Podcasts from the Trenches

I was in Holland at the CloudStack Collaboration Conference and recorded a number of shows that have made it out via RSS but I haven’t talked about here. So as it’s the run up to Christmas today is a podcast bonanza with no less than four shows highlighted here for your aural delectation.

The first show I am bringing you here is with Tryggvi Lárusson of GreenQloud in Iceland. GreenQloud I wanted to talk to because they are 100% Green environmentally friendly. Using the thermal geological heat in the substrata of the Icelandic crust and hydroelectric power to power their datacentre. Big time Open Source user I wanted to hear from them about their startup and plans for growth.

  You can listen to this show directly by clicking this link

The second show is with a good new friend Arjan Eriks of Schuberg Philis in Holland who are a major cloud provider working with upstream verticals and customers in specific niche marketplaces (regulated and auditable cloud needs to meet Dutch and EU privacy specific workloads). A company who make revenue and who grow based entirely on their Cloud ambition. Great guy – commercial and balanced and able to paint a picture to the listener of what customers want and how to retain them.

The Red Hat Cloud Provider Programme is a great way of you being able to both stand up a business and also to attract, and to retain custom. Talk to me offline for more info.

  You can listen to this show directly by clicking this link

Remember you can listen via your chosen podcast client of choice by adding my RSS (http://cloudevangelist.libsyn.com/rss) or via iTunes, Podfeed, Stitcher or many of the syndicated sites that carry my content. In fact 90% of my readers now come from sites other than Cloudevangelist.org or redhat.com and that number is growing weekly. Just glad we put shows out that are easy to digest and to listen to. Remember, your feedback and your emails matter. If there is a show you like – tell folk, retweet it. This stuff is free and it’s designed to help you.

Podcast – Ed Daniel, ITIL, Audit & Cloud

I am joined on today’s show by Ed Daniel. Bit of a coup. Ed is one of Europes leading OSS evangelists but like me shares a background in process management ITIL, security and enterprise enablement. Ed works for Normation and was in London attending DevOps and I didn’t have to push very hard to get him to sit down in front of my microphones.

This podcast is really for the companies who are thinking about deploying Cloud, who are thinking security hardening, process management, ITIL, PCI-DSS, ISO standardisation, deploying against Cloud Security Alliance or SELinux guidelines. If you’re a service provider too this podcast also helps you. It’s your opportunity to hear myself and Ed try and give you a steer on designing your cloud and to get to deployment safely whilst growing the frameworks around Cloud management.

We talk ManageIQ/Cloudforms, how audit and logging is essential, OpenStack and Ceilometer, Heat etc etc. How you should engage with a Cloud provider or upstream vendor.

This is one of those difficult conversations which you rarely hear and that is designed to get you to a point where Open Hybrid Cloud can become a reality. We don’t always agree but between the two of us we try to get you to a point where you are armed to safely and securely start designing and consuming Cloud compute capacity.

 Download the podcast in MP3 format here – or alternatively browse the RSS.

Podcast: Max Cooter of CloudPro talks sense

I’m joined on the podcast today by Max Cooter who is editor of CloudPro Magazine for a remotely recorded podcast, Max in Sussex me in windy wet Wiltshire for a podcast I’ve been meaning to record for some time but last time we tried we couldn’t get diaries to sync. Technology allows us to do next best thing other the ether and this is the result we recorded yesterday. We originally aimed to record 8-10 minutes but the discussion got deeper and we ended up putting a lot of things on the table that are vitally important to decision makers and to cloud in general.

I let the session run and listening back when I was mixing the session in the early hours of this morning I am glad I did because here you have a podcast that might just make people start making notes and thinking about their own plans and provisioning and thinking about the structure of their ambitions in Cloud.

Max is a heavyweight, he talks Cloud for a living but gets to see a lot of the actual cloud metrics and deployments across the entire industry so is more “clued up” than most analysts due to exposure. We’ve worked together on a Dell Think Tank before and we were both out at GigaOM Structure in Amsterdam last year (Max is pictured above on the left during one of the fireside chat sessions).

We talk governance, regulation, security, privacy, PRISM fallout for Cloud, we talk Red Hat Certified Cloud Provider Programme, service providers and the need for conformity, PaaS and OpenShift. CTO and CIO pressures in the datacentre – theres a whole wealth of stuff going on.

Do take time out to listen and come back next week where I have a podcast with Tim Kramer my colleague of way way too many years talking OpenSCAP, Cloud Security, OpenShift and the Cloud Security Alliance. Don’t miss it we’re going to make some people sit up.

 

Download the podcast here in MP3 format only

I’ve been busy – Red Hat Summit 2013

The last ten days have seen me camped out in Boston in the US at Red Hat Summit recording, mastering and publishing fourteen podcasts during Red Hat Summit. Usually I do one a week so to get fourteen recorded and out there on iTunes, Stitcher and a dedicated smartphone app for all platforms was tiring to say the least.

So for those of you wondering why there hadn’t been a Cloud Evangelist podcast last week, go listen to the shows I made available to you on the Red Hat Official Podcast page from Summit by clicking here.

Podcasts on OpenShift, OpenStack, Gluster, RHEV, IBM PowerLinux, ARM and Hyperscale, identity management in the Cloud, SELinux (with Dan himself). We talk NetApp and oVirt with Jon Benedict once more and we have a lot of fun along the way.

Fourteen shows you can’t miss out on with over 10,000 listeners to date – go listen.

Podcast: Let’s talk KVM – Steve Higashi

So recently I sat down with a good friend Mr Steve Higashi, possibly my favourite Canadian who actually lives in Austria. He works for OnApp a company I rate highly and we’ve been threatening to do this recording for nearly two years and when he was in London the other week we sat down and talked KVM.

Steve loves Cloud, he’s a righteous dude when it comes to getting down and deep in the weeds talking to customers about engineering goodness. We touch on CloudForms 2.0, Red Hat OpenStack, OpenKVM, the Red Hat stack etc . We try to put some clarity around the whole KVM vs Xen vs proprietary alternatives and to do it in an easy to listen / easy to consume show for you guys to listen to.

Hope you enjoy it, come back later in the week for a great show with Brian Stevens, CTO of Red Hat.

Download the podcast here in MP3 format only

Podcast: Cloud Security Special

Todays podcast is a must for anyone in Cloud who needs to understand high level security. I’m joined over the ether to my studio in Bath in the UK by Gunnar Hellekson and David Egts. We’re talking access controls, SELinux, sVirt, hardening, security in Government and how we engage in Cloud, security and KVM, Common Criteria – the whole works.

We talk RHEV, RHEL, OpenShift, CloudForms, ManageIQ, auditing, logging, hardening, security – learn how Red Hat secure the important enterprise, Government and industry platforms – allowing our customers to sleep easy.

You cannot afford to miss this weeks show !

Gunnar is the Chief Technology Strategist in Red Hat’s US Public Sector team, trusted by government and the military alike and David is one of our Principal Architects at Red Hat. They both “live eat breathe” security so this podcast is three of us who are very passionate about the topic.

And folks theres more, if you liked this podcast tune in to the first few episodes of Dave and Gunnar’s new podcast – the appropriately named Dave and Gunnar show which you can listen to by following this link directly. I totally recommend it, great listening. I’ve been working with them over the last few months recommending kit and I really think this is a show you should be listening to on a regular basis. Gunnar and Dave have taken a totally different spin on podcasting that Rhys Oxenham and I have been planning since November to do monthly that I bought the kit to do – but we haven’t had the time to do. Since Christmas we’ve been set up to make the changes I keep mooting, and this will happen.

It’s so nice to be back in the studio able to control the level of audio again, seems like an age since I was sat at a mixing desk recording this stuff. Listening to this podcast you wouldn’t think that David was in Ohio, Gunnar in Houston, Texas and me the other side of the pond, and all recorded produced and released using Fedora – no Mac’s here folks.

Come back soon for some great podcast content and if you haven’t yet subscribed via iTunes or my RSS feed simply follow the menu bar above to get the links you need. Come back next week for some more great content.

 Download the podcast here in MP3 format only

Podcast: John Mark Walker – Mr Gluster

This is a totally kickass podcast. If you don’t download and listen you’re missing a trick.

John Mark and I sat down and talked Gluster 3.4, Cloud, virtualisation, Samba, storage, community – putting the world to rights with a microphone.

Now heres why you should NOT miss this podcast, this is two old men of Open Source who have been doing this for about as long as the term Open Source has been coined. Every podcast we do gets thousands of downloads and always gets favourable re-tweets. We have a LOT of fun whenever we record together and I am sure this comes across with the intensity of the discussions that we then lay down for broadcast.

John Mark and I are the two original “Grumpy Old Men” of the Linux community who are both equally passionate about the cause and the entire success of the Open Source movement. This is a slightly longer podcast than we’d usually release however it’s also one of the most important I’ve broadcast.

Remember if you listen via iTunes or Stitcher – SUBSCRIBE – if you like the podcast – tell people, tweet it, spread the word. I record this stuff for you and I know judging by the feedback and the download figures that the message IS getting out.

Download and listen now. Hope the enjoyment we had recording this comes across and is both informative as well putting a smile on the face of even the most earnest techie / geek.

Download the podcast here in MP3 format only

Solving EU privacy issues with CloudForms

Over the last two and a half years it’s become clearer that despite best efforts there has been a bottleneck in the European Union’s ability to leverage their influence in development of new methodologies of increasing technology consumption or investment in EU cloud.

The clue to the problem lies very much in the lack of credible underlying support that surrounds the European Commissions cloud strategy that emerged in September 2012 that I’ve talked about here before. Their stated aims to increase the spread and adoption of Cloud Computing in EU states were slated to generate about €900bn of generated revenue and a speculative figure of an additional increase in headcount in IT related services by 3.8 million new hires. I’ve read the report in detail and it still makes no sense and just seems to be a finger in the wind (like many analyst reports we all read daily) as to them “taking the temperature of the industry as a whole.”

Maybe it was to buy more time until their slated 2014 time window when the assumption is that the common EU data protection regulations will be outlined. These will replace sovereign data protection acts such as that we take for granted in the UK and to understand the thinking of how that impacts on Cloud.

If we examine how that impacts, say on a company like Amazon, purely as an example, they currently have to implement working practices for AWS in the EU where applicable in contract terms for sovereign customers. These practices have to follow to the letter the data protection acts in France, Germany, Ireland, the UK etc. All those actual data protection acts can be see to be following a skeleton or outline of actual data protection directives issued by the EU but each with their own specific tailored requirements around statute in applicable sovereign territories. So currently it’s hard work for any provider of services to offer a blanket one size fits all across the EU, and the cost of sales and architecture is therefore increased as is cost of adoption for consumption of elastic services generically across multiple territories.

So the hope is we can look forward to 2014 expecting a unified approach to data protection and therefore investment and adoption of catalogue cloud services as an industry. There is no denying that if you have that territorial harmonisation of regulation across the EU it will make it easier for corporations and organisations to build compliance frameworks but also if we were to turn that on it’s head it will create a new raft of operational requirements.

Each member state will have to take on board their individual responsibilities for the legal statute required to make it work and that means additional challenges in Sweden, Germany, Spain and especially France. The workload alone on the part of data controllers facing new responsibilities are going to dramatically increase as well as the definition and creation of procedures and controls. The need to understand how to fit within a new skeleton regulation framework for the management of data privacy then needs to also fold in the needs to handle reporting. We now move to a theoretical world post 2014 where an organisation needs to file compulsory data breach notifications immediately at identification of a data loss or hack.

This all impacts on the lifecycle of cloud services and repudiation of data within contractual periods across multiple territories and potentially multiple providers in open hybrid cloud. This is one of the great facets of ManageIQ capabilities to tag and to “patrol” your complete Cloud fabric in order for you to be able to conform out the box today with responsibilities as a data controller or processor. CloudForms handles Cloud. It doesn’t matter whether thats defined as a public cloud sitting on a provider presence or a private cloud sat in your datacentre. If you’re serious about Cloud you need to have CloudForms in your corner.

An example of this, if for example you have a private cloud the new EU guidance adjudges you to be the processor responsible for data and in most EU states the controller as well and it becomes entirely your position of authority to control the access and protection to that data.

When you start moving those workloads and data upstream to a supplier such as a Red Hat Certified Cloud Provider partner the guidance is clear. The onus is on you the individual to examine at contract and actual practice level that your provider has both the security in place to protect you, but that isn’t enough. You need to be able to do more than just assume a contract keeps you safe without taking on the need for expensive audit procedures and a huge raft of risk registers and rolling pentests / conformance exercises with an often unwilling third party provider who assumes you were happy at the SLA level.

CloudForms combined with ManageIQ give you a single pane capability and the context tagging and reporting doesn’t actually care where your instance is running, be it on a raft of providers on ESX or KVM regardless of location, it just reports and keeps your cloud in line with your controls. It actually draws you in line with the EU regulations ahead of time.

So when the EU regulatory guidance actually becomes more than lipstick on a pig you can look smugly and realise that having implemented CloudForms and MiQ you were ahead of the game, and your business not impacted either by additional regulatory need and complex guidance having a negative impact on your growth.

Expect to read more about CloudForms in the coming weeks and months, for more information engage with your local Red Hat country representative.

Podcast: John Hardy talks ManageIQ

After being disrupted by the snowstorms in the UK John and I finally met up and recorded this podcast at the Red Hat offices in Farnborough here in the UK. This is what fell out of that session, hope it’s helpful and gives more context technical details around what ManageIQ brings to Red Hat.

It’s already available on Apple iTunes (download the Podcast client from the Apple Store), Podfeed.net and will be synced with Stitcher Internet Radio very shortly as they update their RSS feeds.

Come back more next week I’m going to be releasing a podcast on Wednesday / Thursday this week and then recording a lot of content at FOSDEM in Brussels weekend of 2nd/3rd February. If you’re going come say hi – who knows you could end up on a podcast !

 Download the podcast here in MP3 format only

Cloud – Intelligent Cloud Management

There have been a multitude of articles appearing in recent weeks around analyst perception of Public and Private Clouds delivering less than coherent controls around ensuring the compliance of their customers. Whilst I can agree with many of the editorial stances taken by seasoned hacks and journalists there needs to be a rethink around how enterprise CIO level thought leaders are armed to enable them to adopt Cloud technologies, whilst retaining balance and assurance around conformance and compliancy.

Governance aligned to a Cloud lifecycle model and a living breathing risk register is one thing but hopefully reading this article can help you develop another strategy and open discussions in how Red Hat can enable your aspirations around Open Hybrid Cloud.

Virtualisation and Cloud by their very nature create compliance issues and challenges never more so in remote virtual environments. Access control issues, the constant need to maintain your network with the challenges of change control and network reconfigurations. The demands of having to document and understand shared infrastuctures and to tear up and tear down virtual machines all bring with them challenges around compliancy. This article is designed to help you show a path towards better compliance and better ways to enhance Cloud onramp and adoption using Red Hat Open Hybrid Cloud.

Keeping auditors happy whilst also being able to deliver business as usual computing is a given, how you actually deliver that in an always on elastic hybrid cloud environment can therefore be a quandry that will have obvious challenges in operational IT normality married to a non-liberal but dynamic focus on Cloud service adoption. If you accept that Cloud is skirting around the traditional framework of the computing norm which in it’s hybrid form adds a new complexity with layers of public and private clouds. Add the very real demands of applications running across two heterogeneous platforms and shake. Cloud cocktail and you’ve got to manage it.

Ever changing governance landscape

Last Thursday saw the release of the long awaited HIPAA Privacy, Security, Enforcement and Breach Rules. Short, concise and just short of six hundred words that for once actually give concise guidance and define your framework (if affected by HIPAA) of how you as an entity are able to adopt services that impact on hybrid elastic adoption of services such as Cloud storage or ability to burst out your Private Cloud to a Public Cloud. Very little grey area which is what we have been crying out for from a guidance perspective for too long.

It also is a major boost for Open Hybrid Cloud for those affected by HIPAA. This article isn’t aligned solely to HIPAA and will concentrate on governance of all types affecting Cloud. However, it will let you get under the hood, and understand why working with Red Hat Open Hybrid Cloud technologies can sometimes be the differentiator in working out your next move to Cloud.

So when you’re looking to work with a HIPAA certified Cloud Platform Provider this latest release at least allows you to be better educated to make a judgement call and to have necessary contractual conversations where required. You’d hope.

A lot of the self certified providers as I pointed out will now be poring over their service level agreements and architectures with a fine tooth comb given that the latest guidance actually means that they are going to have to take apart – Lego style – the most fundamental tenents of their Clouds. For existing customers who have signed up to HIPAA compliant Cloud providers for Hybrid service consumption or upstream elasticity I have a suggestion for you and it’s a call to arms that should not be dismissed lightly.

In May Gartner published a report stating that most enterprises (45%) would be moving to a hybrid cloud adoption model by 2015. Thats a lot of businesses if you align yourself with Gartner’s research, and in the same report 50% of the businesses questioned had no formal guidance or compliance wrappers in place or defined processes as to how they would get to Cloud.

So it’s at this point we type a simple query into your favourite search engine of choice for HIPAA compliant cloud and you get a multitude of Cloud providers pop up who look to have been offering “HIPAA Compliant Clouds” for some time. On the back of last Thursday’s report you have to wonder how many legal eagles they have working for them to allow them to actually either backtrack or to redesign their services whilst not diluting their profit margins given they’re now having to re-architecture their platforms.

So why does using Open Hybrid Cloud allow you to get to governance compliance faster and more efficiently ? To understand that we need to understand that the very nature of what we do at Red Hat to enable and arm enterprise customers to get to Cloud is based on transparency and importantly flexibility built on supported Open Source technologies. In previous lives the sprinkling of the term “transparency” and “Open Source” in an article discussing governance types and critical workloads might have been seen as tricky to embrace but it’s 2013, enterprise adoption of Linux and especially supported certified Red Hat Linux has never been greater. And saying nothing isn’t an option. Understanding service, understanding Cloud service catalogues and how we deliver technology in Cloud – it’s never been more important. Integration across platforms and factor in the need for analytics and understanding how we do stuff better and on the fly. It’s a huge amount of pressure for management and we consider that we have a credible story to tell you.

Customers whether internal or external want more bang for their buck. Developers in the enterprise have long since migrated to using Open platforms for the creation of platforms and applications. Those Open platforms be they Java, Node.JS, PHP, Python, Ruby etc are the building blocks of Cloud. Fundamental shift in agile methodologies have made the ownership of platforms and applications easier in one respect. But viewed from the cheap seats you could argue that faster frameworks of growth have also placed new pressures on IT governance and the aligned related pressures that the IT director / CIO / CTO now that he has had to migrate accepted old school ways of working. Highly dynamic, intelligent elastic architectures need to be managed better and that what you have now in the marketplace which is at its best virtualisation management tools. We need to be brighter and more articulate and we need to be able to do it openly.

Apps and agility driving demand for Cloud consumable services

Our adventures with the launch of OpenShift Online and now the release of OpenShift Enterprise has given us a massive boost from a research perspective in that we are able to see at a granular grassroots perspective just how agile development in Cloud actually is. The speed at which new applications are developed and launched, what languages and cartridges are utilised in their makeup and also how behaviour is driven across the Cloud developer community. There is a culture shift going on and if you read Venturebeat, or Infoworld or some of the great thought leadership pieces coming out of Burton, Gartner or the CIOForum then you’ll already be up to speed as to how they view cloud application development as critical to the mass being given as companies see Cloud as the most critical business decision they’ll make in the next three years.

If we remember how ubiquitous VB was in every enterprise a decade ago and then you explore the culture shift away from those more entrenched environments to open technologies you see two new pressures.

1) the CIO all of a sudden has to accept that if he/she wants fast agile applications that the new world ways of working of using Ruby/Python/Java/MongoDB/NoSQL etc are here to stay. Adoption of these fast moving environments bring new release cycles and patching demands. Those are then imposed and need to be understood as part of Cloud lifecycle management as you move through application development business as usual strategies.

2) that we’ve moved away from a culture of a box of CDs arriving from Microsoft every quarter with the latest greatest version of Visual Studio or MSDN, that the average developer manages his or her own development workstation (unless you’re switched on and you’ve adopted a corporate flexibility around JBoss Developer Studio like the big guns). That the pressures of having an army of developers with their IDE of choice and their own GitHub account hasn’t yet factored into your Cloud thinking.

These two critical factors should be a driver enforcing you to ask a question. “How do I get to Cloud and manage my risk appetite aligned with our ambition and needs ?”. How do I unify this as we move away from earlier more static environments and how do I do this without slowing down my developers and encroaching on my ability to deliver Cloud ?

You first enlist the help of the most critical part of your infrastructure, not your servers or switches, not the SLA you signed with Verizon or AT&T but your largest single investment as an organisation. Your team. The body of passionate developers and architects who are the vehicle driving your ambition for your Cloud story. And if they’re developing using Open tools, relying on Open methodologies for getting their source trees and their coding efforts to deliver your companies life breath for application development. Whether your choice of hypervisor is KVM, Xen, HyperV or VMWare the raw ingredients of your Cloud remain the output of your teams harnessed efforts so listen to them and whilst paying attention start to think out the steps needed in your planning for your processes.

But beware. Your team is creative and dynamic but potentially they’re also your biggest challenge as your role as CIO changes with Cloud’s new demands. Especially in an Open Hybrid Cloud. Technology advancements, modifications and changes in development environments and platforms all need to be reflected into a management platform flexible enough to help you get to the audit mark.

So How Can Red Hat help us achieve Cloud Governance ?

With the acquisition of ManageIQ Red Hat have added to our stable a new suit of armour – a new strength. That of management, reporting, inspection, audit, utilisation and trend analysis and orchestration. These are seven specific core requirements for any CIO that wants to get to Cloud safely and securely. The ability to deploy introspection across your Cloud landscape without the need for agents, even into existing virtualised deployments gives you an immediate perspective on what you own, and how you start to analyse and grow your Cloud deployment getting the most out of your investment – whilst being able to meet governance regimes.

Learning and reporting what your Cloud is doing, having a single pane environment to understand your playground is both attractive and allows you to do proper intelligent management reporting at a granular and operational level. Hugely beneficial. Having those datastore alerts and to be able to have a ruleset to allow to you to get the information you need instantly. It’s a very valuable proposition.

It’s a great fit with RHEV where ManageIQ has already demonstrated success in interworking with its September 2012 release, and it gives added credibility to CloudForms from an IaaS perspective especially around brokering across multiple heterogenous environments and hypervisor types. Fact that both ManageIQ and CloudForms are both developed in Ruby on Rails also helps further integration even more from a codebase perspective !

The ability to now be able to have a manageable approach towards being able to enforce security and compliance policies, to have a granular yet tough approach to document and control your configuration policies. Tie that into a world class resource allocation policy engine and you have control over drift management, storage, memory and CPU consumption in a single pane easy to understand and fast reactive interface.

Open Hybrid Cloud management working with Red Hat has now never before become more attractive to the savvy CIO wanting to get to Cloud safely and securely. All of IDC, Gartner and Forrester’s uptake concerns for Cloud adoption settled in one easy to acquire technology.

How can I find out more ?

Today I am recording a podcast with John Hardy of ManageIQ that we will bring to you shortly, we’d have done it last week but the snowstorms that hit the UK de-railed us – apologies.

I’d also like to point you at yesterdays webcast recorded yesterday that is well worth watching. Bryan Che my boss, Joe Fitzgerald the co-founder of ManageIQ, Mary Johnston Turner from IDC, and Chris Russell representing a major financial services customer of ManageIQ. It’s around an hour long and you’ll need to register to view it. There IS a bug in the registration page enforcing you to select a state if you’re outside the US – apologies, just choose a state and you’ll get straight in

You can register and view the webcast here

The webcast IS important as it gives some great credible reporting on industry data from Mary Johnston Turner of IDC that highlights some real perceived issues in Cloud that we’re enabling change to solve by Red Hat’s dovetailing of ManageIQ into our offerings.