Thursday, April 25, 2013

Podcast: Gunnar Hellekson On PaaS and Cloud

Platform-as-a-Service offerings, such as Red Hat's OpenShift, provide a great way for government agencies to provide separation of roles (so that the scope of contractors, for example, can be narrowly defined). Red Hat public sector technology strategist Gunnar Hellekson also discusses how overall cloud adoption in government is proceeding, Red Hat Enterprise Linux FIPS 140-2 certification, and cloud in the Department of Defense.

Listen to MP3 (0:13:17)
Listen to OGG (0:13:17)


Gordon Haff:  Hello everyone, this is Gordon Haff, cloud evangelist with Red Hat. I'm talking today with Gunnar Hellekson, who's the chief technology strategist for Red Hat in the government sector. Welcome, Gunner.

Gunnar Hellekson:  Thanks Gordon, it's great to be here.

Gordon: Lots of exciting things happening in the government space around cloud computing in general and PaaS specifically. Why don't you tell us a little bit about what's happening around DISA and the DoD?

Gunnar: Yeah, this is exciting for us. I know that you've talked about OpenShift a great deal on your show and certainly I've been talking a lot about OpenShift and the value of having a platform as a service, the value of having an open source platform as a service. DISA, the Defense Information Systems Agency, who acts‑you can think about them as the IT organization for the DoD. DISA stood up this program called STAX and STAX is a platform as a service.

A little while ago they stood up their first attempt at a platform as a service, they wrote it themselves, and it functioned pretty good. Then we had a meeting with them and we gave them the roadmap for OpenShift, and they said, well, that's our plans for the next two or three years, so let's see about getting OpenShift in our organization. Indeed that's what they did. Now STAX is available to anyone in the DoD and it's really, really exciting, actually, to have OpenShift now available to anyone with a CAC card. It's pretty cool.

Gordon: Maybe you could tell our listeners a little bit more about OpenShift and why it's particularly interesting in the government.

Gunnar: Sure. OpenShift, the first problem that it solves is it makes it really easy for developers to stand up a development environment. That is often a huge problem in the DoD. If you can imagine not just a Fortune 500 company but a Fortune 1 company trying to get anything done the bureaucracy is just unimaginable. It's not unusual for it to take six months for someone to stand up a server. In that environment if you're developer, especially if you're a young developer working with some of the new languages like Node.js or Ruby or Python and so on, waiting six months for a server is just‑well, it's out of the question.

What OpenShift allows them to do is basically have a pre‑certified, pre‑approved, standardized platform that they can stand up and allows them to just go on and go ahead with their work. That would be great if it was just helping the developers, but in the DoD you have this huge demand on the operational side of the house. You have security standards that you need to meet, you have contractual and procurement standards that you need to meet, and OpenShift actually helps on that side as well.
Because OpenShift allows the operations folks to define, OK, here's what Python looks like, here's what Ruby looks like, here's what Node looks like. They can very quickly stamp out a new version whenever a developer wants it. Really it keeps both parties really, really happy. The operational guys have the standardization that they need and the developers don't have to wait six months for a server.

Gordon: One of the ways I look at platform as a service, OpenShift, is this really nice abstraction layer, in that it keeps the stuff the developers care about separate from the things that the operations, the architects, arguably even the procurement people care about. That kind of, I don't know, firewall or level of abstraction or the wall between those can sometimes be very useful.

Gunnar: Oh, that's exactly right. That's especially true in government where almost all work is done by a contractor at one point or another. When you're a contractor it's very tempting to get your hooks into as much of the system as possible because that ensures subsequent work in later contracts. Right?
If I'm the guy who builds the system from everything from the plug and the wall up to the keyboard, well then I'm uniquely qualified to go take care of that system for the rest of its useful life. That's great for the integrators and great for the contractors. Not so great for the procurement folks and the government folks who really want a more competitive environment for their IT systems.

As you're saying, having this abstraction layer, having something divided between this is what's mine‑which is the OpenShift platform‑-and this is what's yours-‑which is the code that's running inside it. Having that division makes it a lot easier for procurement folks, actually, who seem to like it the most. It's procurement folks who like it, because they can now write the platform into their contracts and say, great, you can give us this capability but you're not allowed to give us anything that plugs into the wall, because we're going to provide that in a platform that we've already built, already approved, and already certified.

It's neat to see OpenShift‑-and this is one of the reasons why I think it's so, frankly disruptive in the DoD is because it is a tool that actually allows the government to change the way that it interacts with its contractors in a way that something as old and boring as Linux doesn't necessarily do.

Gordon: In a way I think this is a little bit funny, of course, because a lot of the early talk around PaaS, particularly the online services, were around this whole idea of DevOps and you didn't need to separate the responsibilities. You look at something like Netflix and you don't really have much in the way of dedicated, separate operations staff. Here we are with PaaS and the government really being used because it can, if you want it to, on an on‑premises solution like OpenShift Enterprise, really can actually enforce those differences in layers.

Gunnar: Yeah, that's right. A lot of the DevOps work that's being done today‑-and a lot of it is outstanding and provided a huge inspiration for OpenShift, obviously. But a lot of this work is around-‑I want to call it single purpose enterprises. It was developed in an environment where you have one application that was, that that's all the company did was build this one application. In that context it becomes relatively simple to do a DevOps approach. Once you reach something with the kind of sophistication and the number of moving parts as, say, the DoD as an example.

Hugely complex organization, a whole bunch of competing missions, a bunch of competing contractors, competing procurement shops, competing program offices. Suddenly being able to say, well this is what is operations, this is what is development, and let's stay out of each other's swim lanes, that becomes a lot more valuable. We can take all the lessons learned from the DevOps world and apply them to a more enterprise‑y context, I guess. That's how I think about OpenShift.

Gordon: Maybe we can talk briefly about adoption of cloud in government in general. You read periodically, seemingly when the tech press needs some exciting headline to get people to click on, that adoption of cloud in government isn't going as quickly as their former CIO mandated to happen. What's your perspective on the ground?

Gunnar: When Vivek Kundra first put down the cloud first policy‑-a lot of people don't realize it--it's the policy of the federal government to put something in a cloud first and only if you couldn't possibly put it into an existing cloud are you allowed to go buy new hardware. That rule has been in place for a number of years and helped the, there's a grand federal data center consolidation that's underway. By 2015 they're actually going to shut down 800 data centers around the country.

Obviously if you're going to do that you need to adopt cloud. But actually the big winner in the cloud first policy was virtualization. Was just, I'm consolidating a data center, I need to virtualize to take good advantage of my hardware. That's where we were for a while, as people were looking askance at public clouds and trying to figure out, well, what kind of workloads are allowed to be in there.

Since then the government's actually developed a set of rules for how and when you're allowed to use a public cloud. That's called FedRAMP. That process has actually mildly successful because it actually, it provides a set of relatively unambiguous rules, and it provides a process for approving a particular public provider for a government workload. That was absolutely necessary. Without that I don't think we'd see the kind of cloud adoption that we see today.

You have FedRAMP in place now, and what's interesting is‑I'm trying to remember who the analyst was. I think it was Simon Wardley who talks about cloud adoption being something that moves very, very slowly and then all at once. Just last week we had Terry Halvorsen, who's the CIO for the Navy. He put out guidance, policy guidance to his deputies that said that not only are we going to go to cloud first, we're actually going to go to public cloud first.

That is, unless you have a super‑good reason for not putting your workload out on Rackspace or Amazon or another public cloud provider, you better do it. Because the Navy can't afford to keep buying servers. Then he wrote for an internal publication called CHIPS, he actually wrote almost a case study on how they moved the Navy's website up to Amazon. With folks like the Navy adopting public cloud at this pace, you can imagine that many of the other agencies are going to follow right behind.
As soon as I say that, I'm also going to add my traditional caveat which is, trying to describe the US government as a single entity is a fool's errand. We're talking about literally thousands of IT shops, and they don't certainly don't move in lockstep. While we have Navy maybe reaching out in front in the adoption of cloud services, you've got other agencies who are still trying to figure out what the best approach to virtualization is. There's a broad spectrum and it's going to be a multi‑year story.

Gordon: Maybe you could tell our listeners about some of the new things that Red Hat's doing, or they're coming down the pike?

Gunnar: Yeah, so this is actually exciting news. A lot of people, at least folks in the government space know about this. We are huge supporters of the FIPS process, this is the Federal Information Processing Standard. There's one standard in particular, FIPS 140‑2, which tells everyone how they are supposed to implement cryptography. If I'm trying to keep something secret on a machine, I can't just write any software I want. I have to take that software and have it scrutinized by a third party and make sure that when I say I'm using the SHA‑2 256 algorithm that that's in fact the algorithm that I'm using.
We have actually been certified under FIPS a number of times with RHEL and just recently we rounded out the FIPS certifications for RHEL 6, so now people can have encrypted SSH sessions, encrypted networking, encrypted disc, and be assured that it's actually meeting the federal standards. Super‑excited and not a little bit relieved to finally have those certifications in our pocket. It's really great.

Gordon: That's great, Gunnar. Anything else you'd like to share with our audience?

Gunnar: No, no, this is great. I think that maybe the last thing I'll leave you with is, back in 2008 there was a lot of talk about open government. When the Obama administration came in everyone was talking about open government and how open source could help open government. People were skeptical about it, maybe, and just this week we got two proof points for folks to let them know how successful open source has been in government.

The first is that Black Duck released their annual survey of industry, more than 800 respondents to this and these are folks like director, CIO level. Government actually came out for the first time this year as the number one adopter of open source software, which I think is super cool. The second thing that came along was the government actually using open source to improve its mission. NASA ran a hack‑a‑thon for the International Space Station last week and they had, in this hack‑a‑thon, over 9,000 participants around the world, which I think is just staggering and a great example of what the government can do when they not only use open source but actually adopt open source methods to accomplish their missions. It's real exciting.

Gordon: Well that sounds great, Gunnar. Thanks for spending time with us.

Gunnar: Well thank you Gordon.

No comments: