures because I was fully aware that the tools that I had you know built multiple times in my career were not available to accomplish that and so I embarked into um creating a new technology from the ground app that would be designed for visibility into modern infrastr infrastructure so infrastructures that are heavily orchestrated microservice based uh container based uh and uh uh I started focusing together with the cic team on the challenges of uh monitoring these infrastructures and there are many challenges some are technical some are uh just maybe based on how teams are organized you know in modern infrastructures since it was started in 2013 and uh uh we spent quite a bit of time developing our core technology which is uh offered both as an open source tool open source sing and as a uh distributed endtoend uh monitoring and visibility tool that can be consumed both as a cloud product or uh as a nonpr solution and this is CD cloud and um uh essentially we're really trying to have a product that is uh heavily uh focused and designed for the new way of doing it I think that sums up kind of the market pretty well right now where you know traditional monitoring you know assumes for example that a host or service is very long lived and you know now we're kind of in this new world where containers you know appear they disappear there they can be you know they're very ephemeral as people like to say I'm curious you know on your philosophy about this new archit ecture and how that's reflected in what you're offering at cytic yeah uh there are couple of implic first of all what you say is completely exactly right uh and we are really seeing among our users really uh intense and uh advanced work laws in which containers are spawn at this point uh uh not only maybe you know uh every few seconds but really sometimes uh uh for every single request you know so we routinely see users that uh have uh maybe you know thousands or tens of thousands of sometimes millions of containers in a matter of few days or or you know a couple of weeks something like that so that as you can imagine uh breaks uh tends to break the traditional monitoring workloads and there's uh a couple of implications implication number one is uh uh a lot of what's happening is uh below the sampling ability of your average tool right so uh not only it's challenging to collect the metrics for an entity that LS only um maybe you know few milliseconds or a few seconds in the best case but uh it's even hard to see The Entity that that entity was there you know and that it existed so from the monitoring point of view let alone you know collect in detail metrics just knowing that a specific container was there and did something at a specific point in time is becoming challenging because uh the typical uh sampling time and reaction time of of a monitoring tool is in the best case you know the minute or maybe even higher than that so the whole landscape is uh uh really uh uh Revolution quite dramatically by this and the other implication in my opinion is that uh the single container uh becomes important because you need the the data but it's only important if uh it's it's the data coming from it the metrics coming from it are put in a in a broader context in the context of the orchestrator in the context of of the service typically containers go up and down because there's something like uh I don't know Dockers warm or kubernetes or mesos that um you know orchestrate them and create new ones and destroy the ones that are not uh used anymore and so on so uh typically what you want to see is in the context of the service of the application of you know what containers cooperate to to create Implement and deliver and uh without that kind of context you are just uh you know inundated by uh an overwhelming amount of metrics uh that uh don't really have real usefulness for you MH Loris I have a question so it sounds like cytic was kind of built for these Dynamic and changing environments um my question is about microservices and containers or rather microservices as a pattern for containers containers as a way of enabling microservices were these both considerations when cystic was created or are they kind of part of the the same concern they uh are definitely in my opinion the two sides of uh of of the same coin you know so uh first of all uh at the high level I think that uh nowadays it's going to be harder and harder to separate containers from microservices uh not because containers cannot be implemented sorry not because microservices cannot be implemented with containers that's absolutely possible but containers really are the perfect technology you know to implement them uh some you know basic technical decisions behind something like Docker like uh you know uh containers are very simple they need to be very small they are lightweight typically they run just a single process uh made them really H the perfect building block for for microservices uh at the same time um managing something uh like Docker that you really promises you you know in the in the long term to um create make it possible to to create much more comp complex infrastructure by essentially composing pieces uh delivers this promise only if you have uh something on top of that that can you know break this into entities that are more manageable like services and then as again a schedular like kubernetes or mesos or swarm and so on so um in terms of us as a company uh definitely uh this kind of uh separation that I just described but the this complementary separation also tends to reflect our technology and our technical approach pretty well because the two core pillars of our technology are uh number one container Vision which is uh the ability to see uh inside containers through a bunch of pet and pending technologies that uh make it possible to essentially inspect uh what's happening inside a container even if uh even without installing you know agents inside the container and that essentially tries to um support uh uh visibility for Docker and for container specifically and then we have essentially uh workless uh and petent pending interaction with uh all of the major scale ular to essentially take this information and uh correlate it at the service level so uh these are really the two pillars uh on top of which we build uh our Solutions our open source Solutions and our uh our commercial Solutions and for us it's really you know one one uh doesn't really work without the other one so tell us a little bit more about container Vision then and what it in its role here and how and then if you could provide some context it'd be great so like how does container Vision differ from the more traditional Monitoring Solutions that we see in the market that were de developed really for for an age where like you know again like we talked about the beginning of this program where you know um just the architecture entirely different running for much longer you know designed to run for much longer times where as opposed to containers are you're much more Emeral yeah as I was saying before uh typically the the traditional money approach to monitoring in the physical and virtual world involves uh either you know doing some kind of remote checks for example using the network or or you know doing some kind of polling like uh SNMP or wmi so essentially you can go and query something coming out of the machine through standard protocols uh or um even more typical especially in case of virtual machines or cloud computing by running an agent uh an agent inside every physical machine and every every virtual machine this works very well for example with cloud computing where essentially what you do is you uh run virtual machines on Hardware that is uh R uh rented in quotes from Amazon or Google or Microsoft or other Cloud providers um now uh this approach uh works very well for virtual machines or for cloud uh uh instances because these are like full uh machines you know like Cloud instance is a full uh version of typically Linux where uh you have an operating system current running and you have you know the full uh uh operating system deployed in the machine so it's quite easy to just add a little overhead in of an agent that just runs a process in in the machine or that you link to your application or something like that containers uh are sometimes uh compared to lightwe Virtual machines but in practice uh containers want to be much smaller when you run a container it shares typically the kernel with other containers running on the same machine and this makes you know the containers much more efficient and uh easier uh to back to accomplish higher density uh containers also typically just uh include a single process and the burn minimum set of dependencies to run that process which means that uh running something else inside the container tends to be challenging because uh you don't have a full operating system there because uh you don't have you know all of all of the libraries and dependencies that you need to run your your monitoring scripts or your monitoring process processes and because typically you want to pick many more inside the same machine so making them bigger and adding you know hundreds of megabytes of dependencies just because you need to run you know like python or Java uh to see what's happening inside the container and what applications inside the container are doing uh is is unacceptable so uh there are a couple of solutions one is leveraging uh wellknown apis exported for for example by Docker Docker is a Locker stats API and you can use this API to uh gather some metrics from the containers that's very useful on the other hand it tends to be relatively shallow because uh Docker just gives you know a handful of metrics for each containers you know overall CPU utilization memory and dis and so on but what you really care is what's running inside the container the other solution is our container Vision container Vision uh Works uh by essentially through a couple of different techniques uh the main one is uh uh installing a module in the operating system and this module uh is deployed uh transparently when you run the CD container so the final user just needs to do a Docker run CISD or use the orchestrator to make sure the CISD runs on the machine and the CISD container is able to instrument the operating system and start the collection of metrics that happens at this point underneath the the container so instead of having to put something inside the container you put something underneath the container and the advantages that installing this is completely straightforward completely horizontal so you never forget anything because uh these uh these module uh sees every single container including the ones that are running down including the the ones that that we run in the future and that's one of the way uh we uh manage to see everything before I saying you know when a container leaves only for a fraction of a second you could really miss him miss it completely you know you don't even know that that the container ran but if you're sitting on the on the in the operating system you see when this container starts and you're ready to collect the metrix immediately uh really that that nanc when the container goes up and then you see everything uh and uh uh you see the application the process that is running inside the container and you're able to essentially run uh checks that get data uh for for this processor or this this application for example you know SQL queries or response times and this kind of stuff in a way that is completely transparent and really doesn't require any instrumentation of the application or any instrumentation of the container the result is that uh uh you have a very uh straightforward way to deploy monitoring sometimes we call it monitoring as a microservice because by just running the CD container you're good to go and you you get your your metrics flowing so the plumming is very straightforward and that's very important because when you have applications going up and down uh continuously you cannot you know uh you spend resources to just configure these applications to make sure that you're monitoring and the other uh consequence of this is that uh you are able to to see uh at a very very deep level of granularity so I have just a quick followup question when you say you know syst kind of operates by by working underneath you can you explain that you know what you mean by that and you know how does it work how do you get underneath you know to be able to do what you guys are able to do in ter in terms of collecting all those metrics as such yeah we leverage uh some interfaces in the Linux kernel and I'm going to become a bit more technical here I hope it's okay but uh uh we essentially collect uh events that the Linux kernel is uh uh producing when things happen uh on top of the operating system so when programs when applications run in particular we uh capture uh interactions like system calls so every time a process is uh uh interacting with the machine Hardware with the operating system a system call uh is uh is produced a system call uh for example can is done when a file is open or when data is uh read or written or when a network connection is established or when a server receives a connection or when uh you know there's a data exchange on the network so uh or when a process is created so all of this information uh we are able to collect it h really at the at the micro granular level which means that uh we're able to essentially reconstruct reconstruct uh the life uh of uh applications running on on a machine really the single you know file open or network communication network connection or network data payload level uh we get this information we collect it and then we have a quite sophisticated functionality to decode this information so that for example uh if this data is uh a query to a mongodb database we see it we we intercept it we decode the content we are able to uh understand the context so for example what query or or which collection is involved and then we're able to automatically uh get these metrics to a centralized place so that you can run essentially reports and dashboards and set alerts on top of these so I'm curious so if you have access to that you know that interface and you can get all these deep metrics what is the security um environment that you set up because that's some pretty deep access you know into the kernel itself yeah our container does require privileged uh needs to be Grant essentially privileged capabilities to to to get this kind of data which uh can potentially be a concern on the other hand if you think about that there's uh there are also benefits with this approach because typically the alternative is uh uh heavily instrumenting each container so that uh uh you are able to uh gather data out of them essentially doing that means uh uh uh adding processes and adding dependencies to your containers which are actually implementing your actual services and have you know exposed surf surface to the external world with our approach uh your containers are absolutely completely clean H you can get them uh from the docker Hub you can run them uh without any kind of modification and uh you know you you need an ngx container it will run only in genx and nothing else and there will be no additional libraries no additional processes no additional ports it's listening in it's it's really complet completely clean because what happens is the data is captured from the underneath and goes to our container our container which is of course uh completely sealed from the external world and is only an outgoing connection to the beend which can be by the way optionally inside your your own infrastructure so our container has all all of the dependency it runs you know Java to query Java applications and python to run scripts and you know uh SC compiler to be able to install the proper kernel module and all this kind of stuff but all of this is isolated from the containers that actually run the application so um we manage essentially to push all of the potentially dangerous dependencies to a separate isolated Place uh and of course you know we take all of the possible precautions internally uh to to make this container as safe as possible by the way one of the reasons why our core Technologies is open source is because um we have a very big Community deploying this uh in the in the open source and we also get you know uh tested and reviewed uh for vulnerabilities by the community and by the main uh distribution maintainers uh and and and uh also you know externally uh we try to play as nice as possible with all of the entities involved in um in the container ecosystem including you know being certified being scanned by the different players uh redet and and and other entities and trying to be you know uh as scrutinized as possible by by the uh community and by the vendor [Music] ecosystem now let's take a quick break before we get back to this second half of the show cytic is a sponsor of our ebook series on Docker and the container ecosystem learn more about cystic perspectives on these timely and important subjects in our latest ebook about management and monitoring in the docker and container world the ebook is available for download at the new stack. now let's get back to the show so I have a question Loris uh we talked quite a bit about at the new stack especially uh container orchestration and how uh really that kind of changes the way that a lot of even these kind of early container products approach what they do uh and we released a book most recently about automation orchestration so I was wondering has the container monitoring landscape and really what you guys do with cytic is that changed at all by orchestrators like Docker swarm kubernetes and mesos or is it a matter of scale of what you're already doing the answer is yes it's being changed a lot uh let me start by saying that orchestration in my opinion is really the Revolutionary piece here I mean uh the the container and time is absolutely important and it's great but it's more like the the the big value that the container uh run time like brings is uh uh having the world agree on a standard to package your containers right uh and to and and to run them and that's great but uh uh taking this uh standard and uh and taking these containers and uh orchestrating them into microservices by using uh yeah Docker or Mees or swarmm is uh really what has the potential to Revolution the way we build and we run our applications uh now of course from the monitoring point of view this is a major Revolution uh even bigger than collecting data for containers so seeing inside containers is challenging I was describing you know our solution to that and uh uh is definitely very important but uh uh monitoring uh orchestrated containers or let's call them microservices for Simplicity uh is uh a whole new set of challenges because you put the opaqueness together to together with uh the complete you know fluidity and uh arbitrary allocation uh of uh uh your application components uh now the reason why uh I think it's uh really revolutionary and really powerful is because um there's also a lot of potential there uh I truly believe that uh something like kubernetes or mesos really have the potential not only to uh get uh you know good monitoring but really to make monitoring and visibility and observation better observation become becomes more and more important but at this point it needs to be done in the context of the orchestrator so you need to understand uh what a uh a service is you need to understand what a test is you need to understand what a replication controller or a replica set is and you need to expose data in that context you need for example what we do is we consume the uh kubernetes or mesas apis and we are able to reconstruct the uh uh hierarchy and the um organization of services and we put the metrics together in our backend so that you can make queries like a one response time uh for my front end uh in the last two hours and the frontend can be made up you know of 20 containers that are running on 16 different physical machines and it doesn't matter because we find these containers through the Texs we understand that they are part of the front end service we uh get the response time for each of them we a average it and then we show it to you over time so this kind of stuff can really be you know automated if you um uh consume uh the orchestrator API as a good citizen and uh doing that is really the only way in our opinion to monitor something like kubernetes or mesos and so on now there's uh even more uh potential here because uh uh what you can do is uh leverage for example most of these Frameworks allow you to annotate your services right so we are uh uh working and and we're releasing features that uh uh let you specify the kind of monitoring that you want for your service by using annotations so when you create create your service for example in kubernetes you can say you know this service is a production service and I need uh alerts on CPU and uh response time for the service and I would like uh the alerts to go to this specific person and we are able to you know interpret it uh and uh configure monitoring uh um automatically based on uh what you conf configuring your service so you don't even have to go inside our tool in particular a very powerful feature that uh uh we are close to release uh in in our product is uh orchestrator a aware multi-tenancy so we are able to offer in our product not only a complete endtoend Vision on your infrastructure but also some specific uh views on uh uh services that are maybe owned by a specific team and um uh we can offer a specific login for the for the team and and and the team can configure their own dashboards their own alerts their own alert recipients uh their own you know uh views or whatever they want and uh they can do that at the orchestrator level and we understand it and essentially we create automatically this sort of mini uh monitoring environment for the team uh with all of the information that is uh specific for that for for that unique team you know a lot of what you're talking about here requires a lot of you know measurement of data right where like you're and and a lot of what you're talking about here means that you've really got to think about um not just the container but you know now you're looking you know at you know the overall microservice you need to think about a lot of different factors where it really seems to me that we're St you starting to think more about Telemetry issues more than anything else is that accurate yeah and typically Telemetry has two aspects one is getting the data that you need right and the and the other one is getting the insights that you need from this data right both of them are very tough and extremely interesting challenges uh for containers and microservices they are sort of uh again orthogonal uh but also one uh is is is required for the other one and again yes uh that's what our products both the open source one and and the commercial one tend to focus on yeah so that a question then about overall infrastructures that we're starting to see um emerge where there're increasingly have to be designed for scaled out systems and you know scaled out applications that can scale out very very quickly and we've been doing that with you know virtualization really up until quite recently until really the Aven of Docker and such so you know for for for many years but applications did not have to scale right you know um you'd have you know these um systems of record inside you know you know that operate inside the Enterprise and a lot of you know a lot of the tools that were developed for those Frameworks are now trying to adapt right to this new kind of a world right how do you you guys kind of think about yourselves inside you know this kind of new world where we still we are starting to move out to these scaled out applications but there are still out these these very there these Legacy environments out there that are still there and you have these these tools that are built for those but they're also trying to adapt them into this new market so you're just almost like you're you're foraging head with something very new and very modern yet there's a lot of existing stuff out there that you have to consider a lot of tool Benders out there that are catering to them that is uh absolutely the case so uh by the way what I'm seeing overall happening uh in the industry is uh it's really surprising uh how much even let's say more traditional Enterprises are picking up usage of containers of uh you know microservices orchestration uh and uh really you know starting starting using this technology so they are really adopted uh extremely quickly not only by uh Leading Edge uh companies but also by more traditional let's say players at the same time clearly uh there are very different ranges of uh experimentation uh here right so some people are all in with uh you know docker and meeses or kubernetes and so on but more uh typically you have uh hybrid approaches in which especially you know bigger Enterprises may maybe they have a lot of Legacy uh tools uh and and and a lot of of legacy deployments and then they are starting gradually you know investing into modern infrastructures now uh from my point of view this is uh just uh an extension of of what we're saying right right if your tools especially for example in our case the monitoring tools uh are uh good at supporting modern elastic flexible infrastructures they should be also good at supporting the the more standard ones because more than uh I mean what I see is Enterprises having like uh Computing and uh Computing resources and uh uh applications and you need to be able to follow those applications from from essentially physical Hardware to Docker containers no no matter where they go so um the uh uh approach that we're taking is definitely the one of uh supporting any any possible workload in the best possible way not only but also offering a single pan of glass the famous single pane of glass in which you're able to see both your traditional servers that are running maybe on bare metal and uh your very modern uh uh application ations and the trick to for doing that is again you know a very horizontal instrumentation that is able to cover everything so the corner module approach that I was showing that I was was describing before is designed to see everything not miss uh any single piece of uh piece of data no matter where it's coming from because when you're are in the kernel you can see processes you can see containers you can see applications you can see uh what whatever you want uh and then um the ability to Reason Not uh only in terms of unique resources but in terms of uh applications uh tags Services uh metadata so that you can easily uh uh split and segment this data based on criteria that are both related to you know a modern orchestrator or uh to more like a traditional monolitic approaches so the user interface that we're trying to design and that I bet you know any modern uh It software vendor is trying to design is something that tries to go across you know these uh these different uh silos and these different areas in uh in the Enterprise at so one of the things I try better to understand is how some of these newer products and te Technologies like cytic uh affect and kind of influence maybe existing products maybe what we would call Legacy products since we're talking about the Legacy environments that they often appeal to do you think it's something where or rather our existing Legacy vendors maybe uh older larger application monitoring vendors are they adopting some of the techniques that make cytic so well suited to microservices environments or is this something that is kind of still developing Market I think is still a very developing market for the reason for the moment honestly uh I see only minor steps from traditional uh vendors in our Direction I absolutely expect bigger steps uh to be taken uh by these vendors especially by the more let's say progressive ones and the ones that are better at reacting uh at uh the market around them I definitely see know some vendors that uh are very good at doing this uh at the same time uh think about that for example how many of the Legacy Enterprise uh monitoring and management vendors really manage to evolve their products in an effective way for cloud computing not many if you think about that uh and cloud computing sort of you know created a new set of uh of vendors very specialized in that and they were able to do just just a much better job there you know and why is that that's because um typically when you when you have a shift of the magnitude you know you go from servers running in your data center running very static applications to you know instances on AWS uh that uh are based on on a very different uh premise you know you uh essentially rent them by the minute your your your tools really need to be Rau from scratch right you need you need to sort of start start over from a blank sheet of paper and and that's how a new a new set of vendors essentially gain prominence in the last few years we as sis dig strongly believe and are betting on the fact that uh the same thing is going to happen with containers so do I respect the current uh you know vendors of Legacy vendors of monitoring tools yes do I think they can evolve their tools to get somehow there yes but I I also think that uh uh there is really space for winners that uh uh really think this from the beginning and and develop a product that is designed from the beginning for this because otherwise it's always retrofitting you know something that that is uh that is already existing and you never reach the optimal solution what we're we're trying to do here is is creating the optimal solution for the specific problem how important is the ecosystem around you you know uh you know for for your own success for you know uh you know you mentioned engine X and you know different you know low balancing environments and there's different you know there's different platforms and services that you know that have to really kind of have kind of this integrated capability to make it work for for these customers how important is that for you and what are you guys doing to you know to uh you know in light of that it's of uh really critical importance we first of all uh as a company we are fully aware that we we will only be successful if the whole ecoystem is successful if you know containers and microservices uh and uh uh orchestration and so on are successful from from let's say the pure utility and Technical point of view we I have no doubt whatsoever that uh these kind of technologies have the potential to really revolutionize it uh but of course uh in order for this to actually happen these Technologies need a lot of you know execution of proper execution and uh a single vendor cannot deliver all of this execution at least in the short term you know so we need we need to work together and we want to work work together with all of the other vendors we try to do that both from the technical point of view uh by you know uh trying to collaborate with the companies in this ecosystem both the ones strictly in the container ecosystems like you know Docker coros mesosphere and and all of the other companies in the space and with the companies that that have to do with you know like modern uh infrastructures and uh and the uh modern it um from the Open Source Point of View we added a support for Docker very early on uh we the support for kubernetes and meeses as warm essentially as uh you know like more more than a year ago at this point so uh as these Technologies were you know really at the beginning in the early stages of of development and we try to you know do this in a way that brings benefit to the community but also can be an a valuable asset to the other vendors in particular we strongly believe that uh there are a couple of elements of friction uh for uh the modern uh it Docker and microservice based modern it to be successful and security is definitely one of them and and visibility is another one so uh by offering a really phenomenal monitoring tool that can address the needs of uh small companies and Enterprises that move to this new world we also give our contribution to the ecosystem of vendors by essentially decreasing friction to adoption I'd love to talk with you more about about open source ecosystems and their evolution and how open source ecosystems scale at another time um that's um a topic we're really interested in discussing and you know we're actually going to be uh uh you know having a series of discussions on this topic so I look forward to hearing some more from you Ben any other thoughts that you'd like to that you'd like to share or anything else you'd like to ask Loris well since we're wrapping up Loris I was going to ask essentially if you had anything else to say maybe to add to this space about container monitoring and again what what makes this space so special and something that maybe I should consider as an editor going forward with our next ebook what what is especially important about this what is something to keep in mind about this space so a couple of things one is uh I see as I was saying before keep an eye not only on uh how monitoring uh is going to catch up you know uh with with these new infrastructures but uh at how mon monitoring can become better in my opinion there are really opportunities here to make monitoring move forward monitoring is sort of been the same you know for the last 15 years now more than 15 years 20 years you know and it's all all always been variants of uh the the same you know two or three different techniques uh and as I was saying before now that it is changing is changing really heavily uh I see a lot of opportunities to really not only uh have equivalent monitoring as as we had before but something better of sort of rethinking monitoring and again we're starting we're really working on on it in terms of uh making monitoring easier to deploy so having you know monitoring that is deploy by just running a container or making monitoring more like Team friendly so that instead of having a giant monolitic monitoring tool you have something that follows more like the service or organization and the orchestration of your containers and creates like mini monitoring Tools Mini monitoring environments that are more like uh human friendly the other direction that uh I see monitoring potentially uh evolving in an interesting way uh and that um is part of our core technology is the ability to sort of uh add value to to your monitoring tool by uh sort of creating a hybrid uh between a monitoring tool and a security tool for example in we experimented in the open source uh this spring by releasing an open source tool called Falco uh which is essentially a behavioral uh activity monitor uh built on top of the CISD engine so uh we leverage the same uh powerful tricks that I explained before in particular being able to put a kernel module uh inside the operating system that sits underneath the container to uh extract information that is not only for example I don't know the trend of the CPU or the response time of a specific application but also I don't know the anomalous activity of a container or you user uh unauthorize user logins inside a specific part of your infrastructure from this point of view uh another uh area that I find very promising is extending monitoring for troubleshooting so there's a lot that our tool can do that is quite novel and quite unique in terms of not only being able to export metrics make make it possible to set alerts on these metrix create raal and and the kind of stuff but also Deep dive inside uh a container to get you know the really granular activity of what's Happening inside a container uh and maybe create Trace files that uh allow you to troubleshoot uh what was happening in a container that doesn't exist anymore uh maybe the following day uh and again we try to leverage the same infrastructure and the same deployment so that we can offer a tool that uh also has a powerful troubleshooting capabilities and that that's again really important in something like orchestrated containers where uh stuff probably doesn't exist anymore when you want to understand you know the the fine grain details of an issue and uh even if if it still exists there's not even the possibility to create a shell because you don't even have maybe you know the SSH server you know in some of your containers so this kind of stuff can evolve in ways that uh are interesting novel uh powerful and some of them you know we've already implemented them inside our product ah behaviors uh those they can be so funny can't they uh they very often are well listen Loris this has been a really uh good discussion thanks for bringing up Falco that was a topic I did want to address so that's that's an I think a a a story that's just beginning on how we deal with the behavior of these monitoring environments when we have container infrastructures thank you very much for uh joining us uh you enjoy your vacation there and you know we'll we'll see you there we'll see you soon you where are you going to be next when you come back from Italy you g to be any at any conferences or anything uh yeah uh probably a bunch of conferences uh this fall especially the container related ones so you know so that so that will include I guess container con and M con you and events like that yeah absolutely great well we'll see a container com for sure so we'll have to sit down and talk I'd love to talk to you about open source ecosystem so uh I look forward to that and you know good luck with sistic and you know we'll we'll talk to you soon thank you see you soon and also thank you to our listeners here and Ben thank you for joining us appreciate your your your sites and we'll be back again soon with another episode of the new analyst thanks as always take care byebye cytic is a sponsor of our ebook series on Docker and the container ecosystem learn more about Cy's perspectives on these timely and important subjects in our latest ebook about management and monitoring in the docker and container world the ebook is available for download at the new stack. audio editing and sound design for the news stack analyst podcast is provided by Broken hours you can find them at broken hours.com thanks again and hope to see you back at the show bye-bye