Bryan Che who leads the technology team in the Cloud BU at Red Hat recorded a great podcast talking ManageIQ in the same vein that I did with John Hardy earlier in the year. Appearing on the DABCC show, the first in a series of podcasts with some of our technology team across the entire stack Bryan talks about why we acquired ManageIQ and what this means from a practical application perspective.
There have been a multitude of articles appearing in recent weeks around analyst perception of Public and Private Clouds delivering less than coherent controls around ensuring the compliance of their customers. Whilst I can agree with many of the editorial stances taken by seasoned hacks and journalists there needs to be a rethink around how enterprise CIO level thought leaders are armed to enable them to adopt Cloud technologies, whilst retaining balance and assurance around conformance and compliancy.
Governance aligned to a Cloud lifecycle model and a living breathing risk register is one thing but hopefully reading this article can help you develop another strategy and open discussions in how Red Hat can enable your aspirations around Open Hybrid Cloud.
Virtualisation and Cloud by their very nature create compliance issues and challenges never more so in remote virtual environments. Access control issues, the constant need to maintain your network with the challenges of change control and network reconfigurations. The demands of having to document and understand shared infrastuctures and to tear up and tear down virtual machines all bring with them challenges around compliancy. This article is designed to help you show a path towards better compliance and better ways to enhance Cloud onramp and adoption using Red Hat Open Hybrid Cloud.
Keeping auditors happy whilst also being able to deliver business as usual computing is a given, how you actually deliver that in an always on elastic hybrid cloud environment can therefore be a quandry that will have obvious challenges in operational IT normality married to a non-liberal but dynamic focus on Cloud service adoption. If you accept that Cloud is skirting around the traditional framework of the computing norm which in it’s hybrid form adds a new complexity with layers of public and private clouds. Add the very real demands of applications running across two heterogeneous platforms and shake. Cloud cocktail and you’ve got to manage it.
Ever changing governance landscape
Last Thursday saw the release of the long awaited HIPAA Privacy, Security, Enforcement and Breach Rules. Short, concise and just short of six hundred words that for once actually give concise guidance and define your framework (if affected by HIPAA) of how you as an entity are able to adopt services that impact on hybrid elastic adoption of services such as Cloud storage or ability to burst out your Private Cloud to a Public Cloud. Very little grey area which is what we have been crying out for from a guidance perspective for too long.
It also is a major boost for Open Hybrid Cloud for those affected by HIPAA. This article isn’t aligned solely to HIPAA and will concentrate on governance of all types affecting Cloud. However, it will let you get under the hood, and understand why working with Red Hat Open Hybrid Cloud technologies can sometimes be the differentiator in working out your next move to Cloud.
So when you’re looking to work with a HIPAA certified Cloud Platform Provider this latest release at least allows you to be better educated to make a judgement call and to have necessary contractual conversations where required. You’d hope.
A lot of the self certified providers as I pointed out will now be poring over their service level agreements and architectures with a fine tooth comb given that the latest guidance actually means that they are going to have to take apart – Lego style – the most fundamental tenents of their Clouds. For existing customers who have signed up to HIPAA compliant Cloud providers for Hybrid service consumption or upstream elasticity I have a suggestion for you and it’s a call to arms that should not be dismissed lightly.
In May Gartner published a report stating that most enterprises (45%) would be moving to a hybrid cloud adoption model by 2015. Thats a lot of businesses if you align yourself with Gartner’s research, and in the same report 50% of the businesses questioned had no formal guidance or compliance wrappers in place or defined processes as to how they would get to Cloud.
So it’s at this point we type a simple query into your favourite search engine of choice for HIPAA compliant cloud and you get a multitude of Cloud providers pop up who look to have been offering “HIPAA Compliant Clouds” for some time. On the back of last Thursday’s report you have to wonder how many legal eagles they have working for them to allow them to actually either backtrack or to redesign their services whilst not diluting their profit margins given they’re now having to re-architecture their platforms.
So why does using Open Hybrid Cloud allow you to get to governance compliance faster and more efficiently ? To understand that we need to understand that the very nature of what we do at Red Hat to enable and arm enterprise customers to get to Cloud is based on transparency and importantly flexibility built on supported Open Source technologies. In previous lives the sprinkling of the term “transparency” and “Open Source” in an article discussing governance types and critical workloads might have been seen as tricky to embrace but it’s 2013, enterprise adoption of Linux and especially supported certified Red Hat Linux has never been greater. And saying nothing isn’t an option. Understanding service, understanding Cloud service catalogues and how we deliver technology in Cloud – it’s never been more important. Integration across platforms and factor in the need for analytics and understanding how we do stuff better and on the fly. It’s a huge amount of pressure for management and we consider that we have a credible story to tell you.
Customers whether internal or external want more bang for their buck. Developers in the enterprise have long since migrated to using Open platforms for the creation of platforms and applications. Those Open platforms be they Java, Node.JS, PHP, Python, Ruby etc are the building blocks of Cloud. Fundamental shift in agile methodologies have made the ownership of platforms and applications easier in one respect. But viewed from the cheap seats you could argue that faster frameworks of growth have also placed new pressures on IT governance and the aligned related pressures that the IT director / CIO / CTO now that he has had to migrate accepted old school ways of working. Highly dynamic, intelligent elastic architectures need to be managed better and that what you have now in the marketplace which is at its best virtualisation management tools. We need to be brighter and more articulate and we need to be able to do it openly.
Apps and agility driving demand for Cloud consumable services
Our adventures with the launch of OpenShift Online and now the release of OpenShift Enterprise has given us a massive boost from a research perspective in that we are able to see at a granular grassroots perspective just how agile development in Cloud actually is. The speed at which new applications are developed and launched, what languages and cartridges are utilised in their makeup and also how behaviour is driven across the Cloud developer community. There is a culture shift going on and if you read Venturebeat, or Infoworld or some of the great thought leadership pieces coming out of Burton, Gartner or the CIOForum then you’ll already be up to speed as to how they view cloud application development as critical to the mass being given as companies see Cloud as the most critical business decision they’ll make in the next three years.
If we remember how ubiquitous VB was in every enterprise a decade ago and then you explore the culture shift away from those more entrenched environments to open technologies you see two new pressures.
1) the CIO all of a sudden has to accept that if he/she wants fast agile applications that the new world ways of working of using Ruby/Python/Java/MongoDB/NoSQL etc are here to stay. Adoption of these fast moving environments bring new release cycles and patching demands. Those are then imposed and need to be understood as part of Cloud lifecycle management as you move through application development business as usual strategies.
2) that we’ve moved away from a culture of a box of CDs arriving from Microsoft every quarter with the latest greatest version of Visual Studio or MSDN, that the average developer manages his or her own development workstation (unless you’re switched on and you’ve adopted a corporate flexibility around JBoss Developer Studio like the big guns). That the pressures of having an army of developers with their IDE of choice and their own GitHub account hasn’t yet factored into your Cloud thinking.
These two critical factors should be a driver enforcing you to ask a question. “How do I get to Cloud and manage my risk appetite aligned with our ambition and needs ?”. How do I unify this as we move away from earlier more static environments and how do I do this without slowing down my developers and encroaching on my ability to deliver Cloud ?
You first enlist the help of the most critical part of your infrastructure, not your servers or switches, not the SLA you signed with Verizon or AT&T but your largest single investment as an organisation. Your team. The body of passionate developers and architects who are the vehicle driving your ambition for your Cloud story. And if they’re developing using Open tools, relying on Open methodologies for getting their source trees and their coding efforts to deliver your companies life breath for application development. Whether your choice of hypervisor is KVM, Xen, HyperV or VMWare the raw ingredients of your Cloud remain the output of your teams harnessed efforts so listen to them and whilst paying attention start to think out the steps needed in your planning for your processes.
But beware. Your team is creative and dynamic but potentially they’re also your biggest challenge as your role as CIO changes with Cloud’s new demands. Especially in an Open Hybrid Cloud. Technology advancements, modifications and changes in development environments and platforms all need to be reflected into a management platform flexible enough to help you get to the audit mark.
So How Can Red Hat help us achieve Cloud Governance ?
With the acquisition of ManageIQ Red Hat have added to our stable a new suit of armour – a new strength. That of management, reporting, inspection, audit, utilisation and trend analysis and orchestration. These are seven specific core requirements for any CIO that wants to get to Cloud safely and securely. The ability to deploy introspection across your Cloud landscape without the need for agents, even into existing virtualised deployments gives you an immediate perspective on what you own, and how you start to analyse and grow your Cloud deployment getting the most out of your investment – whilst being able to meet governance regimes.
Learning and reporting what your Cloud is doing, having a single pane environment to understand your playground is both attractive and allows you to do proper intelligent management reporting at a granular and operational level. Hugely beneficial. Having those datastore alerts and to be able to have a ruleset to allow to you to get the information you need instantly. It’s a very valuable proposition.
It’s a great fit with RHEV where ManageIQ has already demonstrated success in interworking with its September 2012 release, and it gives added credibility to CloudForms from an IaaS perspective especially around brokering across multiple heterogenous environments and hypervisor types. Fact that both ManageIQ and CloudForms are both developed in Ruby on Rails also helps further integration even more from a codebase perspective !
The ability to now be able to have a manageable approach towards being able to enforce security and compliance policies, to have a granular yet tough approach to document and control your configuration policies. Tie that into a world class resource allocation policy engine and you have control over drift management, storage, memory and CPU consumption in a single pane easy to understand and fast reactive interface.
Open Hybrid Cloud management working with Red Hat has now never before become more attractive to the savvy CIO wanting to get to Cloud safely and securely. All of IDC, Gartner and Forrester’s uptake concerns for Cloud adoption settled in one easy to acquire technology.
How can I find out more ?
Today I am recording a podcast with John Hardy of ManageIQ that we will bring to you shortly, we’d have done it last week but the snowstorms that hit the UK de-railed us – apologies.
I’d also like to point you at yesterdays webcast recorded yesterday that is well worth watching. Bryan Che my boss, Joe Fitzgerald the co-founder of ManageIQ, Mary Johnston Turner from IDC, and Chris Russell representing a major financial services customer of ManageIQ. It’s around an hour long and you’ll need to register to view it. There IS a bug in the registration page enforcing you to select a state if you’re outside the US – apologies, just choose a state and you’ll get straight in
The webcast IS important as it gives some great credible reporting on industry data from Mary Johnston Turner of IDC that highlights some real perceived issues in Cloud that we’re enabling change to solve by Red Hat’s dovetailing of ManageIQ into our offerings.
There is no doubting the fact that as a lot of enterprise organisations and institutions who have for many years been wholly reliant on silo led computing platform architecture feel a little overwhelmed (or underwhelmed in some parts) by Cloud. Cloud the buzzword de jour, the spin. The undefined re-invention of IT. I see it a lot, and I hear it more. There seems to be this “Tough Love” battle of hearts and minds where the positioning of new IT enablement and design becomes more than technology refresh or even attrition to a position where Cloud becomes just part of the paradigm shift to doing more with less, or getting more for your dollar as you plan and procure your IT spend. It could even, if you outsource some of your current IT mean you spend less with your incumbent provider as you are able to identify and skill requirements and platforms internally with the people who understand your business the best – your current staff rather than hired consultants at arms length.
Cloud will, be under no illusion, also make those service providers and industry service providers increase profitability by being able to create elastic easily consumable cloud services that become stock catalogue items that sell themselves without sales people needing to push the hard sell. If that provider has the right services they become an asset and a building brick for growth – providing people want them. Where demand is met with intelligent solutions in Cloud there is a marriage made in heaven.
Last year, before I transitioned into this role as one of two Red Hat “Cloud Evangelists” I worked alongside the EMEA sales team in Cloud as their technical solutions architect helping providers stand up Red Hat platforms for customers to burst out to or to bring enterprise workloads too. It was enlightening because here was a software and services company working with the provider channel to build context extensibility into providers rather than just providing an OS or middleware capability. Real world business engineering (or re-engineering if you’d prefer to view it in that context) for both provider and enterprise customer alike to build a two way Open non-vendor locked in example of how we envisage those longterm hybrid and public workloads transitioning to Cloud. And then on the back of it building the provisioning and engagement model to assist customers to be able to just slot in as and when they felt the demand and push to do so. Getting over the “tough love” argument by making Cloud business as usual and easy to consume for both consumer of services – and the provider.
Tough Love – The Provider Angle
Service provision at any tier you can define as being able to take a blended approach of solutions and services that customers want or need to be able to contract. With Cloud it’s been hard for the service tier. A massive over emphasis on the hypervisor, on the provisioning and management and the self service element of the equation has left many now with an expensive overhead in the form of the ongoing licencing costs and ownership costs of proprietary technologies and layered or tiered infrastructures. Ken Hess and Jason Perlow of ZDNet explored this when discussing HyperV vs VMWare and there are a lot of other analysts who are now realising that at some point you are left in a position where that most basic cost of Cloud in the public or hybrid tier has to be passed on in the form of the contractual cost to the customer.
They are also missing a point. It’s not just about the provision of Cloud it’s about what you need to do with it when you get there as a customer, your development and deployment of architectures and infrastructures, your hidden ownership charges and your management layer on top. It would be great, and overdue somewhat for the likes of GigaOM, Gartner and Forrester whose advice and guidance is read and given credence by many to now start thinking out the box and do more than just tickle Cloud ownership. There isn’t one credible ongoing analyst piece around the service provider tier and frankly when I talk to people (people being customers and decision makers) the positioning of left and right mystical fluffy quadrants needs to align itself to physically adaptable IT planning and positioning not just thought leadership and marketing budgets.
For service providers building Open infrastructures on KVM and in the past on Xen (although we now see KVM as the de-facto standard) and who understand the need to use open components such as CloudForms and OpenShift into the mix they are at a major advantage. They are better armed to be able to offer customers a customisable onramp to Cloud adoption at a pace that meets the appetite of sceptical CIOs but also that then reacts accordingly when the consumption and demand for services from that fledgling customer increases at speed. The ability for providers to have that flexibility and capability with the likes of Red Hat at a engineering level, matched and married to a software stack capability across storage, the hypervisor (RHEV KVM), the secure capabilities afforded by SELinux and sVirt, Middleware OpenJRE power in the form of JBoss, Gluster giving them the unstructured kick ass big data story and then wrap it up with their own ability to ride on the back of CloudForms (and DeltaCloud by association) means an immediate IaaS capability. Then as the customers who are already smart enough to be using OpenShift Origin to build out their sandpit PaaS test capability or to have used OpenShift on AWS start to demand hosted PaaS for that provider to be able to do so with applomb.
Bolt on capability = revenue, the providers who think out the box attract and retain customers longer and become an essential part of the foodchain of Cloud.
Tough Love – The Enterprise / Institutional Customer
It’s hard enough sometimes to run an enterprise environment at the best of times. The driving factors that push and promote the need for ever increasing attention to the needs of customers and consumers of your platforms and architecture are only beaten by the fact that from an accountancy perspective there is little to no elasticity in budgets that need to match or at least demonstrate an affinity for ambitions around elastic cloud. Now add on a new found skill as CIO. Contract negotiation at the most granular level. Signing an SLA is only made easier when you know what signing the solution with your Cloud Provider when you know 1) what you are signing up to 2) if you know what the problem is that you’re trying to solve by engaging with the provider.
Bryan Che of Red Hat writes brilliantly about his“2nd Tenet of Evaluating Products – You Have to Know What Problem You Want To Solve”. If it’s the only thing you click on in this article then I recommend you do so as it’s both thought provoking and influential in it’s steering as a guidance piece. Bryan correctly argues that the comparison of two given cloud products or services are aligned to understanding the problem that the consumption or procurement of that service will deliver. You can’t evaulate until that argument is understood and examined.
When we talk about Open Cloud it’s an understanding that to succeed and get the best out of the utilisation of compute capability in a manner that affords an enterprise something very clear. Independent, capable, assured performance married with a commitment to a flexible future as you grow.
An open provider who demonstrates that the tough love in Cloud is part of their problem, not yours, is the one who can give you the flexibility and the core belief to get to the start line (never mind the finish line). The good news is the smartest way to achieve that goal is for that provider to base his platform capabilities on Red Hat Cloud technologies.
It’s not just about the hypervisor and management – if anyone else tells you it is then it’s time to talk to someone who understands the pressures and needs of your expected IT delivery programme. Make sure they’re open, and make sure they use a certified supported open infrastructure married to a upstream that just happens to have millions of pairs of eyes examining its every release and move.
Pays to be open – but genuinely it’s the toughest love and the most responsible you can be when delivering future computing.
Ever looked at that logo for the His Masters Voice – the dog and the phonograph and thought how cool ? I always hated it, there was a reason, I overdosed on it as a child. It was painted by a guy called Francis Barraud who I am related to. I’m blessed with having had two painters in my distant bloodline, both Royal Academy artists. Several logos including Colmans Mustard and Kiwi Cherry boot polish both originated from members of my family who no doubt died penniless having never realised their potential in the first two decades of the twentieth century.
The reason I bring up the HMV dog and gramaphone analogy is that I work in a team led by one of the most technically gifted people I’ve ever had the pleasure to meet, Bryan Che, and tonight whilst I was playing catch up with articles written while I was on leave I happened to read my RSS feeds, noticing Bryan had posted a new article on Cloud.
It’s a doozie. If you don’t go read it you’re going to kick yourself – seriously, I mean it, follow the link below.
I have to up my game, articles like this make me just want to go listen to some Cloud podcasts and firm up the next few articles I want to get out to you. Go read the article !