Listen to MP3 (0:13:17)
Listen to OGG (0:13:17)
[Transcript]
Gordon
Haff: Hello everyone, this is Gordon Haff, cloud evangelist with Red
Hat. I'm talking today with Gunnar Hellekson, who's the chief technology
strategist for Red Hat in the government sector. Welcome, Gunner.
Gunnar Hellekson: Thanks Gordon, it's great to be here.
Gunnar Hellekson: Thanks Gordon, it's great to be here.
Gordon:
Lots of exciting things happening in the government space around cloud
computing in general and PaaS specifically. Why don't you tell us a little bit
about what's happening around DISA and the DoD?
Gunnar:
Yeah, this is exciting for us. I know that you've talked about OpenShift a
great deal on your show and certainly I've been talking a lot about OpenShift
and the value of having a platform as a service, the value of having an open
source platform as a service. DISA, the Defense Information Systems Agency, who
acts‑you can think about them as the IT organization for the DoD. DISA stood up
this program called STAX and STAX is a platform as a service.
A
little while ago they stood up their first attempt at a platform as a service,
they wrote it themselves, and it functioned pretty good. Then we had a meeting
with them and we gave them the roadmap for OpenShift, and they said, well,
that's our plans for the next two or three years, so let's see about getting OpenShift
in our organization. Indeed that's what they did. Now STAX is available to
anyone in the DoD and it's really, really exciting, actually, to have OpenShift
now available to anyone with a CAC card. It's pretty cool.
Gordon:
Maybe you could tell our listeners a little bit more about OpenShift and why
it's particularly interesting in the government.
Gunnar:
Sure. OpenShift, the first problem that it solves is it makes it really easy
for developers to stand up a development environment. That is often a huge
problem in the DoD. If you can imagine not just a Fortune 500 company but a
Fortune 1 company trying to get anything done the bureaucracy is just
unimaginable. It's not unusual for it to take six months for someone to stand
up a server. In that environment if you're developer, especially if you're a
young developer working with some of the new languages like Node.js or Ruby or
Python and so on, waiting six months for a server is just‑well, it's out of the
question.
What
OpenShift allows them to do is basically have a pre‑certified, pre‑approved,
standardized platform that they can stand up and allows them to just go on and
go ahead with their work. That would be great if it was just helping the
developers, but in the DoD you have this huge demand on the operational side of
the house. You have security standards that you need to meet, you have
contractual and procurement standards that you need to meet, and OpenShift
actually helps on that side as well.
Because
OpenShift allows the operations folks to define, OK, here's what Python looks
like, here's what Ruby looks like, here's what Node looks like. They can very
quickly stamp out a new version whenever a developer wants it. Really it keeps
both parties really, really happy. The operational guys have the
standardization that they need and the developers don't have to wait six months
for a server.
Gordon: One of the ways I look at platform as a service, OpenShift, is this really nice abstraction layer, in that it keeps the stuff the developers care about separate from the things that the operations, the architects, arguably even the procurement people care about. That kind of, I don't know, firewall or level of abstraction or the wall between those can sometimes be very useful.
Gunnar:
Oh, that's exactly right. That's especially true in government where almost all
work is done by a contractor at one point or another. When you're a contractor
it's very tempting to get your hooks into as much of the system as possible
because that ensures subsequent work in later contracts. Right?
If
I'm the guy who builds the system from everything from the plug and the wall up
to the keyboard, well then I'm uniquely qualified to go take care of that
system for the rest of its useful life. That's great for the integrators and
great for the contractors. Not so great for the procurement folks and the
government folks who really want a more competitive environment for their IT
systems.
As
you're saying, having this abstraction layer, having something divided between
this is what's mine‑which is the OpenShift platform‑-and this is what's yours-‑which
is the code that's running inside it. Having that division makes it a lot
easier for procurement folks, actually, who seem to like it the most. It's
procurement folks who like it, because they can now write the platform into
their contracts and say, great, you can give us this capability but you're not
allowed to give us anything that plugs into the wall, because we're going to
provide that in a platform that we've already built, already approved, and
already certified.
It's
neat to see OpenShift‑-and this is one of the reasons why I think it's so,
frankly disruptive in the DoD is because it is a tool that actually allows the
government to change the way that it interacts with its contractors in a way
that something as old and boring as Linux doesn't necessarily do.
Gordon: In a way I think this is a little bit funny, of course, because a lot of the early talk around PaaS, particularly the online services, were around this whole idea of DevOps and you didn't need to separate the responsibilities. You look at something like Netflix and you don't really have much in the way of dedicated, separate operations staff. Here we are with PaaS and the government really being used because it can, if you want it to, on an on‑premises solution like OpenShift Enterprise, really can actually enforce those differences in layers.
Gunnar:
Yeah, that's right. A lot of the DevOps work that's being done today‑-and a lot
of it is outstanding and provided a huge inspiration for OpenShift, obviously.
But a lot of this work is around-‑I want to call it single purpose enterprises.
It was developed in an environment where you have one application that was,
that that's all the company did was build this one application. In that context
it becomes relatively simple to do a DevOps approach. Once you reach something
with the kind of sophistication and the number of moving parts as, say, the DoD
as an example.
Hugely
complex organization, a whole bunch of competing missions, a bunch of competing
contractors, competing procurement shops, competing program offices. Suddenly
being able to say, well this is what is operations, this is what is
development, and let's stay out of each other's swim lanes, that becomes a lot
more valuable. We can take all the lessons learned from the DevOps world and
apply them to a more enterprise‑y context, I guess. That's how I think about OpenShift.
Gordon:
Maybe we can talk briefly about adoption of cloud in government in general. You
read periodically, seemingly when the tech press needs some exciting headline
to get people to click on, that adoption of cloud in government isn't going as
quickly as their former CIO mandated to happen. What's your perspective on the
ground?
Gunnar:
When Vivek Kundra first put down the cloud first policy‑-a lot of people don't
realize it--it's the policy of the federal government to put something in a
cloud first and only if you couldn't possibly put it into an existing cloud are
you allowed to go buy new hardware. That rule has been in place for a number of
years and helped the, there's a grand federal data center consolidation that's
underway. By 2015 they're actually going to shut down 800 data centers around
the country.
Obviously
if you're going to do that you need to adopt cloud. But actually the big winner
in the cloud first policy was virtualization. Was just, I'm consolidating a
data center, I need to virtualize to take good advantage of my hardware. That's
where we were for a while, as people were looking askance at public clouds and
trying to figure out, well, what kind of workloads are allowed to be in there.
Since
then the government's actually developed a set of rules for how and when you're
allowed to use a public cloud. That's called FedRAMP. That process has actually
mildly successful because it actually, it provides a set of relatively
unambiguous rules, and it provides a process for approving a particular public
provider for a government workload. That was absolutely necessary. Without that
I don't think we'd see the kind of cloud adoption that we see today.
You
have FedRAMP in place now, and what's interesting is‑I'm trying to remember who
the analyst was. I think it was Simon Wardley who talks about cloud adoption
being something that moves very, very slowly and then all at once. Just last
week we had Terry Halvorsen, who's the CIO for the Navy. He put out guidance,
policy guidance to his deputies that said that not only are we going to go to
cloud first, we're actually going to go to public cloud first.
That
is, unless you have a super‑good reason for not putting your workload out on
Rackspace or Amazon or another public cloud provider, you better do it. Because
the Navy can't afford to keep buying servers. Then he wrote for an internal
publication called CHIPS, he actually wrote almost a case study on how they
moved the Navy's website up to Amazon. With folks like the Navy adopting public
cloud at this pace, you can imagine that many of the other agencies are going
to follow right behind.
As
soon as I say that, I'm also going to add my traditional caveat which is,
trying to describe the US government as a single entity is a fool's errand.
We're talking about literally thousands of IT shops, and they don't certainly
don't move in lockstep. While we have Navy maybe reaching out in front in the
adoption of cloud services, you've got other agencies who are still trying to
figure out what the best approach to virtualization is. There's a broad
spectrum and it's going to be a multi‑year story.
Gordon: Maybe you could tell our listeners about some of the new things that Red Hat's doing, or they're coming down the pike?
Gunnar: Yeah, so this is actually exciting news. A lot of people, at least folks in the government space know about this. We are huge supporters of the FIPS process, this is the Federal Information Processing Standard. There's one standard in particular, FIPS 140‑2, which tells everyone how they are supposed to implement cryptography. If I'm trying to keep something secret on a machine, I can't just write any software I want. I have to take that software and have it scrutinized by a third party and make sure that when I say I'm using the SHA‑2 256 algorithm that that's in fact the algorithm that I'm using.
We
have actually been certified under FIPS a number of times with RHEL and just
recently we rounded out the FIPS certifications for RHEL 6, so now people can
have encrypted SSH sessions, encrypted networking, encrypted disc, and be
assured that it's actually meeting the federal standards. Super‑excited and not
a little bit relieved to finally have those certifications in our pocket. It's
really great.
Gordon: That's great, Gunnar. Anything else you'd like to share with our audience?
Gunnar: No, no, this is great. I think that maybe the last thing I'll leave you with is, back in 2008 there was a lot of talk about open government. When the Obama administration came in everyone was talking about open government and how open source could help open government. People were skeptical about it, maybe, and just this week we got two proof points for folks to let them know how successful open source has been in government.
The
first is that Black Duck released their annual survey of industry, more than
800 respondents to this and these are folks like director, CIO level.
Government actually came out for the first time this year as the number one
adopter of open source software, which I think is super cool. The second thing
that came along was the government actually using open source to improve its
mission. NASA ran a hack‑a‑thon for the International Space Station last week
and they had, in this hack‑a‑thon, over 9,000 participants around the world,
which I think is just staggering and a great example of what the government can
do when they not only use open source but actually adopt open source methods to
accomplish their missions. It's real exciting.
Gordon:
Well that sounds great, Gunnar. Thanks for spending time with us.
Gunnar: Well thank you Gordon.
No comments:
Post a Comment