Recently, I had the opportunity to be interviewed by JAXenter about the future of cloud computing, as part of their “Tour of Cloud Computing” Q&A series with industry experts. Below is what I shared during our discussion, for your reading pleasure!
Everything is in the cloud these days, including our precious data. How can developers maintain an appropriate level of security in an increasingly insecure landscape?
When we talk about security in the cloud, especially from a data standpoint, there are certain core capabilities that need to be enabled that guarantee all customer data, cardholder data, patient data or manufacturing data that you’re putting in the cloud is protected.
The first capability is to put in place a strong system that provides authorization and authentication to users. The second capability is to have a strong degree of perimeter security. Most organizations are comfortable with being able to monitor and defend their cloud assets using a defense in depth policy. Finally, keep in mind that data protection is critical: Once there has been an accidental breach of data, being able to understand what was disclosed and putting in place a risk mitigation strategy to lock access to the data, or to take corrective action as applicable, is key. Security in the cloud is a holistic approach – it’s a mix of product capabilities, but also being able to enforce a “shift left” culture and practices for data protection right from the development stages.
What benefits does a cloud-based infrastructure bring? What are the drawbacks?
The biggest advantage of cloud-based infrastructure is the ability of the developers to have access to self-service usage of their infrastructure. At a very basic level, when we talk to our customers we see that there’s still this challenge of a developer trying to get access to provision capacity for their work or access their infrastructure. When you compound this challenge with the different application stacks and sheer volume, you run into a lot of issues around manual errors, faulty provisioning or over-provisioning, or a whole bunch of inefficient deliveries. It also helps IT not to be able to overprovision resources and taps into that auto-scaling model or the pay-as-you-go model.
Another obvious benefit of the cloud is auto-scaling and bursting to meet demand. This, however, can be compromised by one of the key challenges we hear from enterprises related to the cloud – around complexity and cost. Cost of cloud resources vs. private cloud total cost of ownership, shadow IT additional costs, and complexity in terms of variations of cloud infrastructure/flavors/config, no single pane of glass, lock-in to specific cloud services that make app portability a problem, and management complexity and overhead for large-scale deployments.
What is your favorite cloud-based tool, service, or platform to use and why?
The cloud that every enterprise should run on is hybrid cloud. The public cloud is great, but a key problem with all the three major providers, AWS, Azure, and Google, besides cost, is the fact that there’s a high degree of infrastructure service lock-in. But, if you talk about cloud solutions that work well, I think in general, the developer space has done a much better job of tackling cloud-based CI/CD, so tools like Spinnaker that came out of Netflix, Jenkins X, and GitOps, these are all very popular choices and they work well.
From an infrastructure service standpoint, I really like OpenStack. Because the platform has had multiple issues from the point of being productive, I think we’re at a point where using OpenStack and using a hypervisor such as KVM, organizations are able to cut a lot of the costs out in terms of moving to the cloud or being able to even realize a cloud-based deployment model in the on-prem basis.
Is Kubernetes becoming central to cloud adoption?
The short answer is, yes. Kubernetes is the most transformational cloud technology today. It has emerged in the last year as the de facto standard in container orchestration, and on the macro level as essentially an operating system for cloud-native applications.
The reasons why it became so essential as a cloud enabler are rooted in its mature container management model built in with the pod structure, and the services that are fronting these pods, like distributed labels and the ability to manage a given set of pods as a single entity. When people think of a pod as a VM, all the other semantics that have been built around container management are extremely important to help developers get to the composable infrastructure model that the industry has been trying to get to for decades.
We think that with projects like Knative and the open source Fission.io Serverless framework, you’re going to get to the point where at this rate, Kubernetes will be the de facto standard across data centers within a couple of years.
Jakarta EE has recently taken the cloud-native Java path. How important is it for a technology to be relevant to today’s cloud-first world?
Vamsi Chemitiganti: From a Jakarta EE standpoint, to have developers work on projects where they can get a Netflix type of stateless development paradigm model, where you take all these humongous JAR files that we’ve been shopping around for years, and to replace them with very nimble container-based infrastructure on images is going to be extremely important. I think it’s extremely interesting and it’s at the right time because pretty much every customer we’re talking to wants to develop microservices.
How important is it for a technology to be cloud-neutral? What do you think of the Fn project?
At Platform9, we’ve strategically designed our hybrid cloud solution to be cloud neutral and to enable users to deploy workloads on any type of infrastructure – on premises or in thon-premisesoud, and be able to easily port apps between environments.
Because of this, we take a slightly different view of the Fn project than perhaps most. As with Kubernetes being open source and supported across any cloud of choice, with companies like Google and the Cloud Native Foundation are all doing some degree of work around standardizing the developer experience and the deployment experience for Kubernetes. We feel that projects like Fn speak to that challenge specifically.
If cloud technology wants to continue to grow, tools should grow and adapt as well. What are the most mature tools right now?
We like tools like GitOps and cloud-based CI/CD tools like Spinnaker. A tool like GitPool to manage your infrastructure provisioning and software development process and deployment is also important. Google Skaffold is another very interesting project in taking source to image from a Docker standpoint.
But from a cloud management, I like Platform9 because I think one of the things that a lot of the vendors have done in the cloud space is to over-complicate cloud management, which really should be simple. We make that happen.
How can we capture the multi-cloud opportunity? What are the roadblocks to multi-cloud success?
Enterprises IT today is already operating in a hybrid/multi cloud state of affairs- having to manage multiple environments – some on premises and some in the public cloud, with each supporting different types of applications- from legacy, bare metal, VMs, containers, serverless, and more. This situation is only going to get exponentially more complex.
There are four key requirements to multi-cloud success, to allow organizations to bring their diverse infrastructure under unified management:
- Cloud Management should be simple – You want to simplify and accelerating time to value for complex hybrid cloud management and operations tasks. It shouldn’t be an ERP-type project, but rather just work out of the box and enable you to turn any infrastructure into a cloud instantly, without months of professional services or custom integration work to implement stuff.
- Build on open source to ensure standardization and portability between environments/clouds, avoid lock-in, and have an open API layer that is consistent, for dev and Ops, regardless of where the app is running. This also ensures that you future-proof your cloud management solution for whatever new technology comes next, be easily extensible and is flexible to support new integrations, services and specific use cases, as well as benefit from the open source economics and savings vs. high licensing fees of proprietary solutions.
- Multi-cloud management should be delivered as SaaS – The most difficult thing about running a multi-cloud is the setup, installation, configuration, and day 2 operations. Public clouds have already set the bar for ease of use. Multi-cloud solutions should “just work” out of the box in a similar fashion – in terms of developer experience, easy setup, easy integrations, and automated operations. The management layer and the infrastructure should be installed, managed, and monitored using a SaaS-based delivery model. No more manual work, heavy lifting on the Operations side, or taxing management overhead.
- Unified experience – across any type of infrastructure or applications – enterprises need a unified experience across four areas: a) A single view of all types of infrastructure: servers, VMs, Containers, storage and network – across all VM providers and private/public clouds, all the cloud regions and the tenants across these regions. b) single way for Site Reliability Engineers (SREs) to administer hybrid infrastructure across critical areas such as security & identity management c) Unified & open API for both developers and operations to perform lifecycle management and easy integrations with point tools or management processes d) Continuous monitoring across all of the different cloud regions and environments
There is a way to get hybrid clouds and multi cloud right. Enterprises need to be able to instantly turn any infrastructure into a cloud, and benefit from a unified cloud experience on ANY infrastructure, for ANY application – to be able to consistently manage VMs, Kubernetes and Serverless – running on premises or in the public cloud.
What do you think of serverless? Is it a “revolution of the cloud”?
I’ve been a key advocate of the serverless approach. If enterprises want to go digital, the first and foremost capability that they’ll have to build are cloud native architectures.
There are a lot of positives with serverless architectures. They support a high degree of flexibility in how apps are written. At the same time, they provide a great degree of convenience in terms of developers not having to do things like instantiate servers. When done right, they are extremely cost effective in how applications are developed.
One of the drawbacks is if you do not pick the right serverless stack, and you do not plan your strategy to be vendor independent, you’re going to get locked-in. And, if you’re going to inhibit portability, not writing to a standard like Kubernetes is going to cause a lot of challenges in terms of rewrites of the applications. Fission.io for example is a Kubernetes-native open source serverless framework that allows enterprises to benefit from a Lambda-like experience either on-premises or in the cloud, with no lock in or the high service costs.
This article originally appeared on JAXenter