Red Hat CTO peers into future

Brian Stevens, formerly Red Hat’s vice president of operating system, storage and clustering development, has been named the Linux company’s CTO and is leading its newly formed Emerging Technologies Group. He spoke recently with Network World Senior Editor Jennifer Mears about where Red Hat is heading. What follows is an edited transcript of their discussion.

The CTO spot had been vacant for several years. Why fill it now?

We were missing the ability to create a separate organization that could pick the path for future technologies. We were very much driven around product line. Now, with the CTO post, we’ve built an emerging-technologies team, and that team’s charter is to set a vision that’s not just a year ahead, which is typical of the product-line group, but three to five years ahead.

So looking three to five years ahead, where is the focus?

Operational scalability and performance. Instead of coming in and looking at what products Red Hat can deliver to an IT shop, what we’re looking at now is what should the overall open source architecture be. It’s a much broader view than just which products we can make money on. In terms of building an operational architecture, things like Netscape Directory are part of it, but now it’s broadened into things like virtualization, Stateless Linux and capabilities that we just didn’t have before.

Server virtualization is becoming increasingly important. What’s Red Hat’s strategy here?

We expect to deliver virtualization capability coincident with our next major release of Linux, which is planned for the later half of next year. We’re looking at how a virtualized environment changes the rest of the IT architecture in terms of what new management capabilities you need, how security changes, how you build a highly available infrastructure, how all the other aspects such as provisioning and licensing change. We figure out whom we need to partner with, where M&A is needed, what we need to build.

So where do you see Red Hat building, and where do you see it partnering?

We look at potential acquisition every time we’re going to build something. We partner in areas that we feel are farther up in the application space. How you plug the legacy management infrastructure into a virtualized environment, that’s an area where we’ve partnered. We feel, for example, that we have to invest in a new management platform for a virtualized environment, but that will become a platform that the Tivolis and others will sit on.

Speaking of moving up the stack,  where is Red Hat going in application servers? Are you content to let JBoss and, possibly, IBM dominate the open source application server market?

We’re trying to figure out what the application server environment of the future will be. One of the things that’s becoming interesting is what’s happening around PHP [Hypertext Preprocessor], for example. PHP is emerging as an all-new application environment that’s becoming very robust very quickly.
 
SuSE Linux now has ID management, network management, collaboration and other pieces integrated into its platform, thanks to its acquisition by Novell. Are you moving in that direction with your version of Linux, aside from what you’re doing in partnership with the Open-Xchange collaboration and integration project?

We collaborate any time we feel that it’s a product that needs to be on the platform. So while we were comfortable partnering with Netscape and AOL in the past, we acquired Netscape and its directory and security products when we realized that we needed to integrate [that technology] much deeper into the operating system.
 
Where else are you going to need deeper integration?

Virtualization is the biggest, the most obvious. We’re absolutely integrating virtualization into the operating system. With the legacy virtualization products, the operating system has no awareness that they’re sitting on top of them. By integrating virtualization inside the operating system, where the operating system knows it’s being virtualized, you can build a much more robust solution. That’s similar to what we’re doing with security and SE Linux. We’re doing that around directory and certificate management. And we’re doing that around a new project called Stateless Linux.

What’s Stateless Linux?

It’s an architectural concept whereby servers and desktops have no state on the system. So it forces an environment of operational scalability where you’re managing clients and servers by managing the data for those systems that are living on the network. The benefit is not just management scale, but as systems come and go, servers can fail, and it becomes a non-event. A new server can take over the persona of a failed server in seconds because the server’s state is on the network. It’s the same thing with clients. It dovetails well with virtualization.

How does all this have an impact on what you’re doing with Red Hat Directory Server?

It’s huge. The reason for the acquisition of Netscape was to enable this capability. The directory server all of a sudden becomes where you store state.

What needs to be enhanced in the Red Hat products that are out there now?

We’re looking at the entire operating system to make it work in a stateless world, where some systems may not even have any disks on them. It really goes pretty deep inside the operating system: How the operating system bootstraps itself, where it stores all of its configuration data, things like that.

Your latest release included SE Linux. How is that being enhanced?

The next phase is around ease of manageability. It can determine what a policy needs to be for an application and harden that policy based on knowledge. That knowledge and management allows us to get to the next level — what’s known as LSPP [Labeled Security Protection Profile], a new protection profile for the government that allows us to replace the old, legacy, multilevel security environment.

One customer told me that it’s difficult to meet the SAS-70 auditing requirements, because Red Hat releases security updates and general patches together. Is your company addressing this?

It’s true that when quarterly updates come out, security is done only for that update. So customers have to move to that update with us if they want to stay secure. What we’re looking at now – and this wasn’t necessitated until recently, now that we have over 1 million subscriptions out and 36,000 new customers in each of the last two quarters – is offering longer support for back releases. So some customers could stay on an old update release an still get the security patches.