David Blankenhorn, DLT’s Chief Cloud Technologist, recently sat down with fedScoop TV to discuss the importance of open source software for government. In addition to providing an overview of the open source landscape, David includes recommendations for agencies exploring open source options.

Government agencies around the country are adopting Google Enterprise Solutions to manage information securely, increase collaboration, and reduce search time. Learn from Google product experts how enterprise solutions help your agency overcome current challenges and stay compliant.

On Thursday, November 17, Google and DLT Solutions are hosting a live technology seminar in Denver, Colorado. The Tech Day will be held at the Sheraton Denver West Hotel in Lakewood, CO.
Government agencies around the country are rapidly adopting Google’s enterprise solutions to manage information & promote teamwork, while lowering their IT costs. Learn from Google product experts how these modern technology solutions allow you to meet the current challenges of your agency. You will see, in a briefing and in demonstration, today’s art of the possible and a compelling vision for the future!

I’ve been asked several times to help agencies evaluate their readiness to build a private cloud. Time and time again, I use the same concepts to find their current levels and what they should be looking at next. Data center automation, service oriented infrastructure, IT service management, resource orchestration, standard operating environments. Why am I bringing up ancient buzzwords in a private cloud conversation? Because without these fundamentals, your private cloud won’t get very far off the ground.
An Amazon AWS VP has been quoted saying “If you are buying hardware, it isn’t cloud”. You may think, “Well of course, that’s their business model. They don’t want me to buy a private cloud.” The argument made isn’t a business model, it is architecture and use case. The economies of scale that need to be achieved in order to validate a cloud model only make sense in large deployments. The benefits of the IT department are best realized when the shift from capital to operational expenditures is complete. A set of local resources that takes advantage of the new cloud focused toolsets to move in a service oriented direction may not be a private cloud, but it is still a valuable direction for those IT shops that need to retain in house capabilities.

Red Hat announced two new cloud offerings at their Summit in Boston, OpenShift and CloudForms. The OpenShift PaaS offering is aimed at developers who want a quick and easy way to deploy apps into an existing IaaS environment. That is a key differentiator here, existing IaaS environments.
OpenShift does have a ‘locally’ hosted PaaS flavor called Express. This is for quick and dirty, not very scalable apps. Using the distributed revision control system, git, a devvie can push a webapp up to the PaaS environment and get a URL for the running app. It is possible to deploy simple apps with PHP, Python and Ruby support available. With no access to database software, you can still install apps like Drupal or MediaWiki. There are no promises here, so make no demands. This is designed for quick prototyping and light use. If you want more features or control, there’s Flex and Power.

Over the last week or so, the internet has been awash in reports of the latest piece of malware targeting Apple OS X systems called MacDefender , MacSecurity or MacProtector. This is a piece of software that Symantec calls FakeAV, which is an entire family of “scareware.” A browser window pops up and says the machine is infected and to download a particular piece of software to remove the issue, when in fact the software you download is the payload that infects your machine.
This is not new to the Windows camp as FakeAV products have been around for many years. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look – achieved through the use of a “skin”. These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.

The Department of Homeland Security (DHS) has released a draft request for quotation (RFQ), HSHQDC-11-Q-00173, supporting the update and overhaul of DHS’s public web properties. In order to consolidate and update these properties, DHS is competeing this requirement among the Infrastructure as a Service (IaaS) public cloud blanket purchase agreement (BPA) holders on General Service Administration’s (GSA) apps.gov portal.
DHS is looking to the cloud providers to deliver the development, staging, and production web environments… but there’s a catch. The production environment cannot go live until they have both the GSA Authority to Operate (ATO) and the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) ATO. This is particularly challenging since the FedRAMP isn’t quite ready for primetime. The good news is that the awardee will have 120 days to become compliant once the FedRAMP has officially been released.

It is interesting that there is no equivalent term in Latin for risk outside of the word for danger. While security is the state of being free from danger or threat, risk, is a more complex topic and cannot be addressed without the concept of loss. It is the probability, not merely the possibility of something unpleasant or unwelcome happening that will result in a loss of some kind (life, liberty, property). The term did not even come into existence until the 17th century after the Medici had leveraged eastern mathematics in the calculation of probability in financial terms and still the word risk is derived from the word danger. Big mistake!

Enterprise virtualization solutions offer a valuable way to reduce operating expenses by removing underutilized servers from data centers. New servers designed around virtualization workloads instead of traditional single application workloads are offered by many manufacturers. Hardware extensions to CPUs and PCI buses allow hypervisors to directly and efficiently present resources to virtual machines to reduce the performance penalty imposed by an additional layer between the application and system resources. Storage vendors offer adaptable configurations and integration with enterprise virtualization solutions. High speed and high bandwidth network interconnects deliver the necessary throughput to service the consolidated network traffic requirements.

(This is Part 2 of Matt’s series. To read part one, click here.)
If SOA is intended to build a distributed application environment whose data sources are far from the end user with processing somewhere in between, then the next logical step is extending that processing onto a cloud resource. In fact, the Ocean Observatory Initiative is already leveraging current commercial cloud providers within their distributed framework. SOA and MOM (message oriented middleware) are two of the key paradigms used in the design of the OOI Cyber Infrastructure. While this architecture incorporates cloud resources as a component of the overall distributed application, similar approaches can be used to migrate resources from local systems to a cloud provider.