10 New Side Projects For Larry Ellison

Apcera, a company founded by former chief architect of Cloud Foundry, Derek Collison, came out of stealth mode on Monday to announce its first product, Continuum. And on the same day, a majority share of the company was bought up by Ericsson for an undisclosed amount.

That may be because Apcera's Continuum represents a new category of product, a policy platform to impose controls on new applications as they get deployed for scalable operations. In an interview, Collison said the development environments produced by platform-as-a-service adherents are working fine but as a result, "the table stakes have been going up."

There's still a manually-intensive phase of applying the right networking, security, compliance, and priority-of-response policies to a new application as it' being handed off for deployment. As the speed of development goes up, the speed of policy imposition remains the same. The predecessor technologies designed to build applications faster, "including the ones that I helped design and build, don't address this gap. And it's getting wider," he said.

Collison was CTO of cloud services for VMware, prior to the Pivotal spin out from that firm. Then he continued to lead the development of Cloud Foundry at Pivotal and serve as its chief architect. There are few PaaS success stories afoot these days; Cloud Foundry is one of them.

[Learn more about how Linux containers are impacting virtualization. Read What Docker Means For VMware, Cloud.]

Ericsson, in announcing its majority stake, called it "the most significant investment to date in deploying the next generation of PaaS technology." Apcera is a startup with a known quantity in Collison as its founder and CEO. Its first product, Continuum, is meant to add another step to the workflow that picks up where PaaS like Cloud Foundry, Apprenda, or OpenShift leaves off.

Platform as a service as the front end of that process is a fluid, if not volcanic, technical field these days. PaaS supplier AppFog with limited success as an independent company was absorbed into CenturyLink in June. DotCloud switched its emphasis from PaaS to its Docker container product, the field where it was meeting with its most success; it now calls itself Docker.

CloudBees, another PaaS supplier, has discontinued its own RUN@cloud public cloud deployment platform and is now partnering with Pivotal. Cloud Foundry, the most widely-backed open source PaaS project, is playing catchup and saying "me too" on Docker Linux containers. Red Hat is all caught up on Docker but hoping to find wider backing for its OpenShift PaaS.

Anyone who says they know exactly where PaaS is going is either a fool or heavily invested in PaaS -- or possibly both. But Collison is confident he sees the next step beyond PaaS' focus on application development.

"Docker signals a macro trend," he said, the packaging up of the application for ease of deployment. It too is solving part of the problem, and Continuum can work with Docker but doesn't require the application to come to it in a Linux container.

Continuum is a policy engine that views each application sent to it as a job or workload requiring policies. The plumbing in the platform make the assignment of policies much easier through a graphical management console. Policies may dictate what it is connected to and how it will be provisioned with networking, CPU, and storage. Policy will govern how its users are identified and authorized to use its services. And policies will guide how it is connected to other services.

Other policies may dictate how it copes with failover, server logging and app diagnostics, or how it monitors its own health and performance.

"A lot of times, shoulders shrug when it comes to discussing how an application will be protected by security. It has to be there on day one. If it's not based on policy at the core of the app, you end up with your name in the newspapers," Collison said.

The policy platform monitors application operation after deployment and knows immediately if an app is violating originally assigned policies while it's running. Continuum "marries policy evaluation with enforcement," he said, without planting any Apcera code on the application or database server that it may be using.

"If someone deletes a customer record, Continuum can tell you where that is happening" and impose a "no delete" command on the customer database within 50 milliseconds, Collison said. The command would be in effect for only the application that was used to delete the record; others would still be able to access the database, he says.

Continuum is able to track and monitor any application that it assigns policies to through its built in monitoring out of the box. It can also be connected to systems management monitoring.

Continuum is written in Go and can assist in the discovery, connection, and connecting of both internal and external workloads. It can also assist with load balancing between internal and external servers.

Apcera was founded in San Francisco by Collison in 2012, with backing from True Ventures, Kleiner Perkins Caufield & Byers, Rakuten Venture Capital, Andreessen Horowitz, and Data Collective. The proceeds from the Ericsson majority stake will be used to fund operations, expand the sales channel, and support growth, Collison said.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)