Podcast – Ed Daniel, ITIL, Audit & Cloud

I am joined on today’s show by Ed Daniel. Bit of a coup. Ed is one of Europes leading OSS evangelists but like me shares a background in process management ITIL, security and enterprise enablement. Ed works for Normation and was in London attending DevOps and I didn’t have to push very hard to get him to sit down in front of my microphones.

This podcast is really for the companies who are thinking about deploying Cloud, who are thinking security hardening, process management, ITIL, PCI-DSS, ISO standardisation, deploying against Cloud Security Alliance or SELinux guidelines. If you’re a service provider too this podcast also helps you. It’s your opportunity to hear myself and Ed try and give you a steer on designing your cloud and to get to deployment safely whilst growing the frameworks around Cloud management.

We talk ManageIQ/Cloudforms, how audit and logging is essential, OpenStack and Ceilometer, Heat etc etc. How you should engage with a Cloud provider or upstream vendor.

This is one of those difficult conversations which you rarely hear and that is designed to get you to a point where Open Hybrid Cloud can become a reality. We don’t always agree but between the two of us we try to get you to a point where you are armed to safely and securely start designing and consuming Cloud compute capacity.

 Download the podcast in MP3 format here – or alternatively browse the RSS.

VMWorld & Gluster London 2013

johnpic
If you’re into Cloud and virtualisation you can’t fail to have noticed that VMWorld is in full flow and heading into it’s final throes at the Moscone Centre in San Francisco. We’ve made several announcements there mainly around OpenStack certification and training and also CloudForms which has been a puller to the booth (come see our team at Booth 522). I recorded a podcast last week with Bryan Che, which is indexed below which talks about CloudForms and VMWorld and I am supplementing it with a show I recorded midweek this week.

In the show I also talk about the London Gluster Community day happening at London SouthBank University on September 10th. I mention in the podcast a link to the Eventbrite registration page which you can find here.  I will be there, podcasting, so you could even end up on a show if you come along. I’ll be doing more podcasts on the event in the run up with John Mark Walker so keep your ears peeled. So far we have the following line up for the day itself.

Gluster Community Day Agenda

10:00am – 10:30am – Snacks, introductions, networking

10:00am – 10:30am – The State of the Gluster Community

10:30am – 11:30am – What’s New in GlusterFS 3.4

11:30am – 12:30pm – Adventures in Cloud Storage – Using GlusterFS and OpenStack
– Udo Seidel, Amadeus

12:30pm – 1:30pm – Lunch (on site)

1:30pm – 2:30pm – GlusterFS for SysAdmins – Tom Llewelyn, Red Hat

2:30pm – 3:30pm – Open

3:30pm – 3:45pm – Break

3:45pm – 4:45pm – Gluster for Developers

4:45pm – 5:00pm – Closing remarks

5:00pm – 6:00pm – Free-as-in-beer happy hour!

Thanks to John Hardy of Red Hat Cloud BU for the photo above which he sent me overnight taken at the booth, showing lots of VMWorld attendees wearing their Red Hat caps. Got to love a bit of skunk marketing.

 

 Download the podcast in MP3 format here – or alternatively browse the RSS or use

Podcast: Let’s talk KVM – Steve Higashi

So recently I sat down with a good friend Mr Steve Higashi, possibly my favourite Canadian who actually lives in Austria. He works for OnApp a company I rate highly and we’ve been threatening to do this recording for nearly two years and when he was in London the other week we sat down and talked KVM.

Steve loves Cloud, he’s a righteous dude when it comes to getting down and deep in the weeds talking to customers about engineering goodness. We touch on CloudForms 2.0, Red Hat OpenStack, OpenKVM, the Red Hat stack etc . We try to put some clarity around the whole KVM vs Xen vs proprietary alternatives and to do it in an easy to listen / easy to consume show for you guys to listen to.

Hope you enjoy it, come back later in the week for a great show with Brian Stevens, CTO of Red Hat.

Download the podcast here in MP3 format only

Podcast: Cloud Security Special

Todays podcast is a must for anyone in Cloud who needs to understand high level security. I’m joined over the ether to my studio in Bath in the UK by Gunnar Hellekson and David Egts. We’re talking access controls, SELinux, sVirt, hardening, security in Government and how we engage in Cloud, security and KVM, Common Criteria – the whole works.

We talk RHEV, RHEL, OpenShift, CloudForms, ManageIQ, auditing, logging, hardening, security – learn how Red Hat secure the important enterprise, Government and industry platforms – allowing our customers to sleep easy.

You cannot afford to miss this weeks show !

Gunnar is the Chief Technology Strategist in Red Hat’s US Public Sector team, trusted by government and the military alike and David is one of our Principal Architects at Red Hat. They both “live eat breathe” security so this podcast is three of us who are very passionate about the topic.

And folks theres more, if you liked this podcast tune in to the first few episodes of Dave and Gunnar’s new podcast – the appropriately named Dave and Gunnar show which you can listen to by following this link directly. I totally recommend it, great listening. I’ve been working with them over the last few months recommending kit and I really think this is a show you should be listening to on a regular basis. Gunnar and Dave have taken a totally different spin on podcasting that Rhys Oxenham and I have been planning since November to do monthly that I bought the kit to do – but we haven’t had the time to do. Since Christmas we’ve been set up to make the changes I keep mooting, and this will happen.

It’s so nice to be back in the studio able to control the level of audio again, seems like an age since I was sat at a mixing desk recording this stuff. Listening to this podcast you wouldn’t think that David was in Ohio, Gunnar in Houston, Texas and me the other side of the pond, and all recorded produced and released using Fedora – no Mac’s here folks.

Come back soon for some great podcast content and if you haven’t yet subscribed via iTunes or my RSS feed simply follow the menu bar above to get the links you need. Come back next week for some more great content.

 Download the podcast here in MP3 format only

Solving EU privacy issues with CloudForms

Over the last two and a half years it’s become clearer that despite best efforts there has been a bottleneck in the European Union’s ability to leverage their influence in development of new methodologies of increasing technology consumption or investment in EU cloud.

The clue to the problem lies very much in the lack of credible underlying support that surrounds the European Commissions cloud strategy that emerged in September 2012 that I’ve talked about here before. Their stated aims to increase the spread and adoption of Cloud Computing in EU states were slated to generate about €900bn of generated revenue and a speculative figure of an additional increase in headcount in IT related services by 3.8 million new hires. I’ve read the report in detail and it still makes no sense and just seems to be a finger in the wind (like many analyst reports we all read daily) as to them “taking the temperature of the industry as a whole.”

Maybe it was to buy more time until their slated 2014 time window when the assumption is that the common EU data protection regulations will be outlined. These will replace sovereign data protection acts such as that we take for granted in the UK and to understand the thinking of how that impacts on Cloud.

If we examine how that impacts, say on a company like Amazon, purely as an example, they currently have to implement working practices for AWS in the EU where applicable in contract terms for sovereign customers. These practices have to follow to the letter the data protection acts in France, Germany, Ireland, the UK etc. All those actual data protection acts can be see to be following a skeleton or outline of actual data protection directives issued by the EU but each with their own specific tailored requirements around statute in applicable sovereign territories. So currently it’s hard work for any provider of services to offer a blanket one size fits all across the EU, and the cost of sales and architecture is therefore increased as is cost of adoption for consumption of elastic services generically across multiple territories.

So the hope is we can look forward to 2014 expecting a unified approach to data protection and therefore investment and adoption of catalogue cloud services as an industry. There is no denying that if you have that territorial harmonisation of regulation across the EU it will make it easier for corporations and organisations to build compliance frameworks but also if we were to turn that on it’s head it will create a new raft of operational requirements.

Each member state will have to take on board their individual responsibilities for the legal statute required to make it work and that means additional challenges in Sweden, Germany, Spain and especially France. The workload alone on the part of data controllers facing new responsibilities are going to dramatically increase as well as the definition and creation of procedures and controls. The need to understand how to fit within a new skeleton regulation framework for the management of data privacy then needs to also fold in the needs to handle reporting. We now move to a theoretical world post 2014 where an organisation needs to file compulsory data breach notifications immediately at identification of a data loss or hack.

This all impacts on the lifecycle of cloud services and repudiation of data within contractual periods across multiple territories and potentially multiple providers in open hybrid cloud. This is one of the great facets of ManageIQ capabilities to tag and to “patrol” your complete Cloud fabric in order for you to be able to conform out the box today with responsibilities as a data controller or processor. CloudForms handles Cloud. It doesn’t matter whether thats defined as a public cloud sitting on a provider presence or a private cloud sat in your datacentre. If you’re serious about Cloud you need to have CloudForms in your corner.

An example of this, if for example you have a private cloud the new EU guidance adjudges you to be the processor responsible for data and in most EU states the controller as well and it becomes entirely your position of authority to control the access and protection to that data.

When you start moving those workloads and data upstream to a supplier such as a Red Hat Certified Cloud Provider partner the guidance is clear. The onus is on you the individual to examine at contract and actual practice level that your provider has both the security in place to protect you, but that isn’t enough. You need to be able to do more than just assume a contract keeps you safe without taking on the need for expensive audit procedures and a huge raft of risk registers and rolling pentests / conformance exercises with an often unwilling third party provider who assumes you were happy at the SLA level.

CloudForms combined with ManageIQ give you a single pane capability and the context tagging and reporting doesn’t actually care where your instance is running, be it on a raft of providers on ESX or KVM regardless of location, it just reports and keeps your cloud in line with your controls. It actually draws you in line with the EU regulations ahead of time.

So when the EU regulatory guidance actually becomes more than lipstick on a pig you can look smugly and realise that having implemented CloudForms and MiQ you were ahead of the game, and your business not impacted either by additional regulatory need and complex guidance having a negative impact on your growth.

Expect to read more about CloudForms in the coming weeks and months, for more information engage with your local Red Hat country representative.

Podcast: Robyn Bergeron talks Fedora

Today’s podcast is with Robyn Bergeron who is of course the Community Project Leader of the Fedora Project, the erstwhile evergreen Linux distribution sponsored by Red Hat.

Last June Robyn and I were in Boston together and I meant to get her in front of one of my microphones to record a podcast but it was the last day of Red Hat Summit and people were packing up and getting ready to disappear all points east and west and it never happened.

So it was a given that the first opportunity I had to record something with her turned into a forty five minute recording I’ve cut down to about 25 minutes or so for this podcast.  We talk Fedora of course, releases, release criteria and etiquette, conventions and community, we talk OpenStack, we talk Aeolus and JBoss and all things technical that make up Fedora’s capabilities as part of upstream RHEL.

Listen carefully and you may even hear John Mark Walker from Gluster.org muscle in on the recording. Do of course download and listen, or subscribe via iTunes, Stitcher Internet Radio, Podfeed or via the RSS using your client of choice.

Download the podcast here in MP3 format only

Podcast – Frederik Bijlsma talks Cloud

I’ve been in Frankfurt, Germany this week with my colleague Frederik Bijlsma working on projects and plans, it therefore gave me a chance to take a mobile recording rig with me and to record a podcast. This is what fell out of that recording session.

We talk Open Hybrid Cloud, approaches to Cloud adoption design and deployment, exploring the Red Hat value proposition and avoiding vendor lock in. We talk about how to engage and to look at the key areas that benefit from Cloud planning, PaaS and IaaS. ManageIQ, CloudForms, OpenShift and also the interconnects to all layers of Cloud management.

Next week you’re spoilt, two podcasts one recorded with James Strachan talking FuseSource, recently acquired by Red Hat and another with Ross Lawley of 10gen talking NoSQL goodness.

Download directly or via iTunes, Stitcher or Podfeed. Alternatively if you want to use your podcast client of choice add the RSS via – http://cloudevangelist.libsyn.com/rss

Download the podcast here in MP3 format only