Tom Hatch Reflects on Salt’s Integration into VMware (aka VMware gets Salty)
It’s been practically a year since VMware acquired Salt, the python-based open source software for event-driven IT automation, remote task execution and configuration management. Curious to find out how the transition has progressed, we caught up with Tom Hatch and Salt Project Community Manager Jimmy Chunga for an update:
Editorial team: Tom, at SaltConf20 on October 29th, you announced Salt was in the process of being acquired by VMware, with plans for Salt to be deeply integrated within the vRealize portfolio, especially vRealize Automation (vRA). How has the integration gone?
Tom: Firstly, I have to say it’s been a year full of accomplishments, challenges and new experiences. There’s been a lot to learn and a lot of transitions, but the end result is something I’m ridiculously excited about. We got incorporated into VMware a lot faster than I expected and generally a lot faster than companies are incorporated. There have been some ups and downs. One of the big ups is that we were able to get integrated with vRA and get some initial product integrations out the door very quickly.
Editorial team: You bring an open source-infused mindset into VMware. What kind of shifts did your team have to make? Have the VMware and Salt engineering cultures meshed as you had hoped? And how has the transition been for you personally?
Tom: The biggest changes we’ve had coming into VMware were attitudinal and cultural. From a process perspective, not a whole lot has changed for Salt, although the way we do things is a little different from how the Open Source Program Office does things. When we came in, we had a few folks who had been so scared by our approach that they put blinders on. And some of the work we’ve needed to do is help people understand that VMware is in it to win with Salt. One of the big motivators for the acquisition of SaltStack was for us to help influence how VMware does open source. This cultural shift has been impactful for both sides of the acquisition, and we are thrilled with the growth we’ve seen.
For me, personally, it’s been a big change in how I come to work everyday. Inside of VMware things are different; I’m no longer where the buck stops. I needed to adjust to my new role of collaboration and influence. I hope I’ve done a good job.
Editorial team: Could you speak to the advances that have been made in Salt and SaltStack’s ability to control and secure IT systems across the entire enterprise in terms of SecOps and making the IT ecosystem more manageable, high-performing and more secure, and perhaps relative to how Salt has changed over the years?
Tom: Salt is 10 years old, and it began as an app deployment system, similar to a large extent of how Puppet and Chef were used. But the world around us has changed so much and app deployment is not what it was a decade ago. Usages and the configuration management tooling has also changed. Salt today is being used not only to manage large data centers, one of our strongest niches, but for device management, hardware management and IoT management. Salt is not just about configuration management though; it’s about abstracting the complete management of a device. Salt abstracts device management into remote execution, event management and configuration management. This combination gives us the powerhouse we need to take care of the current generation of device management.
Today inside of VMware, the SaltStack product team is focused on three key areas. The enterprise product has become the focal point of product integration. SaltStack Enterprise has been renamed; it’s now called SaltStack Config and is a major component of vRealize Automation. The Salt Project has been significantly hardened with many new open source features. A number of proprietary products that were developed inside of SaltStack have also been open sourced. Finally, we have radical new innovations in the POP and Idem projects.
Editorial team: Tell us a little more about Idem—is that a Salt add-on or something different?
Tom: Working with the Idem project is one of things I’m very excited about. Idem is an idempotent data flow programming language. It exposes stateful programming constructs that make enforcing the state of an application, configuration, SaaS system or others very simple. Idem is not an add-on to Salt, but a sibling. Idem is fully open source and being developed as a cloud automation engine for multiple products. You can watch our progress with Idem in the GitLab repository.
Editorial team: You said at SaltConf20 that, “it became more apparent that the security issues we experience today have so much to do with human communication and solving human problems in a gulf that hasn’t been addressed and Salt and SaltStack could do in a unique way.” Could you describe how Salt has managed that and how it takes on the challenges that come with different personas and needs?
Tom: Salt SecOps delivers on this new way of thinking about security operations. Just finding the issues is not enough, we also need to speed up the resolution. Salt SecOps delivers on this promise in ways that no other product does. SecOps is not about using automation tools to solve security issues, it’s about bringing multiple teams’ workflows together. When we bring teams’ workflows together, we solve human problems, and that makes the hard technical problems incredibly easy to grapple with.
Editorial team: Could you speak to the subject of open source versus proprietary development in this realm? Open source and proprietary development are two very different beasts. They solve very different problems in the grand scope of engineering and need to be managed together. Open source software is amazingly good at building platforms and solving developer problems, whereas proprietary development is very good at solving end-user and last mile problems.
Tom: A great example of this is the open source desktop. For years people said that “this would be the year of the open source desktop,” but even though the open source desktops – KDE and Gnome – are some of the largest open source communities out there today, the dream was never realized. This is because the level of refinement needed by end users is not the same for open source developers. Open source developers focus on their problems, while proprietary developers focus on user problems.
Open source allows us to scale the software to solve difficult, shared, developer problems, but I don’t think it will ever solve all the problems in the world, like so many of us hoped it would years ago. We need both development patterns to succeed — to bring them together in ways that can drive both innovation and productization. I am very excited to be involved with this at VMware.
Editorial team: Sometimes the open source development model yields the best outcome and sometimes a proprietary model is a better path – the answer lies in better understanding the business and end-user problems to be solved. Do you agree?
Tom: Yes, I do. Open source is not going to solve matters, like SaaS would, because the situation requires a certain amount of maintenance that only a company type of structure can deliver with continual security updates. That’s why open source projects aren’t able to penetrate the security space and the reason why we built SecOps in Salt. That’s where we have real enablement to certain open source pieces, on top of the extraction, and that’s where the influence needs to happen. And then that influence needs to be geared towards users who will gravitate to it. And then that’s where we’re able to use open source platform tools that give platform capabilities to a broad audience who are solving and delivering specific solutions that are needed by targeted teams, personas and users inside that corporation. Then you’re able to gain momentum, development and speed-to-market as well as influence, something you just can’t get from proprietary stack.
The future is a happy blend of open source and proprietary software.
Editorial team: With open source comes great responsibility. It’s up to you to push updates or you’ll sit on an old version forever. Many customers aren’t willing to do that.
Tom: Maintenance is hard! Making it easy is a key business driver. Many proprietary products have taken this route over the years, in fact, updating and maintaining an open source operating system is what some of the first products on top of open source looked like!
This is why productization should gravitate towards areas that solve problems that take focus and maintenance. These areas will not be influenced by open source software in the same ways that so many other products have. Open source is owning the platform innovation, companies need to leverage that innovation and influence in every way possible, to drive faster resolution of the human problems that open source can’t touch.
Editorial Team: What lies ahead in terms of open source for Salt and VMware? Separately and combined?
Tom: VMware is the perfect home for Salt. Salt delivers a powerhouse open source automation platform, and VMware has a host of products ready to deliver user solutions, so it is a match made in heaven. As we move forward, this model will continue to play out, with Salt innovating on the platform side and VMware creating new solutions to make lives easier.
Editorial team: Thanks, Tom! We’re so pleased to learn that the VMware/Salt integration has proven successful. Jimmy, what can you tell us about SaltConf21?
Jimmy: The SaltConf21 theme this year is “bigger, better, faster, stronger.” That’s a direct tip of the hat to VMware, because we have the muscle and support of the company behind us. We are crafting a new message for this year’s event, one that emphasizes not only the strengths Salt has always had, but brings attention to the new ways people are using Salt and how Salt is really good at solving problems. For instance, many people don’t know that Salt is on 20-30% of the world’s gambling machines! There are several cruise ship companies that use Salt to manage devices on their ships.
Editorial team: Will the event be virtual again this year?
Jimmy: It will be virtual — two days, 25 sessions, 30 speakers, labs and contests and more ways to incentivize people. The big, wonderful surprise is that being virtual last year proved to be an open source crowd pleaser and we’re hoping for an even better turn out this year. Previously, it was a rare opportunity for all the open source communities to get together and rub elbows and get close to Tom and learn face-to-face — a small conference and an exclusive high ticket item. The great thing about being virtual is that everyone can attend.
Editorial team: Thanks, Jimmy and Tom! We’ve enjoyed chatting with you and appreciate the two of you taking the time to catch us up on Salt!
More about Salt and SaltConf21 Virtual
SaltConf is a gathering of IT and security operations professionals focused on building and maintaining more secure and reliable digital infrastructure for modern business. The event includes two days packed with hands-on training, education, certification and technical insight from SaltStack engineers, customers, partners, and contributors. The agenda offers keynotes, breakout sessions and networking with the Salt community not offered anywhere else.
SaltConf21 Virtual will be the 8th annual SaltStack user conference. The event will be accessible globally on a virtual platform on November 3-4 from 9am – 4:30pm MT. Jimmy gives a sneak peek below.