IBM Internet Security Systems



In The Boardroom With...

Mr. Michael D. Day
IBM Distinguished Engineer
Virtualization and Linux

Mike Day is an IBM Distinguished Engineer and is the Virtualization Architect for IBM's Open Systems Group. Mike has developed network operating systems, internet protocols, systems management software and hardware, security protocols, and virtualization software. Mike lead IBM's entry into open-source hypervisor development with the Xen hypervisor, and now directs IBM's development focus on the KVM hypervisor, sometimes contributing upstream to Qemu. Thank you for joining us today, Mike.  Before discussing your upcoming presentation at LINUXCON NORTH AMERICA please tell us about your background. 
Mike Day: I've been directing IBM's efforts in Linux virtualization for nine years, starting with the Xen hypervisor and continuing with KVM. I started a small team in IBM's Linux technology center to work on KVM in 2007, which grew to around 70 engineers at its high point. Earlier in my career I worked on systems management technologies, network operating systems, networking protocols, and more. May we have an overview of the key highlights you’ll be discussing regarding cloud operating systems for servers at LINUXCON NORTH AMERICA

Mike Day:  We are seeing the emergence of a new type of operating systems designed to run on the cloud platform. There are competing ideals of the cloud platform and of the Cloud Operating system but the goals are usually to achieve greater economies of scale by exploiting virtualization and automation. The strategies are the same: reduce overhead and increase the ratio of performance to price, even if the tactics are different, such as containers versus hypervisors. 

I will briefly discuss the fundamental cloud platforms, which are based upon containers and virtual machines, and how they contribute to automation and economies of scale. I'll then take a look at a couple of exemplary cloud operating systems: CoreOS with Docker, which is a variation of Linux and exploits container technology; versus OSv, which is a completely new single-process operating system designed to run over a hypervisor. I'll look at how each approach achieves gains in the price/performance ratio. 

I am planning on having some relative performance, density, and cost data, showing how Cloud Operating Systems really are a new development and why they are here to stay. Are increasing performance and reducing overhead two of the main goals? 
Mike Day:  These are the primary goals, because price and performance are the most powerful cost levers. Smaller kernels provide greater density at runtime, for example. Higher performance in the kernel allows you to perform the same work with fewer platforms.  But you also have advantages in automation and maintenance with Cloud Operating systems. Smaller code bases are easier to deploy and update, for example.  What is your perspective Mike on the application of TPM (trusted platform module) in cloud computing to prevent root kits.

Mike Day: None of the security issues associated with networked computing have gone away with Cloud Operating Systems. In many ways we are more vulnerable than ever to breaches being escalated. The Trusted Platform Module is a partial solution which can validate the boot chain of a compute node. (Verify the platform has come up without a root kit). The TPM is well supported by Linux and by the KVM hypervisor, but not widely used, although it should be. Can we discus IoT and security for a moment…we all know the benefits of IoT…in seconds with our mobile devices we can pay a bill, send a gift, make a dinner reservation, and in growing numbers, control the HVAC and security systems in our home. But, are we also more vulnerable to the bad guys out there?  Your thoughts, Mike?

Mike Day: As bad as the security issues are with data center computing, they are much worse with the IoT right now, primarily because that set of products has evolved in a disconnected state and has not been exposed to attack in the same way our data processing infrastructure has been for decades.