Jeff Jaffe’s Blog

Final in a series about Novell’s comprehensive approach to cloud computing.

Reprise

In The Cloud, we identified five cloud infrastructure priorities:

• Connect
• Secure
• Manage
• Develop
• Collaborate

We’ve elaborated about Connect, Develop, Secure, and Collaborating in the Cloud, and here we complete the discussion.

Choice

A key value provided by cloud computing is choice.

• Customer choice to obtain capacity. Historically, users received capacity for tasks via dedicated physical servers. With virtualization the focus shifted to optimizing performance by consolidating workloads. While this improves data center efficiency it does not necessarily optimize for an individual user. Going forward, users will have many methods of executing workloads:
  • Physical server
  • Integrated into a physical appliance
  • Virtualized
  • A virtual appliance that is deployed in an enterprise or in a cloud.
  • Directly in the cloud

  For the last—there are numerous models to executing workloads in the cloud ranging from Software as a Service, to running an application in the cloud (with the cloud providing Infrastructure as a Service), to hybrids—such as an application running within an enterprise—leveraging cloud resources (such as storage or processing) for a piece of the application.

• Agility. Classically, when users need capacity they go through their company’s procurement cycle. Even if the user has budget they rarely get capacity on demand. They go through the company’s procurement or allocation cycles to get capacity ordered or assigned. There is greater agility to get resources if they can be procured on-demand from the cloud.

• Scale. For applications with a disparity between peak resource needs and average needs there is a challenge to determine how much capacity to allocate. Procuring for the peak is expensive—procuring for the average does not provide adequate capacity for peak times. Cloud resources—whether available as part of a private cloud within an enterprise (that allows sharing of resources within the enterprise)—or available through public vendors allows for dynamic scale. Scale has value at different points in the lifecycle. On the one hand, it is useful for applications being tested or trialed as it can provide resource for a limited amount of time. But it is also useful for production applications where capacity needs can be quite dynamic.

Management

When one considers the choices available, and the dynamic range of application needs—it is challenging for an enterprise to have a comprehensive approach to manage their “owned” resources in conjunction with cloud resources. How does an enterprise decide whether to use a physical or virtual server; to allocate based on peak or average case; to optimize for latency or utilization; to use an appliance; to use a public cloud? This optimization has always been a challenge but has gotten more challenging with virtualization and cloud computing. Add to that different policies that customers have about where to assign their workloads, heterogeneity in underlying platform technologies, and the diversity in cloud computing models—you have an area of considerable confusion for customers and opportunity for a vendor.

Challenges of management of resources in a cloud environment are not limited to enterprises that are interfacing to the cloud. There is an analogous challenge for cloud providers to effectively manage their resources and to guide their users to effectively leverage cloud resources.

A Living Laboratory

Cloud management is a multi-faceted challenge. An enterprise deals with a multiplicity of cloud models and integrates with enterprise management. Companies that are providing services require tailored management solutions. We are in a period of great ferment, all of the models are changing and underlying assumptions are being tested.

The best way to learn about cloud management is to develop solutions in conjunction with a leading provider of IT services. An IT service provider is both an enterprise as well as a provider of services to other enterprises. This is why I mentioned in “Progress on Systems Management and the Service Driven Data Center” that our partnership with ACS—providing technology for the ACS Management Platform—is key. Specifically, to repeat from three months ago:

• The partnership allows us to explore advanced management features in a demanding environment. This includes workload management, automation, and virtualization. We instantiate these ideas in a fully integrated fashion.
• The partnership allows us to explore emerging operating environments. Not only are physical and virtual deployments of relevance but we have also included cloud computing as a focus area.
• To address critical security needs, identity management and security solutions will be prominently featured.

Fourth in a series about Novell’s comprehensive approach to cloud computing.

Recent Events

The summer has seen numerous announcements with the proof points of our cloud infrastructure contributions. These announcements are transformative. They are not merely new products. They address issues that the industry has not totally addressed, with innovative solutions.

Last week was especially exciting. As foreshadowed in Software Appliances and Cloud Computing we launched SUSE Studio a key tool in our overall appliance program and in developing for the cloud. The press reaction was breathtaking with some saying that this was Novell’s most important announcement in decades.

Also last week we provided our cloud security demo at the Burton conference. More about that below.

The previous week saw Microsoft releasing 20,000 lines of GPL code to the Linux kernel. Interesting times.

Reprise

In mid-June, we identified five cloud infrastructure priorities:

• Connect
• Secure
• Manage
• Develop
• Collaborate

We’ve elaborated about Connect and Develop and here we will talk about Securing the Cloud.

Cloud Security

Many studies have documented that enterprises are concerned about cloud computing security.

This is not surprising. Many events have heightened concerns about security. Information leakage, viruses, and lost laptops are examples of security lapses. Cloud computing exacerbates concerns. Data and applications are placed outside of the enterprise, outside the firewall, and outside the adminstrative domain of the IT organization.

The security fears are dramatic enough. Sometimes, the fix is worse than the fear. A cloud computing vendor might propose a new security model to assure wary users that their data is safe. However, even if this new model is theoretically secure—it does not immediately address the practical problem. The IT organization must incorporate the model deeply enough to be secure. They must be able to explain it to survive a corporate audit about data protection. After the IT organization appreciates the security of the new model there is complexity to introduce the new model and security holes that arise from lack of training or misuse

Annexation

With so many barriers the best way to secure the cloud is to use existing security models. The IT organization should use the same security and access control technology for the cloud as they use in the enterprise. The interfaces must be the same. The user model must be the same. If passwords are used the actual password must be the same.

We call this idea annexation of the cloud. In this model we provide transparency in usage and security model so that the IT organization does not use a new access control paradigm. Rather, they feel that the cloud has become an extended part of their enterprise.

Novell Cloud Security Service

This is the essence of the Novell cloud security service that we demonstrated together with PivotLink at the Burton conference last week. By federating a SaaS vendor’s access control mechanism with existing enterprise mechanisms we provide cloud security within the existing model of an enterprise.

Another key piece of the cloud infrastructure provided by Novell!

Log Management

Also last week, we announced our Sentinel Log Management product. This has immediate value to today’s enterprises as they struggle with masses of data that need to be processed to assure compliance. With respect to cloud computing, we can only imagine that these compliance needs will become more demanding, data sources more disparate, and organization of this data more critical. Sentinel Log Management is focused on today’s compliance needs but this asset will also provide value to secure the cloud.

Third in a series about Novell’s comprehensive approach to cloud computing.

Reprise

In the June 15th posting, “The Cloud“, we identified five cloud infrastructure priorities:

• Connect
• Secure
• Manage
• Develop
• Collaborate

Developing for the Cloud

There will be many cloud platform interfaces that developers will choose from. Some providers will provide unique interfaces to allow developers to optimize for their platform. Others will take a standard approach. Some providers will focus on proprietary interfaces. Others will be open. Taken together, this new model—cloud computing—creates a new playing field and stimulates innovators to explore different ideas to exploit the opportunity.

This expansion of possibilities also creates an expansion of confusion for the developer. Which cloud am I optimizing for? Am I focused on clouds, physical devices, or virtual devices? Which hypervisor? Which management interfaces?

I would prefer if this were not a concern for the developer. What if there were a toolset which made it possible for the developer to develop once and run everywhere?

Novell and Appliances

Fifteen months ago Novell announced its appliance program. We stated a simple purpose—simplify application development for ISVs by allowing them to create software or virtual appliances using our toolset. A key approach is to allow ISVs to use less than the full operating system—such as our JeOS (Just Enough Operating System) and still carry certification.

Also important to developers is the ability to create appliances that can run as images for a variety of hypervisors. In our April 2008 announcement, we did just that. This was a Novell announcement —but we are more effective when we work with key infrastructure partners. So, we announced in February of this year that we are working closely with VMWare to ensure that the virtual appliances that customers build with SLES are VMWare Ready. This reflects the partnership approach we’ve talked about consistently for virtualization.

The Cloud

As mentioned above, ISVs and developers would like their code to run everywhere. How can they achieve this? Simple. Build an appliance on an appliance building platform that allows them to deploy anywhere.

With our existing approach to create software appliances and virtual appliances it is not a big leap for us to focus our toolset to allow developers to target applications for a variety of clouds. So our appliance program is precisely the right basis for Novell to be the company that enables “develop for the cloud”.

Much has been written about computing in the “cloud”. Within these pages references include “Software delivery models and SAP” and “Service-Driven Data Center“. Today is the first of several blogs where I give a comprehensive view of Novell’s approach.

The Significance of the Cloud for IT

Every so often there are sufficient changes in technology and customer buying patterns that the entire industry turns on its end.

In the 1960s, mainframes dominated and provided the first broad platform for computing.

In the 1970s, minicomputers proliferated. Computing became available for small businesses and departments. New companies rose to take advantage; new languages were popularized; and there was an explosion in professionals in the industry.

After the introduction of personal computing in the 1970s the 1980s saw mass adoption of PCs. New applications such as personal productivity and consumer related applications resulted from this shift. The paradigm of client/server and sharing within departments became prominent. Novell’s NetWare played a key role (which continues with Open Enterprise Server).

As we rolled into the 1990s the Internet and World Wide Web became the model for public access to data, and related intranet technologies were used inside of companies. Wide access to information became commonplace and programming technologies adapted to feeding information into people’s browsers.

Cloud computing is next. It will be equally transformational. The web provided clicking for “information” and cloud computing will provide clicking for “information resources”. Over time this will revolutionize every part of IT.

Within the rubric of cloud computing, IT organizations have different attitudes about how to optimize information technology. To address this, there are variations on cloud computing, including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each has their own value and solves its own problem. A user that needs instant access to a capability may employ SaaS, a developer looking for a platform may employ PaaS, and someone in search of capacity may employ IaaS.

Novell and the Compute Cloud

With Novell’s position in core infrastructure, Novell intends to play a major role in cloud computing. Several technology choices for the cloud are favorable to Novell— Linux is the favored operating system used by cloud providers; XEN—which we have discussed often— is the favored virtualization technique. Moreover, Novell’s strength in technology areas such as management and security is relevant.

Novell has key technologies but also has the right attitude. The compute cloud will democratize computing by utilizing open interfaces and avoiding platform lock-in. This is harmonious with our brand promise of “Making IT Work as One”. It is also characteristic of Novell as a company who is passionate about Open Source, yet willing to work on interoperability with vendors who are committed to proprietary platforms. No surprise that Novell is a supporter of the Open Cloud Manifesto.

The potential of cloud computing is great, but it won’t happen overnight—just as the other paradigm changes did not happen overnight. There will be many participants in this all playing different roles. For example there will be companies that provide cloud computing, and others -like Novell—that provide infrastructure software that are used by cloud providers or enterprises. Many layers of the compute stack will change to support the move to the cloud. Novell will not invest in all of them—no one vendor can have that impact. However, in the cloud infrastructure Novell will play a key role.

Novell’s Cloud Architecture

There are numerous components that are required for the cloud. Some of the key components were mentioned above—the Linux operating system and virtualization. Many of the other key components intersect areas of Novell focus.

We have been investing in these areas leveraging the ideas of our technical leaders and looking at market input. Many of the most outstanding ideas came from our breakout move initiative, while others came from activities in and across our business units; listening to customers and partners. Here are some of the key areas. With space running out I will only itemize the areas here—look to future postings for elaboration:

• Connect. The first part of our architecture is to connect to the cloud. The nature of client devices and their appropriate operating environment will change as we move to the cloud. Our work in operating systems, including our work in Moblin will be critical here.
• Secure. This access must be done with security. We will leverage the technologies of our Identity and Security Management business unit.
• Manage. Clouds have a different paradigm for resource utilization so they need a different paradigm of managing these resources. Each previous revolution in computing also revolutionized how resources are managed. We will leverage our Service Driven Data Center approach.
• Develop. Applications needs to be developed for the cloud. The key technology stacks will continue to be based on Java and .Net. We will leverage our unique combination of skills—the LAMP stack available with Suse Linux and Mono for .Net to play an enabling role here.
• Collaborate. Novell has a strong portfolio of collaboration technologies. This will enable us to play a role here as well.

For some time we have discussed how technology can help companies enhance their tracking of events and as a result address compliance. It was almost three years ago that I first identified corporate governance as a key trend; and the opportunity to address it with identity management and security event management. Over the past several months we have intensified this effort.

A Three Step Strategy

Our three step strategy to address this imperative is:

• Integrate core assets to create a Compliance Management Platform.
• Acquire additional complementary assets that enhance compliance. Most notable was Privileged User Management to help secure Linux and UNIX systems.
• Work with key partners to bring them into our compliance framework.

The reason for this sequence is clear. We start with the basics, using the vast assets that we have in Identity Management and Security and Information Event Management. By adding complementary assets we further strengthen the solution. With this comprehensive technical approach, it is now time to bring an ecosystem of partners under our umbrella.

RSA Conference

It was gratifying to make progress on the last of these steps during last week’s RSA Conference.

Last Monday we announced certification of our Sentinel product with SAP’s NetWeaver technology platform. I have frequently pointed to our close partnership with SAP related to Linux. With this new announcement Novell technology further services SAP customers with enhanced functionality. Now alerts that come through SAP’s BC-XAL interface are brought into our comprehensive analysis of security related events.

We pride ourselves on the scalability of Sentinel to very large workloads. SAP environments are very demanding, so customers have a solution that scales with SAP.

Last Tuesday we announced together with McAfee that their ePolicy Orchestrator (ePO) platform will be able to provide events to Sentinel as well. Two complementary security vendors work in an interoperable fashion to bring the best capabilities to our common customers.

Call for More Partners

Our Compliance platform is getting traction in the industry. Our next goal is to continue to intensify our integration with key partners. If you need compliance for your solution—please let us know!

For several years Novell has been building a vision of the next generation data center that addresses new customer needs. These needs are to leverage new technologies that reduce cost and complexity, but manage the risk of introducing them. Our Service Driven Data Center (SDDC) provides the cost reduction in a well managed fashion.

Cost Reduction Technologies

Key technologies that reduce the cost of a data center are:

• Open source in general and the Linux operating system in particular have a lower price tag. They also reduce cost by allowing faster exploitation of hardware technologies that further reduce cost, such as low-power and virtualization assists.
• Virtualization reduces cost by allowing physical processors to consolidate workloads.
• Cloud computing provides a means for a user to grab capacity without a lengthy approval process. Moreover, capacity can be ordered as needed. There is no danger of acquiring over-capacity that won’t be needed in the end.

These three technologies result in a low-cost data center. However, if they are left unmanaged, they can do more harm than good. Without a management framework, an enterprise can create stovepipes that optimize in the short-term, but are costly over time. Without knowing where workloads are being deployed, the CIO is left with complexity and risk.

Enter the “Service-Driven Data Center”

Last week, Novell unveiled our vision and offerings that manage workloads in a way that reduces cost and complexity but avoids the risk. We coined this the Service Driven Data Center (SDDC) to emphasize that a CIO’s focus is on the service they provide. We also explained how this is is done. The enterprise Builds the data center, at that point it can be Managed, and then continuous improvement arises when the enterprise Measures its data center. Let’s now take it one level deeper by elaborating on our unique offers.

• Build. The build offer proposes that the next generation data center be built on a platform that provides the low cost of computing offered by Linux, and leverages that platform for virtualization and cloud computing. With our recent SUSE Linux Enterprise (SLE) 11 announcement, we have provided a platform that is ready for physical, virtual, cloud, and appliance deployments. While our management solutions work well irrespective of the platform choice used by a customer for build, we also believe that SLE is the best platform for many workloads.
• Manage. The manage offer emphasizes that optimization arises with tools that assess the best place to deploy workloads. Don’t trust tools that come from vendors that only want deployment on their own platforms. Since we acquired PlateSpin we insisted that our management technologies are agnostic of any particular platform—including our own! This was emphasized in last fall’s workload announcement—managing the data center requires agility to move workloads to the right place—on a physical server, a virtual server, or in the cloud.
• Measure. In addition to building and managing the data center, the CIO needs to continuously monitor, optimize, and inspect a dashboard, to be certain that (s)he has met end user needs. Agile tools that move workloads to different servers and into clouds introduce risk. Risk management balances the agility that comes with workload flexibility. So our measure offer applies the principles of Business Services Management to assure that the enterprise can manage, optimize, and inspect to a set of Service Level Agreements with the rest of the firm.

A Deliberate Strategy to Amass this Solution

Novell has been creating assets and acquiring companies to build out this vision and offers. We can now assemble the pieces into a single compelling package.

• The build piece began with the acquisition of SUSE Linux many years ago. There has been continued Novell investment and partnership with the open source community to make SLE 11 the desired platform to build the SDDC.
• The centerpiece of the SDDC is the ability to manage and optimize in an interoperable fashion. The ZENworks family of management products are now enhanced with the virtualization products from PlateSpin.
• The final acquisition was to add the Business Systems Management framework from Managed Objects.
• The technical vision, roadmap, and architecture which describes how to evolve these technologies to provide agility, is our Fossa architecture.

In 2008, I introduced our Fossa project (Fossa, Fossa, continued and Fossa, further continued). The purpose was to create and articulate Novell’s technical vision. Specific use cases highlighted that IT organizations need a greater degree of agility than previously available. Several blog entries highlighted changes that are needed in identity management, Linux, virtualization, policy, orchestration, compliance, and collaboration to achieve this agility.

Fossa Document

Over the past year, Novell Fellows, Distinguished Engineers, and other thought leaders contributed to the development of this architecture. We are making the work available in several ways:

• We have published a 60 page paper which describes the architectural principles. It is available at http://www.novell.com/company/architecturalfoundations/. This is the most comprehensive description of a future architecture for software infrastructure that yields agility.
• We want the individual ideas to be accessible. Many of the inventions are available in the public domain. One of the key methods is through patents—we have submitted more than 30 patent applications related to this architecture.

The Need for Agility is Increasing

With Fossa we have a vision, architecture, and strategy to achieve agility. The continued evolution of the industry over the last year has re-inforce this need for agility. With virtualization deployments continuing apace, and with cloud computing and SaaS growing in popularity the need for agility is evident. Appliance computing, Web 2.0, are related trends. These more flexible modes of delivering software and service come in numerous varieties—so the bet we made on achieving agility in a heterogeneous, platform-agnostic fashion has proved to be critical.

Next Steps

In the last year we have seen issues in financial markets and resultant concerns about risk management and compliance. Will this reverse the drive towards agility and cause focus on control?

I think not. Agility is unstoppable. After all, this is not the first time that security concerns and risk have risen to the surface. Did security stop the Internet? Did risk stop e-business? Did hackers cause harm that is worse than 9/11? Every time that these issues have arisen—the answer has been no! Progress, agility, and capability is vital.

On the other hand, while security concerns do not stop progress—the concerns are real. The result is that we need to manage the concerns—at the same time that we achieve the agility. Some of this is built in to the current Fossa document. Recent Novell acquisitions (Managed Objects and Fortefi) have further positioned us to address these management issues.

Earlier this month Novell acquired privileged user management technology from Fortefi Corporation. We extended our leadership in Identity management and furthered our differentiation in Enterprise Linux.

Technology

Linux and Unix users and/or administrators often require root access which enables them to make broad changes to their system. This is a feature; UNIX and Linux are easy to configure. It is also a risk. Administrators may change responsibilities or leave a corporation, or there may be sensitive information residing on these systems that even the administrators of the system should not be accessing. Without “tracking tools” there are security and compliance exposures.

Fortefi’s technology allows the management of root access capabilities. Their tools provide control of access to privileged accounts, granular tracking of who has accessed these accounts, and audits these permissions for compliance. Novell is building these technologies into a new product—Novell Privileged User Manager.

Leadership in Identity Management and Compliance

We are recognized for our identity management portfolio. With this acquisition, we extend our leadership position. We will take this excellent technology, strengthen its quality, and integrate it with the rest of our identity offerings.

We focus our leading technologies towards the critical area of compliance. Since my last posting on this topic, compliance has become a larger issue in our economy. Without Privileged User Management, customers have compliance risks. We close this gap.

In a related technology area, I have noted our commitment to Enterprise Single Sign-on. Earlier this month we also announced that we were acquiring a perpetual source-code license from ActivIdentity for this technology. This will allow further integration, faster innovation and improved support.

Enterprise Linux

Novell has an additional motivation in acquiring technology for Privileged User Management. We pride our Linux distribution, SUSE Linux Enterprise Server (SLES) for its mission critical capabilities. Soon we will be releasing SUSE Linux Enterprise 11 which will take mission-critical to a new level.

A primary customer concern for mission-critical deployments is security. This concern is amplified with the current focus on Governance, Risk Management, and Compliance (GRC). The flexibility afforded by root access has always been popular for UNIX and Linux. But with the compliance focus, this flexibility must be tempered through improved management by the proper set of tools.

For Novell, we now have a unique capability to provide the Linux distribution as well as management tools such as Novell Privileged User Management. Customers receive a compliant Linux by acquiring several products from a single vendor.

To be sure, our security management tools are platform agnostic. Novell Privileged User Manager will manage root access for other Linux and UNIX variations. Still, the integration provided by this acquisition will directly benefit SLES customers.

My last two postings comprised my annual review of Novell’s strategy (part 1 and part 2). I am now behind my usual cadence of comment on Novell’s progress. We made progress in data center management late last year which I wanted to review.

Workloads

The focus of data center management changes from year-to-year. Some aspects of data center management include: physical server management, application management, storage management, workload management, high availability, security, data management, file systems, and clustering. All of these are important, yet depending on the latest disruption in the industry one aspect may require greater attention in a given year.

At Novell we believe 2009 will be the year of the workload. Several technology disruptions are driving this:

• Virtualization—an increased focus on performance sensitive production workloads
• Customer choice for virtualization: continued offerings from VMWare, new offerings from Microsoft and open source offerings such as Xen.
• Availability: continuous operation of virtualized production workloads.
• Cloud computing. Workloads can migrate outside the enterprise with a variety of models: Web services, hosted, and SaaS as examples.
• Appliances. Aside from physical servers, virtual servers, and the cloud—IT Managers have the option to deploy workloads as custom built appliances.
• Business Service Management (BSM). While BSM is already growing, we believe the growth will accelerate in 2009. A weak economy drives focus on business value and greater attention to BSM and measuring and maintaining specific SLAs (service level agreements) for workload performance.

Our December workload announcement

Novell has been ramping up attention on workload management for several years, first with our ZENworks Orchestrator solution and then our acquisition of PlateSpin. Late last year we pulled it all together by clarifying our product roadmap and integrating our assets into a comprehensive workload solution. Some of the key features of this announcement:

• We integrated the Novell and PlateSpin product lines to create a comprehensive workload solution under the PlateSpin brand.
• We culled out these capabilities to create four specific products within this solution:
  • PlateSpin Migrate—to allow migration of workloads throughout a network
  • PlateSpin Protect—to provide a recovery capability
  • PlateSpin Recon—for workload profiling
  • PlateSpin Orchestrate—to manage physical and virtual resources throughout the lifecycle of a deployment.
• We strengthened our interoperability story. We continue to provide strong support to VMWare environments; but have added others including full support for our SLES platform using the Xen hypervisor

More to come

As I mentioned in “Novell Acquires Managed Objects“, part of our rationale for the acquisition of Managed Objects is the growing importance of BSM. BSM is important for several service disciplines and workload management is a key area. There is an increased role for BSM in ensuring that the flexibility of workload deployment is translated into business value in this tough economy. Novell will continue to further add to our customers’ data center management and workload management capabilities to address all of the disruptions listed above.

Earlier this month Novell announced a breakthrough in the Identity Management area: We created an advanced compliance management platform. I will briefly review its breakthrough properties, but then I will add comments that we did not announce with the product. I will relate this to our longer-term goal of creating an agile IT infrastructure – project Fossa.

Compliance management platform

Platform announcements typically focus on integration because markets typically emerge with point products that address relatively narrow requirements. Customers use these point products together to build solutions. Meanwhile, each product evolves to address requirements of its customer set. Thus, silos result which make the solution more difficult to construct, more costly to run, and more difficult to evolve.

Markets fix this with a platform: Vendor takes a step back, worrying less about new individual product features and instead ensuring that the variety of individual products work well together, creating new business value through access to new source of information.

Identity management has evolved over the last decade with rich function. Today, we address user provisioning, access control, Web access, role management, single sign-on, policy management, and compliance monitoring. Increased focus on securing an enterprise and validating compliance to external regulations has created a need for integration. So we took a step back. Now, with an advanced compliance platform, customers can address security and compliance with ease and low-cost.

The path to an agile infrastructure

Above, I mentioned the Fossa project, Novell’s vision of an agile infrastructure. Our internal project has progressed nicely and we will soon release an architectural description.

The same functions that in 2008 provide an integrated compliance management platform form the basis for a future agile infrastructure. Here’s why!

The future environment is characterized by an increasing variety of software delivery models and software execution models. Important examples include: Web 2.0, SaaS, cloud computing, mashups, appliances (physical, software, and virtual), virtualization, and download. The future agile infrastructure is flexible in allowing workloads to migrate to the place and execution model where they will be serviced optimally.

Our Fossa project asks: how do we define optimal? The answer – we need a rich policy language. How do we refer to resources and reason about all of the choices? The answer – we need to identity enable everything. How do we inform users that the infrastructure was faithful in implementing the specified policy? The answer – compliance.

Although the compliance platform today is focused on security compliance, it is providing powerful primitives that help agility. The optimal workload management enjoyed by the Fossa user does not necessarily ask for a secure solution. Yet the primitives – identity management, policy, and compliance – are exactly the function that we will reuse in Fossa for the purpose of optimization, flexibility, and agility.