Cloud – succeed by being open

Last month I wrote an article on here about how governments, firms, organisations and individuals looking to succeed in Cloud should look at focusing on skillsets and technologies from the Open Source community.

It is becoming increasingly obvious I am just scratching the surface. After attending summit in Boston it is abundantly clear that Cloud is doing something evolutionary as well as disruptive but that is highlighting personal individual growth and causing an almost automatic promotion of people in development and architectural IT roles. I can only comment on what I see from the Open Source community but for those who involved in more proprietary areas of IT such as VMWare and Microsoft I would genuinely welcome your feedback in the comments box or offline if you would prefer.

In a recent former role I was involved in the above classified architecture and accreditation of Unix and Linux platforms for the battlefield and for the deployed IT needs of UK and coalition forces in the arena. A lot of application hosting and a lot of natural secure segregation depending on the classification of the application or data being used in the field or the level of secrecy applied to it's usage. I'm obviously not going to breach The Official Secrets Act or confidentiality of a customer but let me explain the gulf of then and now. A lot of these applications were deployed in the most critical areas of IT operations you can think of. Deployed on hypervisors and with secured storage requirements and tied down with multiple layers of intrinsic mandatory security controls. You'd expect nothing less of mission critical platforms.

However it taught me a lesson, it taught me that a lot of the applications were unweildy and built by legacy IT houses who made a very good living out of throwing an application over the fence and then relying on a network architecture guy to accept the risks and firewall / enforce policies to ensure compliance and that security was "somebody elses job" and not part of go to market "out the box".

What it did mean was that I was dealing on a very regular basis with companies shipping catalogue based products for deployment in bare metal and virtual infrastructures. Security was a dirty word. It was the last tick in the box and we were a hurdle to climb over. Engaging with a lot of the application developers in the upstream feeder community of companies in the FISMA/FIPS space is always painful because security conformance to them is often waving an outdated Target of Evaluation (ToE) or Common Criteria certificate that means nothing to a deployed environment and simply represents a tick in a procurement checkbox. When asked about variances around deploying in physical, or virtual hypervisor based environments there was never really differentiation and guidance forthcoming. This is sadly the norm for most major software companies especially in the middleware and the proprietary development environments.

So it's no real surprise now that the ever increasing amount of organisations and institutions who are weaning themselves away from those supplier organisations and working with their own development staff. Development staff who can help the company own the roadmap and lifecycle of application development management but also who can own the costings, the ambition and the growth of applications that reflect and often underwrite where that company is going.

If you do a straw poll you'll see that the supported application frameworks and languages are varied but that Ruby, Python, Java, Struts etc are all represented and form the toolkit of the forward thinking developer in the private and public sectors. Government isn't being left behind, the penny is slowly dropping the concept that the old school way of harnessing applications is dated and that unless you employ the right people who get what Open means, and get the ethos and drive of the community you stand to be left way behind

Can you afford to not look at more open ways of getting to Cloud ? Proprietary vendors if you also want to stay relevant and keep generating revenue you also have an opportunity to play a new game.

Cloud Meetup Tonight in London

I am attending the London OpenStack meetup tonight. Before that I am doing a podcast interview with Daniel Berrange of our Virtualisation Engineering Team who is talking LibVirt and goodness at the meetup. Want to talk to him about everything LibVirt, LXC security and CGroups and a lot of cool stuff.

If you're around register and come and say hi. Would be good to see you.