While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Adam Clater, chief cloud architect in the Office of the Chief Technologist of Red Hat's Public Sector organization, recently answered some questions from FedTech managing editor David Stegon about the evolution of Platform as a Service (Paas).
CLATER: PaaS represents an intersection of the latest in IT automation, orchestration and containerization of workloads. Rather than associating an application with a physical host, or even virtual machine, applications are now able to exist in an infrastructure that is abstracted away from the host and operating system.
Government agencies have spent the last few years in a race to get costs under control by consolidating data centers and collapsing physical hosts into a virtual infrastructure. The outcome has been twofold. Under the guidance of teams like the Federal Data Center Consolidation Initiative [FDCCI], we have seen the number of overall data centers dropping. In that process, agencies have seized upon opportunities to use cloud providers for services such as email.
On the other hand, we have seen an explosion of the number of virtual machines being deployed throughout the government. We have effectively gone from one app, one host to one app, one VM. The outcome is that resources continue to be underutilized.
PaaS, via the use of containerization and rich orchestration engines like Kubernetes (an open-source orchestration engine), presents an opportunity to break this cycle and lessen the organizational overhead associated with marshaling resources on behalf of the agency’s mission. Where we saw a 10-to-1 consolidation ratio when going from physical to virtual, we can see an additional 10x consolidation when moving to containerized workloads. This density begins to realize the original goals of consolidation.
Additionally, extensible, polyglot (multi-language) implementations also enable developers to use the latest frameworks and languages to develop their applications.
CLATER: The benefits of PaaS are numerous, but what can immediately benefit agencies is threefold:
Security/Compliance: Because PaaS utilizes precertified components to build an environment, operations and security teams can be confident that what their developers are deploying is acceptable in their environment. Red Hat has a keen interest in deploying secure workloads with our government customers. We are working with Black Duck Software to incorporate their container scanning and vulnerability mapping technology into OpenShift Enterprise PaaS, as well as making it part of our certified container ecosystem.
Time to Misson/Customer Engagement: Historically, it could take months for a developer to deploy an environment in a government enterprise. With a modern PaaS, it takes minutes to deploy a rich environment for hosting applications. A developer can then deploy his or her source code via git and simultaneously begin to collaborate on the development process with his or her customer or stakeholder. This capability makes PaaS a key enabler of agile development and DevOps.
Because everything is done using standardized containers made available from operations through the PaaS, when it comes time for the application to be deployed to production, development and operations will be in agreement on what will be deployed and how.
Scalability: Because workloads are designed using precertified components, nontrivial activities like clustering and horizontal scaling are second nature to a PaaS. Red Hat contributes heavily to Kubernetes, which is a key component of scaling to meet demand. This means that resources can be marshaled for demand as needed and then released back to the pool when they are no longer needed. This type of elastic capability is a key cornerstone of becoming a true cloud computing provider.
CLATER: These are early days! We are just beginning to scratch the surface of PaaS utilization within the government. At Red Hat we’ve been talking to government customers about OpenShift and its capabilities for several years. Adoption is ramping up, and we’re beginning to see real engagement.
With any shift, culture becomes a key obstacle. As more and more agencies get on board with PaaS technologies, I’m sure we’ll see the inevitable cultural shift. Adoption of practices such as agile development and DevOps will be key enablers for PaaS adoption, as they work hand in hand to improve the quality and consistency of software being developed in government enterprises.
At the end of the day, if you are writing and hosting applications, you are a SaaS provider to your customers. Using a PaaS like OpenShift gives you a secure, standardized development and delivery platform upon which to build your business — whether that be on premise or in the cloud.
CLATER: Mobile plays a huge role today. I see mobile applications and mobile-friendly websites as a key engagement point between citizens and the government agencies of the future. Placing the vast amounts of data and capabilities that the government has today in the hands of citizens will be key to the future of government. The same applies for the warfighter. Mobile networks are now portable and can be deployed in theater with ease. Using mobile devices and applications as a data-collection and distribution point for our men and women in uniform will be key.
The auto-scaling capabilities of a PaaS, along with the security provided by certified containers, make PaaS a perfect launching point for mobile application infrastructure. Using a Mobile Backend as a Service (MBaaS) technology like Red Hat Mobile enables the rapid development and deployment of mobile applications. You can hire developers out of college who know node.js, but the real magic will be in building a platform to integrate mobile capabilities with the existing data infrastructure in place at government agencies today. Few enterprise MBaaS platforms exist today, but they will be a critical part of bringing together government and their mission, wherever that is.