Tuesday, November 20, 2012

Speed Graphic photography at the Head of the Charles Regatta

I thought this was a cool contrast with all the long lens DSLRs (including mine) out there.

Red Hat OpenStack "Folsom" version now available

The story of cloud computing has been one of open source-fueled innovation—often directly driven by end users with a need. OpenStack is no exception. The broad community developing and supporting OpenStack includes end-user organizations that have demanding IT requirements. Red Hat is proud to play its own role in delivering innovation to the many open source communities with which we're involved, including OpenStack. We also have a vision to make that innovation consumable by our customers. We now have a Technology Preview of OpenStack ("Folsom" version) available.

Read the rest of my blog post on the Red Hat press site.

Links for 11-20-2012

Monday, November 19, 2012

Links for 11-19-2012

Thursday, November 15, 2012

Links for 11-15-2012

Tuesday, November 13, 2012

Links for 11-13-2012

Thursday, November 08, 2012

Links for 11-08-2012

Friday, November 02, 2012

Links for 11-02-2012

The five stages of BYOD

The "Five Stages of Grief" (aka the K├╝bler-Ross model) as applied to Bring-your-own-Device.
Denial. It's just a passing fad. Or maybe we'll just get rid of those damned entitled Millennials who think they can bring their iPads into work. They'll learn soon enough how things work in the real world. Well at least we don't actually have to let them on the corporate network. Right? Right???
Anger. Don't people know IT tells them what devices and software they can and can't use. I'm sending out an email reminding everyone just who is in charge about this and they'd better shape up or else! WTF? Is that our CEO tapping away on a tablet over there?
Bargaining. OK, everyone. I get that you say these things make you more productive and all that. Tell you what. Let me load up a bunch of special monitoring and control software on those devices you bought yourself and we can all be friends again--just as soon as you read and sign this 50 page contract documenting the rules you'll need to follow.
Depression. I've lost control. I can't do my job. There's going to be a security breach and I'm going to be blamed. Nobody understands that IT has responsibilities for our company data and our customer data.
Acceptance. Maybe this isn't so bad. Most of our employees are actually pretty reasonable about taking measured steps like using VPNs and setting a password once I explained why it's so important. In fact, they're even OK with installing profiles that enforce some of those rules. And they get that I can't offer official support for stuff they buy on their own. I wonder if I can start getting out of supporting PCs too?

Thursday, November 01, 2012

The other hybrid: Community clouds

Community clouds were included in the original NIST definition of cloud computing, which has come to be seen as more or less the definitive taxonomy. NIST defined community clouds as cloud infrastructure "provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). However, as recently as a couple of years ago, it remained something of a theoretical construct--an intriguing possibility with only limited evidence to suggest it would actually happen anytime soon.  

That's changed.

It's not that community clouds are everywhere, but we now see concrete commercial examples in pretty much the places where you'd expect. Where there are specific rules and regulations that have to be adhered to and where there are entities that can step up to some sort of supervisory or overseeing role. 

Unsurprisingly, the federal government is one of the most fertile grounds for the community cloud idea. Government, well, "thrives" may not be quite the right word. But certainly government procurement is rife with a veritable alphabet soup of rules, standards, and regulations that must be adhered to. Indeed, government procurement was one of the driving forces behind the aforementioned NIST definition in the first place. And, in many cases, the policies and process associated with these rules have relatively little overlap with how businesses operate outside of the government sphere.

GovernmentCloudFirstMandate_Thumb

Furthermore, government agencies aren't wholly independent entities. They've often acted as if they were to be sure. And one of the big issues with government IT costs historically is that purchases often get made project-by-project, agency-by-agency. That said, initiatives like the 2010 Cloud First Mandate have the federal government towards more centralized and shared IT functions. The Cloud First Mandate may not have progressed as quickly as then-US CIO Vivek Kundra initially intended. Nonetheless, it's helped push things along in that direction. (As, no doubt, budget pressures have overall.)

The result is that many agencies are rapidly moving towards a cloud computing model--often using a hybrid approach that bridges internal resources with external GSA providers. I discuss one such agency in a session at the Cloud Computing Bootcamp in Santa Clara next week.

One public cloud specifically catering to the federal government is Amazon with their GovCloud which:

is an AWS Region designed to allow US government agencies and customers to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) framework adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements. Workloads that are appropriate for the AWS GovCloud (US) region include all categories of Controlled Unclassified Information (CUI), including ITAR, as well as Government oriented publically available data. Because AWS GovCloud is physically and logically accessible by US persons only, and also supports FIPS 140-2 compliant end points, customers can manage more heavily regulated data in AWS while remaining compliant with federal requirements. In other respects the GovCloud Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, SSAE 16/SOC1 (formerly SAS-70 Type 2), ISO/IEC 27001, and PCI DSS Level 1. AWS also provides an environment that enables customers to comply with HIPAA regulations. (See the AWS Security page for more details.) The customer community utilizing AWS GovCloud (US) includes U.S. Federal, State, and Local Government organizations as well as U.S. Corporate and Educational entities.

As discussed by Brandon Butler in Network World, however, community clouds aren't limited to government. 

Given the data privacy standards imposed by the HIPAA regulation, healthcare providers also have some specific requirements and concerns when it comes to cloud computing--or, really, IT in general. Nor are these concerns purely academic. In 2011, the Department of Health and Human Services fined two different organizations a total of $5.3 million for data breaches even though those breaches were, arguably, relatively minor.

Optum, the technology division of the UnitedHealth Group, is an example of a healthcare community cloud from the Network World article. Butler writes that:

[Optum] released its Optum Health Cloud in February as a way for those in the healthcare industry to take advantage of cloud resources. Strict data protection standards regulated by HIPAA, plus a constant pressure to reduce costs and find efficiencies in healthcare management has made community cloud services seem like a natural fit for the industry, says Ted Hoy, senior vice president and general manager of Optum Cloud Solutions. Powered by two data centers owned by Optum, Hoy hopes the community cloud will eventually be able to offer Iaas, SaaS, PaaS for customers.

The service, Hoy says, has differentiating features tailored specifically for the healthcare industry. HIPAA regulations, for example, regulate how secure certain information must be depending on what it is. An e-mail exchange between two doctors about the latest in medical trends needs a different level of protection compared to a communication between a doctor and a patient. Optum worked with Cisco to create security provisions tailor-made for the system that identifies who is entering information, what type of information it is and who has access to it.

 It's still early days for community clouds and it's reasonable to question the degree to which they'll expand beyond fairly specific (and relatively obvious) uses such as we're mostly seeing to date. At another level though, I see this as another example of how it's hard to call exactly where workloads are going to end up running. Which is why industry analysts such as Gartner are making such a big deal about concepts such as Hybrid IT.

Links for 11-01-2012