This blog post is the second and final part of article that about an interview we had with Dritan Bitincka, co-founder of Cribl, an Observability Infrastructure vendor. The interview proceeded on three different tracks: (a) Mr. Bitincka’s Journey to Cribl, and (b) Industry Changes, and (c) The Future of Observability and Cribl. This part of the article captures the last two tracks.
Industry Changes. We shifted gears to the topic of what changes he has seen in the industry. Dritan said, on the top of his mind, that he is amazed at how fast observability tooling and solutions are being adopted. He explained that part of the reason is that now that most of them are cloud-based, organizations can validate the value of the solutions very fast. Before cloud was so popular, he said, it took months with salespersons doing bake-offs of solutions and customizing each premises-based environment. Now, with cloud-based, standardized systems, it takes days or weeks, allowing for decisions to be made right away. The basic message is that with cloud-based systems, customers can now do self-service and can self-evaluate systems. The second message was that the volume of data stored for observability systems is growing about 30% annually. But, if storage was free and infinite, his customers tell him they would storage 5-10x more. This desire to store more is a big part of what Cribl is betting on pursuing in the Observability Infrastructure market. Third, Dritan sees many observability tools companies getting funded – the space is hot, he says (we agree, and AI applications will only push this further). I asked a bit more about the cloud, and we discussed the cloud version of LogStream that just went to general availability in October. In this model, Cribl offers LogStream as a service for its customers. Mr. Bitincka said the interest in this service has been phenomenal and that there are a ton of proofs of concept trials underway. There is particular interest from organizations that don’t have operations teams. The Future of Observability and Cribl. Then we shifted to where the observability market is headed over the next 3-5 years. Dritan said that his customers want to instrument as much data as possible, including directly from applications as they run. He explained that Cribl offers AppScope as open-source, allowing users to collect performance data from all sorts of applications. He said that roughly 20% of applications at organizations are fully instrumented using Application Performance Management (APM) because most programs are close-sourced, and it is difficult to instrument them. His view is that there will be an emergence of tooling of applications that goes well beyond that of simple agents that reside on devices throughout the computing, networking, and security systems that are used. By peering into applications very deeply, this will cause a deluge of data that customers can currently use LogStream to handle, control and route. The location where all this new data will reside, Dritan calls it an Observability Lake. Once all this data is saved to long-term storage, he says, all the teams in the organization can self-service access it, and potentially forever. A significant advantage to using such an approach is that, in contrast to a database system where you must know ahead of time how to structure the data, with an Observability Lake approach, the teams can investigate incidents and data there were not expected and play these events back on recent or very old data. I was interested to learn how AppScope works. Dritan explained that AppScope is a black-box instrumentation technology that sits between the operating system and the application. It sees all the interactions between the application and the filesystem, the CPU, the network etc.. It captures all the metadata associated with this traffic and forwards it downstream. And, he explained that it doesn’t matter what language the program is written in, whether it is Ruby, C, Java, etc., because AppScope is just intercepting syscalls. I got the sense from Mr. Bitincka that Cribl is betting that AppScope will challenge the agent-based approach that is so common these days. I challenged Mr. Bitincka and asked what Cribl’s plans in tackling new observability infrastructure challenges are. What I learned was that the company plans to enhance both LogStream and AppScope further. For LogStream, there are 60 integrations with other systems – the number will grow, and there will be more protocol support and more device support, even including IoT systems. The company’s goal, according to Dritan, is to help customers with the “data generation” phase – how to unearth more data. Customers agree, with Cribl getting many more inbound requests from prospects as they drive towards pervasive and ubiquitous instrumentation. So, the company’s next focus is to generate data at a large scale and in a standard way. He said the company will double-down on AppScope and thereby will develop a universal edge collection system. The idea behind this edge collection system is that it would remove the headaches customers get from collecting, processing, and managing observability data. Our take on this edge collection system strategy is that Cribl will start competing with some more traditional observability vendors who have developed their own agents that reside on computing systems. But, if Dritan’s right that his customers use as many as a dozen tools, potentially all having different agents, then Cribl’s single-collection strategy could prove valuable to customers. This new data collection capability from Cribl would allow for simplified data collection and consolidated Observability Lake storage, thereby allowing customers to use all the analytical tools they want.
0 Comments
Nokia’s Global Analyst Forum this week highlighted two main trends. First, the company says it has caught up to rivals in its 5G radio development. Furthermore, the company expects its wireless systems to become increasingly technologically differentiated from competitors. Second, the company emphasizes its message that it is the “green partner of choice.” We read that the company is making more power-efficient communications equipment. Apart from its significant themes meant for headlines, the company also highlighted that: (a) it’s experiencing strong private wireless growth, (b) its RAN systems are in the pilot phase with hyperscalers like AWS, GCP, and Azure, (c) it is embracing Open RAN faster than other established competitors, (d) it expects the Remote Radio Unit (RRU) to take an increasing fraction of total RAN spending, (e) it sees the RIC as a market expansion, (f) it expects to differentiate in radio in 2022 with its growing Carrier Aggregation capabilities. Nokia, which has significant revenue exposure to Mobile RAN, is in an interesting phase of its corporate development. With having brought on new CEO, Pekka Lundmark, recently, it abandoned its end-to-end product portfolio strategy. Yet, in recent times, the company’s non-radio portfolio has outperformed radio access network growth trends, which reinforces the idea that its broad portfolio serves it well. One of the company’s primary messages from the conference was that its RAN portfolio has caught up to competitors and that next year it will deliver significant improvements, including Carrier Aggregation and a broader portfolio of Massive MIMO systems. The company also said that it is working with a broad set of infrastructure providers and infrastructure software companies that will be able to support its RAN and core portfolio; examples include Anthos, Kubernetes, VMWare Tanzu, AmazonEKS, OpenShift, among others, operating on AWS, Azure, Google Cloud or on premises-based infrastructure. Nokia is investing in broadening out the appeal of its RAN and core systems both by embracing these various non-Nokia systems, as well as supporting Open RAN. The company says it expects an increasing amount of value to accrue to the RRU and away from baseband, which we see as consistent with its support of so many different infrastructure systems that would run baseband. The company sees revenue upside in the RIC market, part of the Open RAN architecture. The company’s support of Open RAN will lead to the commercialization of Open RAN systems in about two years, according to Nokia. Furthermore, the company’s telecom core business is experiencing an acceleration in business trends. Like the RAN architecture support for various cloud systems, Nokia is even further along in offering support for its core systems like 5G Core. Management made two comments during its discussions that did an excellent job of explaining how far along the core market is in moving towards a hyperscaler-based infrastructure. First, Nokia said that “50% of RFQs include an option to run on top of the Hyperscaler.” Second, Nokia explained that of 82 of the engagements, 20 have serious public cloud investigations and dialog going.
We are also encouraged by the company’s leadership in Fixed Wireless Access (FWA) and 25G PON. In 5G FWA, the company has some significant antenna and software algorithm capabilities, and we expect new, cutting-edge products in 2022. In 3GPP 5G FWA, the company holds a significant revenue market share lead as of 3Q21, illustrating its robust capabilities. The company made a bet on 25G PON and was a significant contributor to an MSA Group called 25GS-PON. Additionally, Nokia developed its own semiconductors, called Quillion, to support 25G PON (backwards compatible to lower 10G and 1G speeds). Recently, we had the opportunity to speak with Dritan Bitincka, co-founder of Cribl, an Observability Infrastructure vendor. All three of Cribl’s co-founders were employees at Splunk, a leading observability vendor. It was exciting to hear how Dritan’s experience with Splunk led him and his co-founders to seek a new place in the value chain in the observability market. We also discussed the industry’s future. The interview proceeded on three different tracks: (a) Mr. Bitincka’s Journey to Cribl, and (b) Industry Changes, and (c) The Future of Observability and Cribl. A week after this post, we publish about Industry Changes and The Future of Observability. Dritan Bitincka’s Journey to Cribl. Dritan is the VP of products, and I noticed that he was very active in posting blog articles about the company’s first product, LogStream, in 2018 and 2019. By the time 2020 came along, Dritan’s posts were occasional (my favorite is here because it explains how simple it is to connect LogStream to Azure Sentinel), and he’s only posted once in 2021. My takeaway, which Dritan confirmed, was that he has been very busy expanding his team and building new products, the typical next phase of a startup in growth mode. I asked Mr. Bitincka what it was like moving from Splunk to becoming a co-founder at Cribl and found his response both interesting and informative. First, Dritan said that when he was at Splunk, he saw the observability market through the lens of Splunk only. But, what became clear is that many Splunk customers were using as many as a dozen other tools besides Splunk to perform observability. This insight of the fact there are dozens of other tools out there is part of what drove the current products at Cribl because what Cribl’s LogStream product does is it integrates with many “sources” and many “destinations,” with Splunk being just one of them. His second response was that Amazon S3 is one the biggest of the dozen data destinations that customers use and that customers are building analytical solutions on top of S3. He is seeing his customers adopt S3 instead of local storage increasingly. He explained that in the past, organizations would place their data into Splunk or Elasticsearch or other analytics solutions, keep it there for 90 days and then send it to archive. These systems tend to be costly, explains Mr. Bitincka, and hence the data must be sent to archive. But, sending the data to an archive means those organizations cannot use analytical tools on the data. S3, though, while not as responsive as down to the millisecond range as local storage, is now quick enough, explains Dritan. He explained that since S3 is far more affordable, the economics favor using S3 for both current and old data and then making the data accessible for periods much greater than 90 days. And third, I asked Dritan to elaborate more on the trends between local storage and S3 (or other cloud object storage), and what I learned was that the Cribl team is getting a lot more customers requests for S3, or object storage in general. More specifically, customers are “reading” the S3 data, which means they use it to do functions such as “data replay.” Customer requests for object-based storage and for more object reading activity give Mr. Bitincka confidence that his customers will deploy in the cloud. Mr. Bitincka’s background is in deploying multi-terabyte distributed systems, so I asked him to explain the challenges in deploying these kinds of large-scale systems. I enjoyed this discussion because it shows that as the growth of the observability industry has soared, this growth has caused new headaches. Dritan explained that he had deployed Splunk at somewhere around 150 customers in his years there. During that time, he learned that it became increasingly difficult to manage the systems effectively as they got larger, and often customers would need external tools like Chef or Puppet to handle configurations. The problem is that increasing the size of these systems to higher capacities when using these third-party tools became large drains on administrative or development operations professionals. So, in Cribl’s system, these version-controlled, deployment and configuration authoring capabilities are built-in, and thus they’re more accessible for customers to deploy, maintain and increase capacity. Additionally, he said Cribl’s products also have built-in health monitoring and native cloud tooling that deal with user and machine roles.
Mavenir held its annual analyst event this week and highlighted some important information highlighting its progress in transitioning to a maturing ecosystem player in the telecom equipment industry. The company highlighted its recent Koch Brothers $500M investment; existing investors include Intel/Nvidia and Siris Capital, who remain majority equity holders. The company highlighted that it grew revenues and bookings in the mid 20’s percent year-over-year in its Fiscal 2020, an impressive figure. Two main themes came from the show. First, the company’s RAN portfolio is picking up steam. Second, the company’s portfolio now spans very wide, from telecom core to RAN.
The RAN portfolio has made significant progress. The company claims over 20 deployments in 14 countries. And, Mavenir has demonstrated the capability to deploy on AWS, IBM Cloud, Microsoft Azure, Oracle Cloud, Google Cloud, and VMWare. The company spent a great deal of time reviewing definitions of various Open RAN terminology, to address confusion, spanning from vRAN, O-RAN, C-RAN, Cloud-RAN, and Open vRAN. We’ve seen many public statements from Mavenir, its competitors, operators and pundits, alike, espousing the various benefits of some or all of these systems. We think the point Mavenir was making at its conference is that Open vRAN is the most open, interoperable system. When operators enable open systems, of course, it allows Mavenir and other vendors to bid on deals for networks that have existing equipment from traditional vendors like Ericsson, Nokia, Huawei, and ZTE. We see Mavenir’s efforts to work with various infrastructure companies and systems like AWS and VMWare as a means of gaining a foothold with operators who are trialing or in the early stages of deploying these various infrastructure systems. Speaking of partners, the company claims it has relationships with nearly 15 Remote Radio Unit (RRU) players. The company says it can deliver Massive MIMO capabilities to customers, which means that its RAN systems can satisfy what would be considered mainstream 5G use-cases; this represents very significant progress over last year’s RAN capabilities. Mavenir’s portfolio is extensive. The company made separate presentations about the following topics: RAN, OSS, Radio, Packet Core, Mobile Core, BSS/Digital Enablement, Security, Private Networks, and Enterprise over three days. With over 5,000 employees spanning the globe, exposure to the most relevant parts of the mobile infrastructure industry, Mavenir is a serious contender for deals. The company also highlighted that its telecom core technology uses modern programming techniques that enable it to operate on cloud infrastructure; among these are fully containerized micro-services design. The company shared that most microservices file sizes are under 25 Mbytes, evidence that the systems are designed as microservices (and can load fast). The fact that in April 2021, well-known Koch Bros made a $500M “strategic minority” equity investment in the company is an important validation of Mavenir’s place in the telecommunications industry. We see the investment as a reinforcement of the company’s balance sheet and an opening to new customers. 200 Gbps Active Electrical Cable (AEC) to Play Key Role in Current and Next Generation Server Connectivity Server bandwidth continues to explode. Led by a confluence of next-generation processors, lower process geometry, better software, and the push toward AI, the market is seeing a rapid transition to 50 Gbps, 100 Gbps, and even 200 Gbps ports on each server. AI workloads usher in enormous data sets, and additional accelerators in the server (Smart NICs, DPUs, FPGAs, etc.) continue to push AI traffic bandwidth to outpace the overall network growth of the past five years. Our workload projection has AI-based workloads driving nearly 100% bandwidth growth on the server through 2025 compared to 30-50% in traditional workloads. With such large amounts of data moving into the server, reliability and power become more important to operators. Power budgets are not increasing this fast, and DAC can only achieve so much speed. AECs proved themselves at multiple cloud providers and hyperscalers earlier in 2021. Early 2022 designs indicated additional design wins with AEC. AECs have high reliability, are on par with DACs, and are far higher than traditional optics. At the same time, AECs have lower power consumption than fiber and can stay comfortably in most operators' power budgets. Additionally, AECs are specializing. For example Credo’s Y-Split SWITCH AEC is designed to support failover, the CLOS AEC supports front-panel connectivity in distributed disaggregated chassis, and the SHIFT AEC has the ability to shift between different SERDES lanes (56G PAM4 and 28G NRZ), which allows operators to qualify fewer variations of the cable, future-proofing some connections. As we look on the OCP Summit floor today, virtually and in person, we see many demos of 200 Gbps. In particular, we spotted implementations at two locations using 200G SWITCH AECs, which Credo announced earlier today. One was with NVIDIA and Wiwynn, and the other with Arrcus and UfiSpace. The AEC cable will play a more significant role in server connectivity in 2022 and in the overall 56G SERDES connectivity generation to enable new and more powerful applications (AI/ML and existing cloud workloads) to take advantage of higher-speed links. By Alan Weckel, Founder and Technology Analyst at 650 Group. ![]() The market is ready for a new classification of Switching in the Data Center Historically, the portion of the Ethernet switch market geared toward programmability was limited to high-frequency trading (HFT) and some niche Telco use cases. For HFT, Arista and Cisco used a combination of ultra-low latency ASICs and FPGAs. That market has historically had approximately $200M in annual revenue. The programable switching market, led by Intel's Barefoot Tofino ASIC leveraged by nearly a dozen vendors, also does about $200M a year in revenue. Network devices have lagged in innovation compared to servers, with the Smart NIC and DPU accelerators running various workloads ranging from storage, virtualization to security. It's time for the network to create a similar innovating leap into accelerated networking. Aruba, a Hewlett Packard Enterprise Company has launched the CX 10000, which is the first product to enter the market for this class of device. It combines HPE Aruba's networking IP, such as Fabric Composer and switch expertise, and Pensando's DPU to address various new deployment models. We expect that by 2025, the market for these accelerated class devices will exceed $10B. More than fifteen years ago, the market made a transition to purpose-built products for the data center and campus. Today's data center requirements are similarly pushing for new product classes and purpose-built products to address the need in a hybrid-cloud world compared to the legacy approaches used for the past decade-plus. If we look at Aruba's CX 10000 in a little more detail, several use cases geared toward colocation, hybrid-cloud, and security take center stage. With each use case, we note that the enterprise could no longer scale with the number of applications, the pools of data, nor the new multi-cloud environments. Contemporary architectures are needed to support applications and to allow the human in IT to scale. At the same time, we are in the early stages of netOps and secOps merging. Today, this leads to early themes, but the next decade of networking must support this broader trend, and we view products, like Aruba's CX 10000, as looking forward to the next ten years of networking design. Best Laid Plans and Confidence Over the Summer Still Leading to Supply Chain Shortages in 4Q2110/19/2021 Our supply chain checks across the technology and cloud sector continue to turn pessimistic during the early days of October. As a result, orders for semiconductors that were thought to be secured and guaranteed are being cut. The implications are clear that most segments we track are in for several bumpy months, with all efforts to bring 2022 back to normal.
Component suppliers are cutting or negotiating back existing commitments – Factory shutdowns, lack of fab capacity, and logistics gridlock continue to hamper the ability of system vendors to get adequate supplies. Vendors continue to burn through their stock, and no vendor can ship a 99% complete product. Vendor resources, which should be on 2022 product launches and securing capacity for future product cycles, are instead spent figuring out what to ship and adjusting components in existing product lines. In general, vendors are shipping fewer varieties of SKUs now than at any point in the past 20 years. Prices are increasing for components and, in some cases, will never return to the previous price – While some price increases could be classified as temporary or transitionary like rush charges, air freight, and redesigns, many events are leading to more permanent price increases. At the very least, vendors will dual source suppliers, manufacturing across many geographic regions leading to lower volume with each supplier. As a result, we view some semiconductor components as never returning to pre-COVID price levels. So the big question remains when products will return to historic price erosion? 2022 lacks new product designs – In 2021, there were very few new product introductions and downsizing in SKU offerings. In some markets, we track there was minimal impact, but in other areas like 400/800G, the lack of clarity is causing many hyperscalers to reevaluate their speed transitions. We expect a different tone in earnings season as vendors, component suppliers, and customers adjust to the new normal of not getting every type of product they want over the next several quarters. As a result, some projects will be delayed, others scaled back, and spare capacity at AWS/Azure/GCP will be put to the test as many enterprises embrace capacity to buffer shortfalls in premises-based hardware. When Cribl announced its monster $200M financing round, we wondered what is coming next for the observability infrastructure company. The company has revealed some of what got investors excited in its fall release (Version 3.2.0) announcements. We think the two most important elements of the fall release announcements include is Cloud Visibility & Management and its Quick Connect features, both of which enhance Cribl customers’ implementation of the flagship product, LogStream.
In addition to this 3.2.0 release, we think another reason investors are so enthusiastic to back Cribl is the growing demand for observability systems. We expect that, over time, the networking, security, and observability industries will see increasing overlap between each other. This overlap will drive customers to demand solid third-party alternatives to the trend where prominent players from each of the three industries acquire smaller, best-of-breed category leaders. While there is able competition in the overall Observability market, Cribl’s newfound war chest positions it to vie for leadership in the emerging observability infrastructure market. The company’s main fall release enhancements include:
The second important function of Cloud Visibility and Management is that it:
Nokia Unleashed Next-Gen Routing with FP5 ASIC On September 21st, Nokia launched the company's fifth-generation IP routing silicon (FP5). Along with support for 800 Gbps routing ports, the company also announced new Fixed form factors, which are becoming popular as Routing supports new uses cases around supporting more distributed IP edge routing architectures. Along with the increase in performance came a significant power reduction in the cost per bit of bandwidth and an increased set of security features. The company also announced ANYsec to extend MACsec encryption capabilities, which are becoming increasingly important to customers and SPs as more mission-critical traffic flows on networks. Since the launch of Nokia's previous generation ASIC (FP4), Nokia grew its market share position in SP Routing via a combination of custom Silicon innovation and merchant silicon to address more use cases. The company also expanded further into enterprise and Cloud use cases. 800 Gbps and the 112 Gbps SERDES technology will begin shipping in 2022, and we view the technology as an essential enabler to how networks need to evolve in Telco SPs and the Cloud. We expect that by 2025 over half the revenue and nearly three-fourths of the bandwidth in Routing will come from 400 Gbps and 800 Gbps products with operators using a mix of traditional Modular systems and smaller Fixed form factors. DPU Opportunity IncreaseS with New Market Opportunities in RAN, Security, and Enterprise WORKLOADs9/1/2021 ![]() For many, the DPU is associated with the Smart NIC and the boundary between computing and networking. Therefore it has a finite market size tied to the number of servers and appliances in the market. DPU history focused on offloading the processor with storage, basic security, and virtualization allowed the CPU cores on a server to be 100% utilized for workloads and not for tasks viewed as overhead. Today the market for DPUs is very different and in the early stages of redefining many markets. Today’s DPU metrics are impressive and altering the conversation. For example, two-three years ago, it was about getting to 100% utilization and defined to a handful of use cases. Today the DPU accelerator can do more, not only offloading basic tasks but accomplishing processing that would take multiple servers to achieve in one card. This is a game-changer and becomes a building block to future data centers looking and acting differently than the current paradigm. The DPU, and general accelerators, create new markets now and are at the forefront of several technology innovation cycles. They are not only disrupting adjacent markets with new architectures but are developing new use cases and applications. DPUs in the Telcom market was an adjacent natural market, and we highlight a set of new announcements below on several new areas the DPU is taking over: -- NVIDIA and Palo Alto Networks (May 2021) announce high-end next-generation firewall(NGFW): Palo Alto’s firewall, running on BlueField-2, opens up the entire firewall space to the DPU market. DPUs can replace custom silicon and achieve better performance. This becomes critical as the security market transitions to Cloud and as-a-Service models. -- NVIDIA and Marvel (MWC 2021 and 2022) announce multiple edge computing, NFV, RAN initiatives: Over the past two years, Marvell and NVIDIA have made significant strides in addressing almost the entire Telecom infrastructure hardware stack. For example, today, a Telecom SP can run RAN baseband directly on the DPU based system instead of on proprietary ASICs and hardware. In many cases, the DPU can achieve better cost, power, and performance than previous hardware versions offered by Ericsson, Huawei, and Nokia. The DPU also lays the hardware building block for Open RAN. There are many other examples of the DPU moving beyond basic offload and compute tasks. The above examples highlight new markets for the DPU that are direct replacements of legacy products. To date, much of 2021 has highlighted Telco markets and been SP-focused. That brings us to the enterprise which has several opportunities ahead for DPUs and is more forward-looking: -- AI/ML workloads in the enterprise: This market remains in its infancy, mostly around basic inference in a few verticals. However, all enterprises will go through a digital transformation around AI or go out of business. AI in the enterprise will be many new applications ranging from business intelligence and customer interaction to the design of new products. -- Server architectures are changing: Server designs in the enterprise and the overall march towards disaggregated pools of computing, storage, memory, and networking resources will define the next decade. The DPU will play an essential role in this transformation, and it will occur in many parts of the new architecture. Overall the market for DPU is poised for growth as new workloads and adjacent markets become prime use cases for the technology. By Alan Weckel, Founder and Technology Analyst at 650 Group. |
CHRIS DePUY
|