Mustufa Batterywala

Welcome to the session on software telemetry, right? Moving towards unified visibility across different dimensions.

So that's where we'll be talking about our experience with one of our esteemed customers, how they used taxonomy and built an entire visibility into the software. So without further ado, let's quickly look at the agenda.

So we'll just focus on what's taxonomy, quickly introduce the concept. I'm sure you might have heard about Broadcom. A quick introduction, and then we'll deep dive into what are the current challenges in the industry that have led to data taxonomy getting a very prominent and important role, and what Broadcom has done in order to have unified visibility across the DevOps, SecOps, Ops. How is it helping them, and what lies ahead?

We'll also give a quick demo on what we have done right now, and I would request all of you to mark your questions, and we can definitely have some time for Q&A.

Now, before we start, a quick introduction. So I really appreciate Krishna joining me. So Krishna is a business and engineering leader at Broadcom, years and years of experience in software engineering and operations. He has been leading at Broadcom the entire initiative to use taxonomy and drive intelligence and visibility across the domains like DevOps and on.

My name is Mustufa. I work as the Director of Technology at Gathr, responsible for developing our product solutions.

Krishna Kayala

Thank you. Thank you.

Hello, everyone. I hope I don't put you all to sleep after lunch.

So everyone knows Broadcom. We are into the semiconductor industry a lot, but in recent few years, we have acquired a lot of software companies too. And not only the products, chipsets, and semiconductor side, we're also there into software also, right? Everything this, right?

And we are into this space, the security, right? Once we acquired a lot of security products, and the cloud, and also we have infrastructure-related software solutions like AIOps and tools, ValueOps, and all, right? So Broadcom is now with software and also the hardware, both in the line, and that brings us a lot of complexity into how our products are and how we get the telemetry out of all the products that we have.

And especially the taxonomy is one of the important things we never realized when we were implementing Gathr, but we continuously failed to get the outcome when we implemented Gathr, right? But the taxonomy part, how it helped, right? And the story, once he gives us the brief of what exactly the Gathr can do.

Mustufa Batterywala

So before we move into the taxonomy, let's understand what are the unique challenges that enterprises are facing in today's point. And so we've been speaking to a lot of people, and you might have seen, right, that there are so many different tools, different things which are coming up, right? So separate tools for DevOps, separate tools for SecOps, with growing popularity of cloud, microservices. Then we have FinOps and cloud security coming in as well.

So definitely we see that teams are operating in silos using different tools. So there is a lot of potential to get a lot of insights once we start integrating that information. So that is one of the top challenges that we have seen.

Apart from that, there is strong focus from a security perspective. People are focusing to move security to what we left. With cloud, cost is a concern. So how we can proactively manage cost? Metrics like DORA, very popular, a lot of teams have started using that, right? But what beyond DORA, right? What are the metrics that can be considered to give a unified view?

DataOps is evolving. How we can use applied DataOps, DevOps principles on the DataOps. How we can use AI/ML in the DevOps world to get innovative insights into what's happening and how we can improve our processes.

At the same time, a lot of manual processes are there, right? Governance is semi-manual, not fully automated, and Kubernetes, its own problem. And each of these challenges really impacts a lot of other dimensions. Like cost impacts your operational efficiency, right? Innovation is slow and it results into poor quality of software getting developed.

So that's where there is a strong need to look at systems holistically across tools and have a unified visibility and intelligence coming from different tools.

Krishna Kayala

Thank you.

Data taxonomy, right? We didn't think about taxonomy at all when we were implementing Gathr. At that time, it's called a sclera. What we saw is how we can have visibility into DevOps, nothing more, right?

And then we started implementing it, and we acquired multiple companies, and every company follows their own format, right? Their own naming convention, what exactly they want to do in the DevOps mode.

But one thing that we quickly realized is implementing the software and getting the 360 view, we're restricting only to the DevOps. But there are two other segments where we completely ignored, which is security, how it's happening, and also the cost, right?

The cost has become very important for us because we relied very less on the data centers, but we moved most of our workloads from data centers all the way to GCP, right? Most of our workloads, all of our applications running in the GCP world. Now cost is very, very important, right?

Unlike everybody thinks, yeah, cloud is faster, cheaper, and all, but in reality, running a workload in cloud is not cheap. It is expensive, right? Most of the cases that what we found is why it's becoming expensive, that visibility wasn't there, right?

Yeah, you pick whether AWS, GCP, Azure, or anyone, right? Their focus is how best we can give the services to the consumer, and how you use and where you control, it's totally up to you. That key is completely missed.

We implemented all the products, gathering the data, but we are not able to analyze what it's like, what is that DORA metric that it's giving to me? How is my CI/CD cycle performing?

So we started integrating all the security products that we use for the vulnerability management, code analysis, right? And code quality. And again, we also integrated AWS, GCP, and Azure. Even though 80, 90% of the workload is in GCP, we also have to run certain workloads in AWS and Azure too to meet up all of our customers.

But the point where it is, we have no relationships, right? DevOps, their own naming convention, they are running on their own, and security is on their own, and FinOps on their own. Getting everything together in a correlated format.

If a release got delayed, if the code is not up to the standard, or there is vulnerabilities in a particular product family, or the cost of a particular product, like how we are managing the load in the given production, right? All of that correlation we could get.

So somewhere something is going wrong for sure, right? Because the same product is not called as XYZ in DevOps. It's not called as XYZ in security. It is not called as XYZ in Ops. It's components. Developers themselves call that product with a different name based on what microservices that they're working on, right?

This non-standardized naming actually put us into a lot of trouble. That is when, okay, let's forget about Gathr, let's forget about what we are doing, right? How do we want to see what is like executives are saying at the CEO level, or the GMs, or the product owners, or the product engineers, right? Everybody has their own perspective of looking at things.

How can we bring that together in a single dashboard, and on top of it, which is actionable? But it's not just a pretty-looking dashboard with graphs and all, but also how can we take an action on it?

That is where Gathr team helped us to, okay, work on taxonomy at the layer, at the bottom layer, and then on top of it, build all your requirements from executives to the engineers. That's what we did with Gathr, right? And that is where we built that entire framework.

And that framework is especially giving, okay, what does my GM want to see versus what exactly is the engineering developing, the entire. Can we do the next one? Maybe one more and then we'll come out here. One more.

Yeah. If you see this slide, right, it's not just a pretty-looking slide, but what we did is we looked into all the SKUs of all of our products that we have. Based on the SKUs, right? Yeah, hundreds of thousands, and sometimes even it goes into the millions, the way that marketing and the sales guys want to put in.

But what we did is, we went into each and every division has a product family. What does the product family contain? What are all the SKUs, right? We categorized all of that into three simple buckets: family, mid-family, and subfamily.

So all the products came into those three categories, right? Beyond that, nobody's interested in looking into anything beyond that. One is engineers want to look into it because they want to see what kind of microservices they're developing and all the integration pieces that they're doing, right?

So at the management level, that is where the budget is coming to us, right? So we did all of that for every product. We built that. And a division like ours is like a franchisee model, right? Every division has product families. Within that, like million subfamilies.

Once we categorize that, once we tag that naming into every product we are doing, it made our lives simpler and easier, and we are nowhere closer to it, right? We're still doing it, and there is a lot of skills on how we're bucketizing and categorizing.

If you see this one, right, it's giving me a clear picture of industry standard of DevOps, right? What is my lead time of entire products that we are aggregating, right? Similarly, change failures, what is happening in my CI/CD, right?

And we don't have one CI/CD cycle, right? We have multiple platforms, so we are not bothering anything that they're doing. Just feed us the data, give me that XML, give me that API so that I can capture all this data. That's one of the important roles we played with Gathr.

And then we went into the vulnerability management. For example, we used Black Duck for all the vulnerability management, right? For Black Duck also, the same thing, right? From the CI/CD, we are actually initiating vulnerability management scans, right? What we're doing, there also the same terminology or the same tagging we follow.

Now a product in the DevOps ran into SecOps. The same product name is actually being the one commission, right? The same product name, like how your workload is running in the Ops. So now I have all three together. I have a clear picture of how my product lifecycle is going through from DevOps, all the development, all the security, and all the FinOps.

This correlation also gives me, even one anomaly is happening in the FinOps. For example, in the FinOps, last month on a product family, we spent about $100,000. Now within 10, 20 days, that $100,000 is about like $150K. Why is it? That triggered an alert. Something is happening at the backend, right? It's definitely not like we're spinning a lot of workload. What is happening?

Then we correlated with vulnerability management and with the DevOps. Now we clearly see, okay, the amount of change rate, right? Failures are happening more and more into this. One means we initiated a certain particular release, and in that release there are a lot of integrations that we are not doing is not getting anything.

This is not just the production cost, right? Your costing cost initiates at the development layer because it's like in the GCP, we segregated even the production machines versus non-production. We know where the cost is spent now, but at the product level, we are showing the whole product cost, CO and R&D, all together, right?

When we see only the CO, that is the production, but R&D cost is increasing rapidly, right? How? Why? So it gave us clarity and where to go and dig deeper into it. Why is it happening, right?

That is the level of the product management side. They have a complete business. Go to the next, and we can go deeper into one area. Okay, we know this cost went up because some change, something happened here, or the vulnerability management side, something happened. So we can dig deeper into one, right?

DevOps telemetry, we get all that, whether you are using a Git or something else, something else, it doesn't matter. Everything, we can integrate it and we can bring it back. Similarly, static quality, quality we can check, and also software composition, right? That is where most of the time we get stuck, right? Because of a lot of false positives that we normally get.

And why is that false positive and where exactly we can address it, so the teams can collaborate with WorkMas, right? And we don't need to get into the Black Duck to see where exactly my issues are. This is giving me initial step: okay, what are all the things that I need to work with?

Not necessarily the code that the developers written is the issue. Maybe the base image itself, like on that and then not giving it right now. How do we address it together or where do we need to go and get that success?

So all of these standards gave us complete visibility into all three segments of it. Now I know the entire lifecycle, right? Are we done yet? No, we haven't, right? There are almost 200 to 300 different products collectively we have, and we can focus on how the revenue is coming in, what type of products are, where the customers are focusing on, what customer asks are, right? We can correlate it back to the channel and look into how we can, right?

You can see this cloud cost again, all three clouds, right? We can get the data in, and what type of resources that we're consuming more. Obviously, compute is more, right? That is where it goes.

But again, at the same time, we also know by division, means by product group of families, right? How they're spending, where they're spending, what kind of cost, right? Is it the cost, R&D, where it's going on? And also which product line? I have a single screen which shows me everything, right?

Yeah. Internet will come in and, oh, this makes no sense to me, right? I know what exactly my project NGAP, I want to see that one. So Gathr actually gave us an opportunity to even look into, okay, go into the component level, go into the project level, right? If I select that one, I'll get only the cost of my project, how my product is running in the month, my product workload is running in production or in the non-production. I can segment it out here.

Q&A

Q: [Inaudible]

A: I'll take it past. Any question? Good question.

So our revenue is completely different system altogether, right? A system there. Now think of this way. When we recognize the revenue, it's always on the SKU-based what we have, right? All the revenue comes on SKU.

Before this telemetry or the taxonomy that we did, a product name, we as a product management team or engineers, we call it as an XYZ product, right? That's all. But in reality, revenue is coming on a SKU.

Now, when we added this taxonomy, right, we took that SKU base as a base for our taxonomy stuff. So we plugged all the SKUs and made one particular SKU as a product. Now all the costs that whatever I'm having to my finance team based on that product name, I'm just delivering that Excel sheet.

For example, right, so revenue team has a very clear correlation. They don't need to map, or somebody needs to help them. They clearly know what their product is called with the SKU, and I'm giving exactly the same naming to them. So when the GM gets the report, they have just easy correlation. They don't need to do any manipulations at all, right?

That is one of the advantages, right? We use Oracle at the back end. So every quarter they'll send me a file, right? All the SKU file and all the manipulations that whatever we have done, that will get synced with this master. So Gathr uses my master file, which is coming from that.

But 100% of the time, it's not true, because there are some services we don't sell. Those services are the platform which will help the products to sell, right? So those are the manual taxonomy. We identify them, these are the manual taxonomies that we are adding, but we see the cost is shared across like five or six revenue-generative SKUs. So that clarity also they get. Yeah, most of the time, that is where the confusion comes in.

Q: [Inaudible]

A: So was this manual? Does it make sense? Please.

You can. So this is what we did when we built that master taxonomy table, right? So we clearly told them, hey, we got all of these ERP SKUs, and you enter whatever the SKU that you want to name it, right? And we'll recognize that as manual, and then I took that ownership and gave it to everyone, right?

Whatever my report comes in is onto you, how you want to put it. That database, we put it in, we have Postgres. We used it, we built the database and frontend. We built it and we gave it to all the product owners. Now it's their responsibility how they want.

Q: [Inaudible]

A: Good question. Yeah. Finance never believes in anything, right? So trust but verify. That is what they always did.

So what we did when we built this taxonomy, we made them as a part of it. So from the beginning, right? Like, hey, this is what we are doing. They asked a bunch of questions. Why do you need this data? What do you do with this, right?

You don't even need to understand what exactly the taxonomy is. But I had multiple meetings with them, explained it to them, what we are trying to achieve. Then they started giving me the requirements, how I need to club all the smaller, smaller SKUs. Because when bundles, that is where the confusion comes in, right? Bundles, they helped me to build this taxonomy on.

Now it's an agreement between the ERP teams and production incentives. Yeah. Involve that, make it share of everything what you are doing. Give them the data. Still they don't believe you, but at least they'll listen to you.

Q: [Inaudible]

A: Okay. The first thing, they all yelled at me, because they never saw this at all, right? They were always in the belief that they're delivering the best product, right? Once I gave them what exactly is happening into their security world versus the cost, no, that is not true, right?

That is the first thing that they responded to me, "Oh, I don't cost that much."

No, this is the proof, right? This is how we went, and we're not restricting anything. We are not hiding anything, right? This is the raw data.

Then I stopped PPTs. That is the advantage of all of these. I don't want to build any PPT for you because PPTs all matter, right? All the bogus information, we can put them. But this is the raw data and pulling directly from the first table. Yes.

Even now they're not happy, but they know this is all going to all the GM layer. Now they're working with me very closely and correcting the data, right? I have about 30,000-plus positives, right? The first thing when they saw into this, the 30,000 has become like a 25 in the first three months, because a lot of junk piled up, all the technical debt sitting over that there, nothing doing, right?

Even in the Black Duck, right, I had around 6,000 to 7,000 projects spun up. Active ones are less than 1,000. Basically, they are bringing all the mess onto them, right? That visibility helped them. Yeah, they hated me, but yeah, they started looking at it. They're reasoning it, right? Yeah.

Q: [Inaudible]

A: That's true. So now with this one, it's very clear: the amount of code and the quality code that they're putting in is highly visible, and how you optimize it.

One of the classic examples that we have, a product with log analytics, right? And storage is always expensive, and the data from egress or ingress, right? It doesn't matter, right? A lot of network costs are going.

Once they got the complete visibility, 90% of the cost just because how much they're consuming. They never had visibility into it. Oh, my product is working efficient. But your efficient product is not sellable because your customer is not going to pay that much. What do you use it once?

See, everything is visibility. That is what we actually started with: give visibility to everything. You're a developer developing your piece of code, and you are actually contributing to the revenue to a company. But also know about everything, what you are doing, how your footprints are coming up.

Keep that visibility initially. Yeah, they don't understand, they don't like it, they hate you. Eventually, they'll come back.

Mustufa Batterywala

So I think we're almost time up. But if there are any questions, I think Krishna is there.

I think I just want to take a moment and talk about platform. I think we can talk more about at our booth, but in case of any questions, I think that's the platform that has powered the view with.

Thanks.