Archive for August 2018

Microsoft Loves Linux and FOSS Because of Developers

Linux and Microsoft

This was published previously on the Amalgam Insights site.

 

For much of the past 30 years, Microsoft was famous for its hostility toward Free and Open Source Software (FOSS). They reserved special disdain for Linux, the Unix-like operating system that first emerged in the 1990s. Linux arrived on the scene just as Microsoft was beginning to batter Unix with Windows NT. The Microsoft leadership at the time, especially Steve Ballmer, viewed Linux as an existential threat. They approached Linux with an “us versus them” mentality that was, at times, rabid.

It’s not news that times have changed and Microsoft with it. Instead of looking to destroy Linux and FOSS, Microsoft CEO Satya Nadella has embraced it. Microsoft has begun to meld with the FOSS community, creating Linux-Windows combinations that were unthinkable in the Ballmer era.

In just the past few years Microsoft has:

  • Welcomed Linux and FOSS to their Azure cloud computing platform. They have even created their own Linux distribution for Azure.
  • Created the Linux Subsystem for Windows. This allows Linux server distributions such as Debian, Ubuntu, and OpenSuse to run natively on Windows. The Linux Subsystem as negated much of the need to spin up VMs with Linux for running FOSS development tools and server applications.
  • Released PowerShell for Linux and open sourced PowerShell. The PowerShell scripting language is as powerful as any available on Linux. While it is unlikely that Linux sysadmins will suddenly abandon BASH for PowerShell, it certainly is helpful to Windows sysadmins that now need to administer Linux systems.
  • Acquired Github, home for much of the Linux/FOSS community. While not strictly a Linux move, the acquisition of the popular code repository, home to much of the code in the FOSS world, shows a desire to integrate with that community (and profit form it.)
  • Acquired membership in Linux Foundation, as a Platinum member no less. This would have been anathema in the Ballmer’s time.

Why is Microsoft suddenly going full steam ahead into the Linux/FOSS world after decades of antagonism? Some of it is because of CEO Nadella. His world view seems to be different than the Microsoft of the past, even if he is a lifelong Microsoft manager.

More importantly, the acceptance of Linux and FOSS is driven by developers. The developer world used to be a Microsoft versus Linux-FOSS affair. Developers worked in a Microsoft shop, IBM shop, or FOSS/Linux shop (which included Java) and then the IBM shop merged with the Linx/FOSS one. Some companies were broken up into several “shops” for server and transactional computing (typically Linux/FOSS/Java) and desktop computing which was often Microsoft driven.

This is no longer the case. Developers move between environments, using whichever languages and stacks make the most sense for the application. On top of that, Linux and FOSS have infiltrated everywhere developers are through DevOps tools (which are often FOSS and Linux) and containers, which is a Linux technology. In addition, Linux has come to dominate the datacenter server farms and not Windows Server. To be a developer is to be part of the Linux/FOSS world even if Windows is part of the environment. Microsoft may dominate on the desktop but has had to embrace Linux in the back-end.

While the acquisition of Github was a bold move, there is still more for Microsoft to do if they wish to become viewed as “all-in” for Linux and FOSS. Native support for containers, especially OCI compliant containers, within Windows would be help developers to use Windows as their development platform and move components between Windows and Linux servers. Having to use a virtual machine image, no matter how lightweight, is opposed to the philosophy of containers. Even running containers in a Linux distribution on the Linux Subsystem for Windows is not how containers are supposed to be deployed.

A full version of Visual Studio for Linux would also help. As developers move between Windows and Linux systems, they would prefer to use the same tools. Visual Studio is an excellent development environment and would have advantages for Linux developers who code on that platform. Microsoft has taken the first step in that direction with Visual Studio Code for Linux, a Linux version of Microsoft’s excellent code editor. It’s time for the complete IDE and DevOps tool sets to become cross platform.

Of course, every Linux lover wants to see Microsoft Office for Linux.  Developers who code on Linux usually have to have a second machine to run email and Office applications or are forced to code in a virtual machine.  While this would be a help to developers, it is highly unlikely Microsoft would ever port Office to Linux. The return on investment for the development and support costs would be minimal if not negative. It would also jeopardize the Windows desktop franchise by making Linux desktops a viable alternative to Windows. It’s hard to imagine Microsoft risking both money and market share, even to appease developers.

Microsoft, after decades of outright hostility to Linux has recognized its influence in the developer world. It is in their best interest to continue to weld together the Linux and Windows worlds in ways that make it easier for developers to move between them. That means more Microsoft tools on Linux and Linux tools on Windows. No longer afraid of Linux, Microsoft should be expected to continue to embrace it as a vital component of software environments everywhere.

Infrastructure as Code can Help with Compliance

IaC cycle

This was originally published on Amalgam Insights.

 

Companies struggle with all types of compliance issues. Failure to comply with government regulations, such as Dodd-Frank, EPA or HIPPA, is a significant business risk for many companies. Internally mandated compliance also represents problems as well. Security and cost control policies are just as vital as other forms of regulation since they protect the company from reputational, financial, the operational risks.

IT helps to manage compliance risks in two ways. First, by deploying systems that detect and assist the company in complying with risk. For example, an analytics system designed to discover Dodd-Frank violations in a bank is a way for IT to help remove some regulatory risk. The second way is to design systems that are compliant with internal and external regulations. That may mean configuring networks such that they address common security holes or data storage so that privacy is maintained. Systems must be configured to meet the needs of regulations and policies.

One of the more important methods of ensuring that systems are compliant is through audits. Different audits are conducted for different purposes, but they operate similarly. The state of a system – business or computer – is evaluated against a series of policies. Policies are statement that describe a required state in a system that ensures compliance. For example, a data privacy policy may require that customer data be only housed on encrypted drives. A security policy may require two-factor authentication for all external logins to a system.

Systems in place can be audited using a variety of tools that match the system state to policies and detect areas out of compliance. The problem with this approach is that it is post-hoc. Finding compliances issues in production is good but finding them before they are in production is better. Pre-production audits often rely on design documentation. This is a limited method because last minute changes or mistakes with configuration can lead to the final state diverging from production.

This is where Infrastructure as Code(IaC) can be helpful. Central to IaC is the idea that a plaintext script – the code part – describes the desired state of the system. The automation server then configures the system to the state indicated in the script. IaC systems may provision and configure both hardware and software components.

IaC presents an advantage when auditing for compliance. The script is the documentation and what is in the script will become the final system state. This makes it easy for compliance and security professionals to understand the system state before it is created. They can then analyze these scripts for potential violations of policy and prevent them from becoming part of the production system. Using IaC allows companies to more easily move from reactive compliance to proactive compliance. Non-compliance can be detected early and corrected before they become the production state. In rapidly changing environments, this is a safer and quicker approach than detecting problems after the fact and correcting them while in production.

Dealing with regulatory, security, and operational compliance of at scale is much becoming more difficult as policies proliferate and systems become more complex. IaC is a tool to deal with systems and their compliance issue in these environments.