Podcast: Cloud Security Special

Todays podcast is a must for anyone in Cloud who needs to understand high level security. I’m joined over the ether to my studio in Bath in the UK by Gunnar Hellekson and David Egts. We’re talking access controls, SELinux, sVirt, hardening, security in Government and how we engage in Cloud, security and KVM, Common Criteria – the whole works.

We talk RHEV, RHEL, OpenShift, CloudForms, ManageIQ, auditing, logging, hardening, security – learn how Red Hat secure the important enterprise, Government and industry platforms – allowing our customers to sleep easy.

You cannot afford to miss this weeks show !

Gunnar is the Chief Technology Strategist in Red Hat’s US Public Sector team, trusted by government and the military alike and David is one of our Principal Architects at Red Hat. They both “live eat breathe” security so this podcast is three of us who are very passionate about the topic.

And folks theres more, if you liked this podcast tune in to the first few episodes of Dave and Gunnar’s new podcast – the appropriately named Dave and Gunnar show which you can listen to by following this link directly. I totally recommend it, great listening. I’ve been working with them over the last few months recommending kit and I really think this is a show you should be listening to on a regular basis. Gunnar and Dave have taken a totally different spin on podcasting that Rhys Oxenham and I have been planning since November to do monthly that I bought the kit to do – but we haven’t had the time to do. Since Christmas we’ve been set up to make the changes I keep mooting, and this will happen.

It’s so nice to be back in the studio able to control the level of audio again, seems like an age since I was sat at a mixing desk recording this stuff. Listening to this podcast you wouldn’t think that David was in Ohio, Gunnar in Houston, Texas and me the other side of the pond, and all recorded produced and released using Fedora – no Mac’s here folks.

Come back soon for some great podcast content and if you haven’t yet subscribed via iTunes or my RSS feed simply follow the menu bar above to get the links you need. Come back next week for some more great content.

 Download the podcast here in MP3 format only

Podcast: Cliff Perry talks Satellite

Cliff PerryAs we head into the festive period this is the first of a series of podcasts going live. Cliff Perry is my guest today, we recorded this in Cardiff a few weeks ago and it’s well worth a listen.

Consistency of platform and architecture in Cloud is critical and at Red Hat we have built a reputation around Red Hat Satellite and the sponsorship and mentoring of the upstream Spacewalk project. Cliff is the chief cat herder or project manager for both and is passionate about his chosen topic.

Coming Friday another podcast this time talking Red Hat Storage with Tom Llewelyn. Remember we are syndicated now on iTunes, Stitcher Internet Radio and Podfeed so you don’t need to download, just subscribe using your client of choice.

Download the podcast here in MP3 format only

Podcast: Jason Brooks talks OSS

We’re blessed at Red Hat to have had the intelligence to capture Jason Brooks from eWeek. Jason is a stalwart of technology, a bedrock of intelligently and astutely written technology critique since 1999 so he’s seen technology grow and change our abilities and stretch our ambitions over the last decade or more. You’ve all probably read articles he’s written or discussions he’s kick started without even knowing it.

I’ve wanted to do a podcast with him for an age and last week before I disappeared off to remote areas of the world where technology simply hasn’t delivered stable internet I recorded this. Apologies for some of the dropouts on it – there were gremlins at work at Google as we recorded. It’s still perfectly audible.

Enjoy – it’s insightful and might be beneficial to you.

Download the podcast here in MP3 and OGG formats

Podcast: Partner Tour London 2012

Richard on stage, photo courtesy of Phil Rudge
So I’m currently on the road for Red Hat again. Six weeks of travelling, planes, trains, automobiles and maybe even a camel this time. Am in London in a rented ex LOCOG apartment on UK leg of the Red Hat Partner event. Next week I’m in Portugal on event duty, I’m in Egypt, Spain and Amsterdam in short order after.

Richard captured on camera by Phil Rudge
Tonight I thought I’d reflect on some of the stuff I’ve seen and heard and also muse / ponder on the position of suppliers and partners in the evolution and growth of Cloud. As I travel around I will be recording using my mobile rig and doing a lot of podcasts and interviews as well as posting pics.

If you want to listen to this it’s sub 10 minutes and tries to paint an aural picture of the state of the nation from a partner perspective as well as level some of the playing field. If you are a Red Hat partner who couldn’t get to tour maybe this will help you with some adlib non scripted perspective of my take on tour and Cloud tech.

  Download this podcast here in MP3 format or OGG format

Podcast: Rhys talks Cloud

Today I am releasing part two of a podcast I recorded with Rhys Oxenham last week. In this second installment of a podcast thats proved very popular Rhys will be talking about CloudForms, some of the realworld engineering stuff we’ve been working on with partners etc.

Rhys talks about how CloudForms solves some of the end to end problems of Cloud provisioning and platform management. For you guys looking at the newly released Red Hat OpenStack Preview this could be really important for you to listen to.

I am recording two new podcasts today with Jon Masters and Duncan Doyle, Jon I’ve known for nearly twelve years and is a leading light in the ARM porting world and a longtime Red Hat stalwart. He recently gave one of the best attended and best appreciated Summit talks in Boston. Duncan and I share a common love of everything JBoss so both should be a lot of fun and I’ll bring them to you asap.

  Download part two here in MP3 format or OGG format

Red Hat release OpenStack Preview

OpenStack Technology Preview Available from Red Hat
by: Cloud Computing Team – Written by Gordon Haff (reproduced here verbatim)

The OpenStack Infrastructure-as-a-Service (IaaS) cloud computing project, has been much in the news. April’s formation of the forthcoming OpenStack Foundation put in place a governance structure to help encourage open development and community building. Red Hat, along with AT&T, Canonical, HP, IBM, Nebula, Rackspace, and SUSE, are Platinum members of that foundation. The foundation announcement was quickly followed by a well-attended OpenStack Conference that clearly demonstrated the size and enthusiasm of the OpenStack developer community.

That’s not to say that OpenStack’s work is done. Anything but! The structure and community is now largely in place to form the foundation for development of robust OpenStack products that meet the requirements of a wide range of businesses. However, that development and work doesn’t just happen by itself.

Red Hat was actively involved in the project even before the foundation announcement; we are the #3 contributor to the current “Essex” release. This surprised some commentators given that it exceeded the contributions of vendors who had been louder about their alignment with the project. However, Red Hat’s relatively quiet involvement was fully in keeping with our focus on actual code contributions through upstream communities. With the formation of the OpenStack Foundation and its open governance policies, these contributions have only accelerated.

In parallel, we’ve also begun the task of making OpenStack suitable for enterprise deployments. This means bringing the same systematic engineering and release processes to OpenStack that Red Hat has for products such as Red Hat Enterprise Linux, Red Hat Enterprise Virtualization, Red Hat CloudForms, and JBoss Enterprise Middleware.

For example, these enterprise products have well defined lifecycles over which subscriptions can deliver specific types and levels of support. Upgrade paths between product versions are established and tested. Products have hardware certifications for leading server and storage vendors, certification and support of multiple operating systems including Windows and the experience and personnel to provide round the clock SLAs.

In short, stability, robustness, and certifications are key components of enterprise releases. The challenge—one that Red Hat has years of experience meeting—is to achieve the stability and robustness that enterprises need without sacrificing the speed of upstream innovation.

We’re now taking an important step in the development of an enterprise-ready version of OpenStack with the release of a Technology Preview. Red Hat frequently uses Technology Previews to introduce customers to new technologies that it intends to introduce as enterprise subscription products in the future.

Technology Preview features provide early access to upcoming product innovations, enabling customers to test functionality, and provide feedback during the development process. We’re doing all this because OpenStack will be an important component of Red Hat’s open, hybrid cloud architecture.

Here’s where it fits:

OpenStack is an IaaS solution that manages a hypervisor and provides cloud services to users through self-service. Perhaps the easier way to think of OpenStack, however, is that it lets an IT organization stand up a cloud that looks and acts like a cloud at a service provider. That OpenStack is focused on this public cloud-like use case shouldn’t be surprising; service provider Rackspace has been an important member of OpenStack and uses code from the project for its own public cloud offering.

This IaaS approach differs from the virtualization management offered by Red Hat Enterprise Virtualization, which is more focused on what you can think of as an enterprise use case. In other words, Red Hat Enterprise Virtualization supports typical enterprise hardware such as storage area networks and handles common enterprise virtualization feature requirements such as live migration.

Both OpenStack and Red Hat Enterprise Virtualization may manage hypervisors and offer self-service – among other features – but they’re doing so in service of different models of IT architecture and service provisioning.

Red Hat CloudForms provides open, hybrid cloud management on top of infrastructure providers.

These “cloud providers” may be an on-premise IaaS like OpenStack or a public IaaS cloud like Amazon Web Services or Rackspace. They may be a virtualization platform (not just a hypervisor) like Red Hat Enterprise Virtualization or VMware vSphere. CloudForms even plans to support physical servers as cloud providers in the future.

CloudForms allows you to build a hybrid cloud that spans those disparate resources. Equally important, though, CloudForms provides for the construction and ongoing management of applications across this hybrid infrastructure. It allows IT administrators to create Application Blueprints (for both single- and multi-tier/VM applications) that users can access from a self-service catalog and deploy across that hybrid cloud under policy.

Finally, Platform-as-a-Service (PaaS) capabilities on the infrastructure of your choice are delivered by Red Hat OpenShift PaaS. Unlike a PaaS that is limited to a specific provider, OpenShift PaaS can run on top of any appropriately provisioned infrastructure whether in a hosted or on-premise environment.

This allows organizations to not only choose to develop using the languages and frameworks of their choice but to also select the IT operational model that is most appropriate to their needs. The provisioning and ongoing management of the underlying infrastructure on which OpenShift PaaS runs is where virtualization, IaaS, and cloud management solutions come in.

OpenStack is therefore part of a portfolio of Red Hat cloud offerings which, in concert with Red Hat Enterprise Linux, JBoss Enterprise Middleware, Red Hat Storage, and other offerings, provides broad choice to customers moving to the cloud. Cloud is a major shift in the way that computing is operated and delivered. It’s not a shift that can be implemented with a single point product.

Find out more:

We’ve been working in the OpenStack community for a while now and can see its potential. Our focus has been around making OpenStack a great product for enterprises to use. Just like we did with Linux. In the future, we plan to release a commercial version of OpenStack for enterprise customers. But today, we invite you to download a preview of that product and try it out for free. Follow this link to the download site here, fill out the form (you will need a redhat.com account and if you don’t have one don’t worry we offer the option to create one).


Red Hat OpenStack Preview only works with Red Hat Enterprise Linux 6.3 or higher. You’ll need a Red Hat Enterprise Linux subscription for each server you install with Red Hat OpenStack.

The OpenStack Word Mark and OpenStack Logo are either registered trademarks / service marks or trademarks / service marks of OpenStack, LLC, in the United States and other countries and are used with OpenStack LLC’s permission. CloudForms and OpenShift are trademarks of Red Hat.

Security in Plain Sight

I was writing an article for a publication in Europe at the tail end of last week and one of the cornerstones of the piece centred around the holy grail of the qualm of the technology adopter moving to this scary new world of PaaS in the Cloud both on-premise or in a open hybrid model.

I think we’re fortunate – fortunate to be able to be in a position where we have a framework for the safe democratisation of data and applications with the structure of tools and technologies that the management of Red Hat allow us to develop and then bring to market. OpenShift is one of these technological sandpits internally that has seen the brightest and the best minds from every part of the Red Hat family throw in code, ideas and know how to get to a point where just wrapping and packaging a product becomes less of an end point, and more of a lifecycle stage. What I mean by that is that when we now, as we move from being seen by many customers and also potential customers as more than an OS play, we internally have adapted to change when breathing life into platform technologies. It’s a major change for a company when after a decade of providing rock solid support for the fastest growing operating system in the enterprise and the datacentre then it also grows (both naturally and by acquisition) to lend its weight to KVM and the important work of oVirt, but also the JBoss, MRG Grid and Gluster product lines without diluting support or capabilities. I do often think that a lot of analysts are starting to “get it” but many more are still misunderstanding where we’re at and it’s a good thing we get to show everyone in an open and transparent way what the roadmap looks like, but more importantly the structures that the GM100 and FTSE100 type organisations are going to be using as their foundations for the next five years.

I’ve talked about OpenShift at length, we’ll be talking next week to some of the OpenShift crew in a podcast you can download from here once it’s mixed (and I’ve got through death by Audacity and my new howto book – thank you Amazon.com). When we talk about OpenShift you need to think of it as a Roman legion of troops with OpenShift at the head flying the standard followed up by the proven rock solid proven technology components that make up Red Hat Enterprise Linux (RHEL). After ten years we’ve polished and we’ve honed a set of Open Source contributed code and Red Hat engineering excellence into the building bricks of what we’ll now take to Cloud. As we also continue the thought leadership and engineering contributions we’re making to OpenStack over the next quarter that too will benefit massively.

So for the cloud adopter with their entirely fair qualms about PaaS and Cloud you have an opportunity to use something you already know and understand and can compartmentalise – RHEL – and start thinking about how the transparent adoption of OpenShift can just fit into your schema or your plans moving forward.

You already get RHEL, you understand the SELinux seperation and “firewalling” within RHEL, so that then makes understanding how OpenShift has inherited that best of breed behaviour. SELinux providing OpenShift a proven “firewall” to segregate sessions and applications, resources and data, realtime using magic dust that your auditors and your control methodologies and risk registers already understand. This makes security as a process easier to understand AND easier to document. Please don’t underestimate the hidden costs around this. If you’re an ISO/PCI/HIPAA/SOX audited company this is going to be something you have no wriggle room and here’s a technology you can adopt at speed that will not alter your threat fabric or risk appetite.

I’ll leave you with a video shot last year by Gordon Haff talking to Matt Hicks at our Westford offices which I recommend you take time out to watch. If you need any more information or you want to know more please feel free to reach out to me in Europe or to any of our teams geographically.