Apcera emerges from the shadows to put policy into IT

Secretive startup Apcera, founded by Cloud Foundry luminary Derek Collison, has been a cipher since it’s founding in March 2012. That’s starting to change with Friday’s launch of the company’s website and descriptor of its Continuum product. Collison also sent a note to reporters explaining the problem Apcera wants to solve. Which is a doozy, by the way.

The company describes Continuum as an IT platform that “blends the delivery models of IaaS, PaaS, and SaaS” but overlays (underlays?) them all with technology that handles policy. PaaS is great for developers, according to the blog post, but it’s not enough to deliver applications for grown-up companies that must deal not just with technology but with with compliance and regulatory rules and regs.

To me it sounds like PaaS plus policy but Collison said that is not the case. “We are definitely not PaaS++, PaaS is a feature set of a larger platform, it will not survive as a stand alone technology. The reason is that the level of abstractions needed vary depending on what user/role within the organization is utilizing the platform. We are providing a single, secure, trusted hybrid platform,” he said via email.

It will compete with in-house, do-it-yourself development on premises, he noted. “Beyond that we have seen IaaS++, so vSphere or OpenStack plus some scripting and automation like Puppet or Chef. Off premise we compete against the IaaS providers and we do compete against CF and OpenShift, etc.”
Gulp. That’s a pretty big field.

Apcera’s target audience is big companies –the Global 1000 — although Collison thinks it will also get a look from smaller organizations that are struggling with devops and “network-perimeter-based security models.”

According to the [company]Apcera[/company] post:

“What PaaS doesn’t do is address critical enterprise needs such as governance, policy, compliance, authentication, identity, security, auditing, etc. The more we see people using PaaS, the more we understand its limitations. There has never been a single, fully enterprise-grade platform that makes all delivery models work together in compliance while accelerating both Dev and Ops. Up until now, it wasn’t clear how that could happen.”

The importance of integrated policy

Apcera, according to the post, will address policy at a low level and giving it the attention it deserves. PaaSes defer to developers, not the rest of the organization, is Apcera’s take. “When we make policy a first-class citizen, it becomes an enabler and the platform works for and is as exciting for IT dmins, policymakers and compliance managers as it already is for developers.”

According to Apcera:

“We address policy on a low level—not as it comes up—and give it the attention we give to something we really care about (Dev, for example). When we make policy a first-class citizen, it becomes an enabler and the platform works for and is as exciting for IT admins, policy makers, and compliance managers as it already is for developers.

Say this for Apcera — it’s nothing if not ambitious. Having come just returned from AWS re:Invent and covering Pivotal’s commercial Cloud Foundry launch, it’s clear that there is still a vast gulf between new web-first application design and the thousands of legacy applications — ERP and other financial applications etc. — still running most businesses. It sounds like Apcera hopes to loop all those shiny new web apps and boring-but-extremely-useful legacy applications together.

In his note, Collison said Continuum uses lightweight virtualization to encapsulate workloads and acknowledged that some might see it as analogous to Docker. That’s because everything — be it the operating system, the legacy or web or mobile app– is “just a job” to Continuum.

While the initial product uses Linux containers, more options may be added.

Proprietary core IP, open-sourced around the edges

Another interesting point about Continuum: Unlike Cloud Foundry its core will not be open source although select users will be able to license the code. The reason tracks back to fear of forking.

In his note, Collison explained that decision:

“… if a system is open source, but is not purposely built to be programmable, extensible, and composeable from the inside out, different members of the ecosystem will drive the platform in different ways, leading to an implicit forking problem, where your version has diverged quickly from the lead member, and presents ever-increasing costs to merging back to the main branch. This can be seen in many popular IaaS and PaaS solutions on the market today that are driving ecosystem engagement primarily through open source.”

Having said that, there will be some components — that are not core IP — including Continuum’s high-performance NATS server and client (both written in Go language) that will be open sourced. NATs is a messaging system Collison built that is still used by Cloud Foundry.

Apcera schematic

So here we have yet another wrinkle in the whole Iaas vs. PaaS or Iaas plus PaaS discussion. Given Collison’s past work, I’d expect Appcera to get a look as companies sort out how to move their IT into the next generation.