Walmart recently made news by making its OneOps cloud application lifecycle management tool open source. This follows Walmart's policy of making tools open source that started with hapi and Mudp8. OneOps was founded in 2011 and acquired by Walmart in 2013. Walmart manages applications such as the Walmart.com site and Sam's Club through this tool.
The benefits of OneOps
OneOps' objective is to take control of an organization's cloud deployment, allowing both ease of use and the ability to move to another provider without being locked into the existing provider's infrastructure and APIs. This can be a major problem for organizations since it can be very difficult to move an entire infrastructure over to Microsoft Azure once it is established in Amazon AWS, for example. The ability to migrate more easily from one cloud provider to another allows organizations to take advantage of better pricing, technology or integration with other systems. OneOps pitches itself as a lifecycle management tool, scaling the cloud environment to what is required, and also automatically detecting and repairing errors as they occur. These features can save the organization money by not over-allocating cloud resources, and not requiring as much intervention from the IT department for repair work.
OneOps is a flexible cloud application lifecycle management tool mainly because it is designed to be deployed in the cloud, and supports the major infrastructure as a service (IaaS) providers such as AWS, Azure and Rackspace, as well as some other smaller providers. It also integrates with key third parties that provide solutions that are often deployed in the cloud, such as Docker, Node.js and ElasticSearch. Additionally, OneOps can integrate with identity management systems and content management systems. It allows development teams to effectively manage the level of cloud computing they require by auto scaling the size of the cluster to reflect how much computing power is required.
Why it matters for organizations
Cloud application lifecycle management is becoming an increasingly important aspect of software development, and coincides with the DevOps philosophy of integrating development and IT operations to provide increased development and business agility. From a security perspective, DevOps should include the cybersecurity team as early in the lifecycle as possible in order to ensure that cybersecurity is not seen as something that slows down the development process.
As organizations move an increasing number of systems into the cloud, managing that infrastructure is paramount. It is essential that organizations do not lose control over their infrastructure and data when it moves into the cloud; OneOps can help bring a level of control over that infrastructure at a time when it feels, to IT departments, as if they are losing control.
The downside to cloud application lifecycle management tools
OneOps and cloud application lifecycle management tools are not necessarily required for organizations. A good cloud implementation can be quite portable by using containers, for example. The best way to know if it's important for your organization is to give OneOps a try and see how it works -- it can be quickly deployed as an Amazon AWS AMI, or as a Vagrant image that can be loaded in Virtual Box. Attempting to deploy OneOps can create issues of its own though; as with much open source software, it's not particularly user-friendly and is prone to bugs.
Overall, OneOps may help prevent cloud vendor lock-in and provide greater visibility and control over cloud services, but it is certainly not a silver bullet solution and it may not even be required for an organization if it already has established cloud deployment strategies in place.
Find out how a lack of secure APIs can create IaaS risks for organizations
Learn how to detect cloud vendor lock-in
Check out this Buyer's guide to application lifecycle management tools
Dig Deeper on Cloud Computing Infrastructure as a Service (IaaS) Security
Related Q&A from Rob Shapland
A brute force login attack can enable an attacker to log in to an application and steal data. Rob Shapland explains how to prevent brute force ... Continue Reading
Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Continue Reading
Forced browsing is when an attacker discovers the URL of a restricted webpage. Expert Rob Shapland explains how to halt this browser attack method. Continue Reading