So Matt and I have been trying to record this for an age, technology and ambient noise from the construction crew extending our Westford office got in the way a few weeks back so plan B – DIY remote podcast over Google+ recorded here in the studio in the UK – what we ended up with was a really good tech chat about OpenShift, hosted on-premise PaaS and a deep dive into SELinux and the reasons both of us have for trying to persuade you to leave it on by default.
If you’re into PaaS, use OpenShift, want to know where we are at with regards to releasing OpenShift On-Premise then you NEED to listen to this. It will at least make you even more excited (I hope) about the next two months of stuff coming out of Red Hat.
Matt, if you’ve heard him speak at Summit, or JUDCon (Google or search YouTube if you want to see re-runs of his talks, well worth the time spent doing it) is infectiously enthusiastic about both PaaS and security by default.
Download it, listen to it, comments welcome or questions – we’re here to talk to you.
Gordon Haff my opposite number at Red Hat USA has a great article up recorded with our very own Matt Hicks on multi tenancy architecture in PaaS. I’ve had a video of Matt up here before he’s one of the founders of OpenShift and a world authority on PaaS. Listen to an introduction on LXC and hear how segmentation and security controls based on SELinux make securing your boundaries and architectures in PaaS clarified but securely segregated.
I was writing an article for a publication in Europe at the tail end of last week and one of the cornerstones of the piece centred around the holy grail of the qualm of the technology adopter moving to this scary new world of PaaS in the Cloud both on-premise or in a open hybrid model.
I think we’re fortunate – fortunate to be able to be in a position where we have a framework for the safe democratisation of data and applications with the structure of tools and technologies that the management of Red Hat allow us to develop and then bring to market. OpenShift is one of these technological sandpits internally that has seen the brightest and the best minds from every part of the Red Hat family throw in code, ideas and know how to get to a point where just wrapping and packaging a product becomes less of an end point, and more of a lifecycle stage. What I mean by that is that when we now, as we move from being seen by many customers and also potential customers as more than an OS play, we internally have adapted to change when breathing life into platform technologies. It’s a major change for a company when after a decade of providing rock solid support for the fastest growing operating system in the enterprise and the datacentre then it also grows (both naturally and by acquisition) to lend its weight to KVM and the important work of oVirt, but also the JBoss, MRG Grid and Gluster product lines without diluting support or capabilities. I do often think that a lot of analysts are starting to “get it” but many more are still misunderstanding where we’re at and it’s a good thing we get to show everyone in an open and transparent way what the roadmap looks like, but more importantly the structures that the GM100 and FTSE100 type organisations are going to be using as their foundations for the next five years.
I’ve talked about OpenShift at length, we’ll be talking next week to some of the OpenShift crew in a podcast you can download from here once it’s mixed (and I’ve got through death by Audacity and my new howto book – thank you Amazon.com). When we talk about OpenShift you need to think of it as a Roman legion of troops with OpenShift at the head flying the standard followed up by the proven rock solid proven technology components that make up Red Hat Enterprise Linux (RHEL). After ten years we’ve polished and we’ve honed a set of Open Source contributed code and Red Hat engineering excellence into the building bricks of what we’ll now take to Cloud. As we also continue the thought leadership and engineering contributions we’re making to OpenStack over the next quarter that too will benefit massively.
So for the cloud adopter with their entirely fair qualms about PaaS and Cloud you have an opportunity to use something you already know and understand and can compartmentalise – RHEL – and start thinking about how the transparent adoption of OpenShift can just fit into your schema or your plans moving forward.
You already get RHEL, you understand the SELinux seperation and “firewalling” within RHEL, so that then makes understanding how OpenShift has inherited that best of breed behaviour. SELinux providing OpenShift a proven “firewall” to segregate sessions and applications, resources and data, realtime using magic dust that your auditors and your control methodologies and risk registers already understand. This makes security as a process easier to understand AND easier to document. Please don’t underestimate the hidden costs around this. If you’re an ISO/PCI/HIPAA/SOX audited company this is going to be something you have no wriggle room and here’s a technology you can adopt at speed that will not alter your threat fabric or risk appetite.
I’ll leave you with a video shot last year by Gordon Haff talking to Matt Hicks at our Westford offices which I recommend you take time out to watch. If you need any more information or you want to know more please feel free to reach out to me in Europe or to any of our teams geographically.