Monday, March 19, 2012

Links for 03-19-2012

Posted by Gordon Haff at 11:19 AM 0 comments

CastingWords for podcast transcriptions

With my recent podcasting ramp up, I decided that I wanted to add transcripts. Podcasts are all well and good--and a lot of folks genuinely like to consume interviews that way--but others would just as soon read. And, of course, there are search-ability advantages to a text version as well.

Now I wasn't about to do this myself. Transcribing takes a fair bit of time even for a fast touch typist with the right gear (which I am not and don't have). So, I asked and Googled around and decided to give an outfit called CastingWords a shot.

You can see the results here. I only did some very light editing--mostly for formatting in the blog post (changing some paragraph breaks and the like). All the technical language, even non-inutitive stuff like spelling "Basel" correctly, was handled flawlessly as was the random capitalization that afflicts so many IT industry terms like JBoss. To be sure, I gave them a well-edited and audible file to work with, but the results are nonetheless top-notch.

Pricing for 6-day turnaround was $1.50 per minute of podcast time. (My only--minor--beef with the service was that they took about 7 days. Not a big deal.)

The behind-the-scenes at CastingWords is quite interesting. They have a workflow that leverages Amazon's Mechanical Turk, splitting audio files into chunks and having them worked on by both transcribers and "editors." The idea is that there's a system of checks to ensure a quality finished product. (This also means that the cost is doubtless higher than if you were to just use Mechanical Turk on your own, but presumably you get a more consistent result. For my purposes, CastingWords' price is low enough that it's not worth spending much time to shave a few more cents.)

 

Posted by Gordon Haff at 10:56 AM 0 comments

Friday, March 16, 2012

Links for 03-16-2012

Posted by Gordon Haff at 10:32 AM 0 comments

Monday, March 12, 2012

Links for 03-12-2012

Posted by Gordon Haff at 6:43 PM 0 comments

Podcast Post-production in Python

As I've begun ramping up my podcast production a bit, I've also started running into some error-prone tedium associated with getting all the files and their associated incantations updated and distributed to all the right places. To help matters, I put together some Python code that automates some of the process. By design, the code doesn't push anything live at this point--although it would be fairly straightforward to extend it to do so.

The script:

  1. Gets information such as duration from MP3 file
  2. Creates an XML file for insertion into an iTunes podcast feed
  3. Uploads previously-created MP3 and OGG files to Amazon S3
  4. Creates a draft blog post on Blogger with a label (tag)

Given my workflow, I still need to:

  1. Update master iTunes podcast feed XML file
  2. Upload edited file to S3
  3. Make the newly uploaded XML and MP3/OGG files public
  4. Make Blogger post public

That may sound like a bit of manual work, but these are pretty quick and straightforward steps relative to the actions taken by the script. For example, the script gets the file size of the MP3 file and calculates the duration, which are needed for the iTunes feed.

You'll need to install boto (https://github.com/boto/boto.git) for S3 access and mpeg1audio   (https://github.com/Ciantic/mpeg1audio/) to extract the duration from the MP3 file. You'll also need to setup the appropriate accounts on Blogger and S3 and set a number of global variables before you can use the script.

Download code

Posted by Gordon Haff at 3:01 PM 0 comments

Thursday, March 08, 2012

Cloud Security Chat with Richard Morrell and Ellen Newlands

Our Red Hat cloud team was all together in Westford, MA this week, which gave me an opportunity to sit down with Richard Morrell and Ellen Newlands to discuss security trends in cloud computing. Richard is our new cloud evangelist in EMEA (Europe/Middle East/Africa) so he's basically my counterpart across the pond. Ellen's responsible for Red Hat's security products. They're both serious security experts with lots of experience. We talked about:

  • Cloud standards
  • Whether the cloud is "safe"
  • The role of identity management
  • Why application security matters

And more...

Listen to MP3 (13:43)

Listen to OGG (13:43)

Transcript

Gordon Haff: Hi, everyone, this is Gordon Haff, Cloud Evangelist with Red Hat. Today, I have two guests. We're going to talk about cloud security, which is something that always seems to be on everyone's minds. We have Richard Morrell, and Ellen Newlands. Richard, why don't you introduce yourself first?

Richard Morrell: Right, so I'm Richard Morrell. I'm the Cloud Evangelist doing the equivalent of Gordon in EMEA, but with a focus very much around cloud security and around application-level security for our ISVs and also our cloud provider partners.

Ellen Newlands: And I'm Ellen Newlands, and I'm doing product management for our certificate system, directory server, and the identity management features and functions that we've recently placed in Red Hat Enterprise Linux.

Gordon: So Richard, I'm going to start off by asking you a question that probably gets your blood pressure up every time you see it in a news headline. Is the cloud safe?

Richard: I think the cloud is as safe as the vendor, the controls that are put in place, and also by the thought and the governance that goes into the development and the architecture of the systems that are deployed on cloud.
I think if we can look at the trailblazers in cloud who have started to move those applications and services into the virtualized environment, into the new world of elastic computing, we have a compelling story to tell, which needs people to start thinking about being courageous enough to start building the internal controls and processes to be able to think about the workloads they want to move to cloud to keep them safe.

Gordon: In other words, it's really a pretty meaningless question without any context.

Richard: What we're doing in cloud security is really no different to the security controls that we've used in the SOA environments traditionally within data centers and in on-premise data. What we need to think about is the cost in ownership of how we actually get to cloud, and once we get there, the management controls and the governance risk control piece that we as IT professionals are dear to as part and parcel of standard business-as-usual activities.

Gordon: Now, Ellen, you were just out at the RSA conference in San Francisco. We talked a little bit the other day, and there was really a lot of attention being paid to cloud out there. Admittedly cloud is a term that is applied to an awful lot of different things, but it does seem to be getting people thinking about security and governance in a somewhat different way.

Ellen: I found it very interesting that many of the IT professionals with a background in security who work for the larger companies, the enterprises, are thinking about what is the best way to take advantage of the cost benefits of the cloud. Some are sophisticated enough to do this quite wisely, and many others are looking for guidance. But clearly, there's no question that the economics of moving to the cloud are quite compelling. Everyone in this field is looking for the best way to maximize their return and minimize their risk of moving to the cloud.

Gordon: Now, we're starting to hear a little bit of discussion around standards in the cloud, in general, but since we've got security experts here, let's maybe focus specifically around cloud security standards. I guess I'd have a couple questions. First of all, does it matter? Secondly, what is happening out there?

Richard: The security standards in cloud have been dovetailed into a mishmash of risk issues, which people like the Cloud Security Alliance are absolutely critically involved. We have been working very, very closely with the CSA now for quite some time, and in past lives I've been pushing and promoting the cloud security matrixes. If none of you are already aware of this, I suggest you Google the words "security matrix" and "CSA," and you will find that there are over 80 individuals working out there, from the Basel, PCI-DSS, ISO, and the open-source community, building levels of controls that you can push to your applicable workloads, in whichever vertical that you happen to be working in, whether it's health, whether it's finance, to enable you to get a standing start in understanding what you need to be able to say to your CIO or your CFO with regards to who needs to sign off against what, and also the controls and matrixes that you need to push against the applicable standards you're building.

Gordon: Now, Richard, I think you touched on something which is I've certainly seen around cloud security. That is that the "security" word seems to get used, really, to cover a much broader range of risk mitigation and governance issues.

Richard: Sure.

Gordon: Ellen, you've obviously worked a lot around identity and access management. It seems that, for instance, those kind of technologies tend to get lumped under security, even though it means something very different from firewalls or protecting against SQL-based exploits or whatever.

Ellen: One of the things that's very common, especially as you're moving into the cloud, is you're moving beyond the borders of the traditional enterprise. You may find that your users are not your employees. So, you may be working with your partners, with your suppliers, with your consumers, your customers. One of the things about that is you want to know who is accessing what you put in the cloud, and you want to make sure that they are only accessing what they're allowed to. That is the security piece. Part of where the standards come in is that, when you move to the cloud, you want as much openness, interoperability, and as little lock-in as possible. What you're seeing in identity and access management is sets of standards that allow great flexibility and interoperability while still allowing you to know who is accessing your information, who has the privileges to access your information, and who, frankly, to blame if for some reason things may go wrong.

Gordon: Yeah. It's not really even just cloud. It's just the way computing, in general, has been evolving, so that the old-fashioned, 19th-century fort model of having this big, honking, strong wall to keep "them" out from the data center, really, increasingly doesn't apply to cloud. Not that it ever really applied all that well to traditional data centers either, given how many security breaches were traditionally done by employees, of course.

Ellen: Your average person now has so much computer power in their hands. You get an iPhone or a tablet of any kind and you find, as you say Gordon, that the walls around the enterprise, the walls around the data, are breaking down. There really is a consumerization of IT. People bring their own devices, people go to the cloud, and the organization has to securely enable that.

Gordon: It's really at the application level, as we've discussed, Richard.

Richard: Sure. The ability now for vendors to start developing the tools and the hooks that customers need to be able to develop security into those applications, to understand who is consuming what, but also to be able to patch control and to keep version control on the libraries and the binaries that you're using or the applications that you're using.
Red Hat came from a community background. We've grown on the ethos and the goodwill that's come from the open-source community, and also the maturity that we help bring to it. But what we see increasingly in the open-source community is greater granularity in the versions of PHP and Ruby and Python, to allow people to get to cloud faster.
It's really up to individuals who consume those technologies and those libraries to ensure that when you go to cloud that you work with your vendor to ensure that you have the latest, greatest patches working there, what your rolling maintenance period is, to make sure, and also to have a complex risk register so you understand, potentially, what that means from a data leakage or a data privacy, especially in Europe and especially in the USA.

I think, more, there's a level of maturity that a sys admin can have from a perspective in his organization, to go from zero to hero. Traditionally, the sys admin's been locked in a cupboard. Now, a sys admin can be an even more bigger hero in his organization, because the safety and security of the whole cloud operation sits on his shoulders daily.

Gordon: As these things scale up--and that's one of the consequences of cloud is that things are really happening at scale. It does seem that it becomes more and more important that you automate a lot of these processes.
Richard: Yeah, sure.

Gordon: Because you just can't keep up with all this stuff at scale.

Richard: No, you can't. If you look at the percentage of people who are using OpenJRE applications in cloud, you'll see a large amount of JBoss.org applications. The JBoss.org community has some very good security people in there, people who are thinking very much about how applications are consumed. But we're also seeing a lot of JBoss.org customers, in the SME space and ISV space and the enterprise, moving across to becoming supported JBoss.com customers, where we have the power of the JBoss Operations Network, known as JON, to enable them to automate those functions, and also to audit and report.

I think we can't lose focus on the fact that, at the end of the day, you need to be able to be auditable. In the US and further afield, we have the SAS 70 certification, which is really no more than an accounting standard. We hope will be surpassed by the sort of standards that the cloud security lines are pushing and promoting, and also the PCI-DSS and Basel piece where companies are actually looking to make revenue from applications hosted either on a public/private hybrid model or directly public cloud providers.

Gordon: Ellen and Rick here, maybe finish up here by asking each of you to share if there were three pieces of advice that you could give people looking at moving to the cloud, whether that means adopting a public cloud, whether it means building a more automated self-service resource internally. What are three pieces of advice you'd give them? You first, Ellen.

Ellen: Well, I think my first piece of advice would be to understand what is the value of what you are moving to the cloud and make sure that you start your movement to the cloud, in security or in any other way, on a business case with an understanding of the business economics. I always believe that business drives security.

The second thing that I would say is there is a great deal of value in working with trusted vendors who understand this space and can certainly help with that movement.

Last, but not least, I think is to begin. I think it is important to take some level, however minor, of risk and start moving those applications that make sense into the cloud so that you'll have the experience and the background to do more over time.

Gordon: Thank you. Great advice. Richard?

Richard: I regularly stand up at conferences and I don't tend to conform to the norm and the first question I ask the crowded room is, "Who wants to go to jail first?" I'm met with a lot of white, ashen faces. I do a lot of cloud aggregation where I sit down with organizations looking to move to public cloud vendors rather than the private model.
That big piece of white paper that we sit down with enables them to start understanding who owns what risk, be it the provider, be it themselves, and what controls you can actually build and place to go to cloud. It's those controls which are the hidden cost to your company of adopting virtualized cloud computing.

The other thing is when you're working with your chosen provider, don't be afraid to ask them for the levels of both security controls and also the physical and mandatory access controls that they have built into their architecture. They should be able to provide it. If a provider just comes back to you saying oh we're secure or here's my SAS 70 certificate that's not enough. You need to be able to push and promote the fact that you're also talking to other cloud vendors that can do it bigger and better. Please can I have the right information.

The third piece is the fact that you need to be able to ensure that the data that you're moving to cloud is secure. Think about the level of risk that your company is willing to be exposed to. Also, is it possible that you can work with your trusted vendors to be able to have a hybrid model where you can tunnel databases from your data center to a cloud provider without exposing that level of risk?

The other thing is this is fun. This is enabling us to change the paradigm of computing. Red has a trusted vendor. We have the ability now to help you get to where you want to go. It's like a level of adolescence now and we're here to help you get to that next level.

Gordon: Thank you. Is there anything else you would like to share with the audience?

Richard: Stay safe.

Gordon: That sounds like good advice, no matter what you're doing. Thanks, everyone. I've been here with Ellen Newlands and Richard Morrell talking about cloud security. Thank you. Bye bye.

Posted by Gordon Haff at 4:14 PM 0 comments

Links for 03-08-2012

Posted by Gordon Haff at 2:30 PM 0 comments

Wednesday, March 07, 2012

Links for 03-07-2012

Posted by Gordon Haff at 9:49 AM 0 comments

Tuesday, March 06, 2012

Links for 03-06-2012

Posted by Gordon Haff at 9:31 AM 0 comments

Saturday, March 03, 2012

The laptop charging ritual


The laptop charging ritual
Originally uploaded by ghaff

Posted by Gordon Haff at 12:59 PM 0 comments

Wednesday, February 29, 2012

Links for Leap Day (02-29-2012)

Posted by Gordon Haff at 1:06 PM 0 comments

Monday, February 27, 2012

Links for 02-27-2012

Posted by Gordon Haff at 11:25 AM 0 comments

Friday, February 24, 2012

Links for 02-24-2012

Posted by Gordon Haff at 10:17 AM 0 comments

Wednesday, February 22, 2012

Digital to film looks with Exposure 4

Artsy photo filters don't make me as cranky as they do Stephen Shankland. That said, I generally prefer the subtle to over-the-top. And I give B&W a pass even if it's only special pleading because of the many years I spent doing B&W photography with film. Thus, when Alien Skin offered me a look at their new Exposure 4, which can "accurately simulate classic films, like Kodachrome, Polaroid, and Panatomic-X," it caught my eye. It sounded like effects I might actually use rather than dabble with one or twice and then forget about.

The software works with either Adobe Photoshop or Lightroom. I use the latter almost exclusively for my photo editing these days, so that's how I tested Exposure. Lightroom is a "non-destructive editor," which means that changes  made within Lightroom are essentially stored as a change log relative to the original image rather than altering the bits in the image itself as Photoshop and other traditional editing programs do. The implication is that because Exposure (and competitive products such as those from Nik Software) have to work outside the framework of Lightroom's non-destructive settings, you'll typically make a copy of an image, work on it within Exposure, and then return to Lightroom. This whole workflow is reasonably well automated though, so it's certainly not onerous.

Exposure has all manner of effects including soft focus and dust & scratches. However, its centerpiece is a wide range of film types that it attempts to simulate. I don't buy their marketing copy that claims "the result is a photo that looks like it was made by a human, not a computer." (And, in fact, I'm not even sure what that means.) However, it's a nice collection of both color and B&W effects, many of them quite restrained. I certainly don't claim to be an expert on the nuances of all the films represented but, for those with which I'm at least passingly familiar, the effects seem appropriate. Below, I apply presets to a few photos in my Lightroom collection.

The first photo, of a dead tree in Utah, shows the conversion from a fairly conventionally processed color image to a Platinum B&W effect.

003 cloud004 cloud

This next takes a woman standing in fog in Montepulciano, Italy and punches it up subtly using a Velvia 50 effect. While I was never a huge fan of Velvia when I was shooting film, in this case I like the pop the effect gives relative to my initial editing.

001 cloud002 cloud

Finally, we have a faded Kodacolor effect applied to a railroad crossing in the Mojave desert.

007 cloud008 cloud

The program has a lot of features but it does a nice job of hiding most of the complexity until you want to dive in. My experience was that using standard effects offered a lot of good options right out of the box. The company says that the user interface was redesigned for Exposure 4. I don't have a comparison point but I certainly had no major complaints.

The one significant downside is one that I suspect will be a show stopper for a lot of potential users: the price at $249. This is a product that is priced for professionals, often I assume portrait or wedding photographers looking for a particular look that they can apply quickly and consistently across many pictures.

Bottom line: Nice interface, nice effects, but at a price that will scare off casual users.

  You can also check out Stephen Shankland's review on CNET.

Posted by Gordon Haff at 5:17 PM 0 comments

Links for 02-22-2012

Posted by Gordon Haff at 10:32 AM 0 comments

Monday, February 20, 2012

My video from Cloud Connect on nethawk.tv

Red Hat’s Gordon Haff at Cloud Connect 2012 from NetHawk Interactive on Vimeo.

Posted by Gordon Haff at 3:50 PM 0 comments

Thursday, February 16, 2012

Links for 02-16-2012

  • AwkwardCloud: Here’s Hopin’ For Open | Rational Survivability - "“Open Cloud” is described as a set of solutions for those looking to deploy clouds that provide “… better economics, greater flexibility, and less lock-in, while maintaining control and governance” than so-called Enterprise Clouds that are based on what Randy tags are more proprietary foundations. The case is made where enterprises will really want to build two clouds: one to run legacy apps and one to run purpose-built cloud-ready applications.  I’d say that enterprises that have a strategy are likely looking forward to using clouds of both models…and probably a few more, such as SaaS and PaaS."
  • Guidance and perspectives from Vivek Kundra - CA Technologies - RT @AndiMann: #Salesforce.com EVP & ex-US CIO Vivek Kundra on '#cloud first' policies,security, beating inertia, … ...
  • [Interview] Harish Pillay, Global Community and Technology Architect, Red Hat Inc - RT @marcosluis2186: [Interview] Harish Pillay, Global Community and Technology Architect, Red Hat Inc
  • Decoding the World of Portlandia « Acculturated
  • The Apache Software Foundation Announces Apache Deltacloud as a Top-Level Project - MarketWatch - Deltacloud is now a top-level open cloud API project at Apache. Happy graduation!
  • 451 CAOS Theory » On the continuing decline of the GPL - "The figures indicate that not only has the usage of the GNU GPL family of licenses (GPL2+3, LGPL2+3, AGPL) continued to decline since June, but that the decline has accelerated. The GPL family now accounts for about 57% of all open source software, compared to 61% in June."
  • The 1st Tenet of Open Cloud: Open is About Control | tentenet.net - "Many people think that an open cloud means an open source cloud.  It’s true that open source is an important mechanism for creating an open cloud.  But, an open cloud is about much more than code or even community—it’s about giving you control."
  • Understanding the Controversy Over Silicon Valley's 'Journalism' - Technology Review - "It's easy to dismiss all attempts to put oneself at a remove from the subject of a story. After all, everyone who writes about technology has their preferences—companies we like and don't, and our tastes change over time. What the liberation from old models of objectivity brought us was an escape from the View from Nowhere— that is, the notion that we aren't all biased to begin with, or that we shouldn't disclose it. But wearing your biases on your sleeve doesn't mean you don't have them, or that talking about them is sufficient to inoculate readers against the most pernicious form of delusion there is: your own self-delusion."
  • Envisioning a Post-Campus America - Megan McArdle - Business - The Atlantic - "I can see all sorts of factors that might combine to preserve the status quo, from signaling and status and networking, to the desire of college students for a four-year debt-financed semi-vacation.  On the other hand, disruption never looks inevitable until it suddenly is--if you'd told someone in 1955 that GM was going to have its lunch eaten by some Japanese upstart, they would have laughed until the tears came.  So it's interesting and maybe even useful to contemplate what the college system would look like if this sort of distance learning becomes the norm."
Posted by Gordon Haff at 1:10 PM 0 comments

Wednesday, February 15, 2012

Podcast: Red Hat's MRG-Grid Cloud Access

Discussion of cloud interoperability tend to focus on technical aspects. But there are business aspects too. One of the programs that Red Hat has put in place to simplify moving workloads from on-premise to a public cloud is called Cloud Access. In a nutshell, this allows enterprise subscriptions to be transferred for use in a public cloud such as Amazon. We began the program with Linux but have begun expanding it to, in this case, our MRG-Grid software that's used primarily for high performance computing-style workloads. (PR here.)

If you're interested in learning more, I recorded a podcast with Red Hat's MRG-Grid product manager Tushar Katarki las week. (For a little context, take a listen to the podcast I recorded with Tushar last December in which he discusses grid, MRG-Grid, and how customers like Dreamworks are using the product.)

MP3 version (5:15)

OGG version (5:15)

Posted by Gordon Haff at 12:14 PM 0 comments

Open clouds: Beyond a veneer

After one too many shouts punctuated by "In the name of the Queen!" by London's Master of Revels, Judi Dench's Queen Elizabeth in Shakespeare in Love rises to intone: "Mr Tilney! Have a care with my name -  you will wear it out."
I sometimes feel similarly when it comes to the ferocity with which a lot of vendors apply the word "open" to cloud computing. Especially given that not a few of those involved aren't very, well, open but make up for the glancing and incidental ways their software and approaches are open with the volume of their rhetoric and the font size they use to display "OPEN" in their marketing literature.
But what does "open" mean in the context of building a hybrid cloud? (In this context, I'm primarily focused on building hybrid Infrastructure-as-a-Service clouds, although a lot of the principles carry over to other forms of cloud computing as well.) It certainly doesn't begin and end with the submission of some format to a standards body or with an announcement of partners endorsing some specific technology platform. And open source may be (or should be anyway) a given. But it's more than that too. In getting ready for a Red Hat Webcast that I helped put together, I did a lot of thinking about the different aspects of openness. Here's what I (with the help of others at Red Hat) came up with. An open cloud:
  • Is open source. This allows adopters to control their particular implementation and doesn't restrict them to the technology and business roadmap of a specific vendor. It lets them build and manage clouds that put them in control of their own destiny and provides them with visibility into the technology on which they're basing their business. It provides them with the flexibility to run the workloads of their choice, including proprietary ones, in their cloud. Open source also lets them collaborate with other communities and companies to help drive innovation in the areas that are important to them.
  • Has a viable, independent community. Open source isn't just about the code, its license, and how it can be used and extended. At least as important is the community associated with the code and how it's governed. Realizing the collaborative potential of open source and the innovation it can deliver to everyone means having the structures and organization in place to tap it fully.
  • Is based on open standards, or protocols and formats that are moving toward standardization and that are independent of vendor and platform. Standardization in the sense of “official” cloud standards blessed by standards bodies is still in early days. That said, approaches to interoperability that aren't under the control of individual vendors and that aren't tied to specific platforms offer important flexibility. This allows the API specification to evolve beyond implementation constraints and creates the opportunity for communities and organizations to develop variants that meet their individual technical and commercial requirements.
  • Intellectual property rights owners offer freedom to use IP. Recent history has repeatedly shown that there are few guarantees that intellectual property (IP) assets will remain accessible to all from one day to the next.  To have confidence that you will continue to enjoy access to IP assets that you depend on under the terms that you depend on, permission needs to be given in ways that make that technology open and accessible to the user.  So-called “de facto standards,” which are often “standards” only insofar as they are promoted by a large vendor, often fail this test.
  • Is deployable across a customer's choice of infrastructure. Hybrid cloud management should provide an additional layer of abstraction above virtualization, physical servers, storage, networking, and public cloud providers. This implies—indeed requires—that cloud management be independent of virtualization and other foundational technologies. This is a fundamental reason that cloud is different from virtualization management and a fundamental enabler of hybrid clouds that span physical servers, multiple virtualization platforms, and a wide range of public cloud providers including top public clouds.
  • Is pluggable and extensible with an open API. This lets users add features, providers, and technologies from a variety of vendors or other sources. Critically, the API itself cannot be under the control of a specific vendor or tied to a specific implementation but must be under the auspices of a third-party organization that allows for contributions and extensions in an open and transparent manner. Deltacloud, an API that abstracts the differences between clouds, provides a good example. It is under the auspices of the Apache Software Foundation and is neither a Red Hat controlled project nor tied to a particular implementation of cloud management.
  • Enables portability to other clouds. Implicit in a cloud approach that provides support for heterogeneous infrastructure is that investments made in developing for an open cloud must be portable to other such clouds. Portability takes a variety of forms including programming languages and frameworks, data, and the applications themselves. If you develop an application for one cloud, you shouldn't need to rewrite it in a different language or use different APIs to move it somewhere else. Furthermore, a consistent runtime environment across clouds ensures that retesting and requalification isn't needed every time you want to redeploy.
Of course, none of us have a perfect grade in every respect. Communities take time to develop. There are finite developer hours but an almost limitless variety of potentially supported infrastructure. And there will always be tradeoffs between value-add and perfect portability. However, I'd argue that the more aspects in which a cloud is open, the greater value an organization can gain from that cloud.
If you're interested in seeing my thoughts fleshed out in a bit more depth, here's a white paper that I wrote on the topic.
Posted by Gordon Haff at 10:55 AM 0 comments

Tuesday, February 14, 2012

Links for 02-14-2012

Posted by Gordon Haff at 9:53 AM 0 comments

Thursday, February 09, 2012

Links for 02-09-2012

Posted by Gordon Haff at 9:52 AM 0 comments

Thursday, February 02, 2012

Links for 02-02-2012

Posted by Gordon Haff at 1:15 PM 0 comments

Wednesday, February 01, 2012

Links for 02-01-2012

Posted by Gordon Haff at 12:20 PM 0 comments

Tuesday, January 31, 2012

Cloud computing's culture of discipline

Enterprise architects have led the way to successful business transformations. That was one of the key points delivered by MIT's Jeanne Ross in an interview she did with my one-time analyst colleague, Dana Gardner. Ross is the Director and Principal Research Scientist at the MIT Center for Information Systems Research where she "studies how firms develop competitive advantage through the implementation and reuse of digitized platforms." The interview is excerpted in Gardner's ZDNet blog, which also links to the full podcast and transcript.

What particularly struck me about the interview is that, although the "cloud" word was essentially nowhere to be found, a great deal of Ross' points echoed best practices that I'm seeing coming out of the first wave of private cloud deployments.

...the thing we’re learning about enterprise architecture is that there’s a cultural shift that takes place in an organization, when it commits to doing business in a new way, and that cultural shift starts with abandoning a culture of heroes and accepting a culture of discipline.

Nobody wants to get rid of the heroes in their company. Heroes are people who see a problem and solve it. But we do want to get past heroes sub-optimizing. What companies traditionally did before they started thinking about what architecture would mean, is they relied on individuals to do what seemed best and that clearly can sub-optimize in an environment that increasingly is global and requires things like a single face to the customer.

What we’re trying to do is adopt a culture of discipline, where there are certain things that people throughout an enterprise understand are the way things need to be done, so that we actually can operate as an enterprise, not as individuals all trying to do the best thing based on our own experience.

This philosophy is very much in line with the idea that a cloud moves beyond virtualization by shifting to a services-centric approach. This means offering a standardized catalog of services to users and controlling access to and deployment of those services through policy. In other words, it's about granting access to IT services within a framework of established, consistent policies. A "culture of discipline," if you would, rather than an ad hoc "culture of heroes." (I discuss more details of this shift in this CNET Blog Network post.)

What's worth noting about this culture of cloud computing in the context of cloud computing though is that it can really streamline the access to IT resources rather than the other way around. Yes, there are consistent controls and policies in place, but self-service access within that framework makes for more agility not less.

A discipline of culture doesn't need to mean a culture of "No." In fact, it can make saying "Yes" easier and faster.

 

Posted by Gordon Haff at 2:52 PM 3 comments

Links for 01-31-2012

Posted by Gordon Haff at 1:22 PM 0 comments
Subscribe to: Posts (Atom)