SD Times 315

SDT315 Cover Tip_Layout 1 6/8/15 2:13 PM Page 1
A BZ Media Publication
NO.
$9.95
www.sdtimes.com
SEPTEMBER
2014
ISSUE
305
JULY
2015 ISSUE
315 NO.
$9.95
www.sdtimes.com
SDT315 Cover Tip_Layout 1 6/8/15 2:06 PM Page 2
SDT315 cover_Layout 1 6/19/15 2:40 PM Page 1
A BZ Media Publication
Google goes end-to-end with

the Internet of Things
Navigating
through
open source
JULY 2015 ISSUE NO. 315 $9.95 www.sdtimes.com
SDT315 Full Page Ads_Layout 1 6/18/15 2:30 PM Page 2
Clean Data
Made Easy
One of the most important steps to ensuring business success is to keep your
database clean. We have easy-to-integrate data quality tools to do just that.
Verify Global Contacts

Standardize, verify and update name,
address, phone and email info for over
240+ countries.
Enrich Your Data

Add geographic, demographic, IP location,
and property/mortgage data for better
insights and business decisions.
Get the Dupes Out

Detect and merge duplicate or similar
records to create a single view of the
customer.
Clean it Your Way

Pick only the tools you need: Cloud or
on-premise APIs; Microsoft, Oracle,
Pentaho, Salesforce and more!
Free Trials Available!
www.MelissaData.com/easy
Germany
www.MelissaData.de
India
www.MelissaData.in
United Kingdom
www.MelissaData.co.uk
Australia
www.MelissaData.com.au
www.MelissaData.com
1-800-MELISSA
Clustered
ered Bar
B Chart
Ba
(with dual y axes,

es, scale sections
se
and image filter effects)
Large Surface Chart

hart
h
Negative Volume Index (NVI)

NVI)
(terrain surface data with millions off data points)
(3 volume indicators)
Layered Graph Layout
Cylindrical Equal-Area
ea
Orthographic Projection
(network diagram)
Europe Population
Polar Chart
(with reflective value axis)
Financial Chart
(with detailed, 3 level axes)
Round Gauge
(with embeded numeric display)
NumericalOrthogonal
Gauge
Graph Layout
(displays state of 3 different items)
Business Organization Diagram

m
Barycenter Graph Layout

(force directed layout)
SDT315 page 5_Layout 1 6/19/15 2:47 PM Page 5
Contents
ISSUE 315 JULY 2015
FROM THE EDITORS

10
SD Times on the Web
13
SOA lives in microservices and containers
13
When did open-source software get so scary?
FEATURES
Docker and the
coolification
of containers
NEWS
14
Google I/O 2015 focuses on Internet of Things

platform
15
Facebook goes with React Native for

mobile development
16
Inside the redesigned Ansible 2.0
18
MongoDB creates BI connector, new tools

to cross SQL-NoSQL chasm
18
DJI unveils development platform for drones
19
Oculus intros consumer headset
19
Couchbase Server 4.0 gets N1QL
22
Are brainwaves the replacement to passwords?
23
MapR 5.0 enables Hadoop in real time
25
Researchers can count on WiFi
27
dtSearch adds support for encrypted PDFs
page 28
ALM techniques can help keep

your apps in play
page 37
COLUMNS
57
GUEST VIEW by Grayson Yeargin

Encryption export controls explained
58
CODE WATCH by Larry OBrien

What made Java win?
61
ANALYST VIEW by John R. Rymer

Your digital business cornerstone
62
INDUSTRY WATCH by David Rubinstein

Apps are the key to BPM
Navigating through an open-source world
page 51
Software Development Times (ISSN 1528-1965) is published 12 times per year by BZ Media LLC, 225 Broadhollow Road, Suite 211, Melville, NY 11747. Periodicals postage paid at Huntington Station, NY, and
additional offices. SD Times is a registered trademark of BZ Media LLC. All contents 2015 BZ Media LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in
Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 225 Broadhollow Road, Suite 211, Melville, NY 11747. SD Times subscriber services may be reached at subscriptions@bzmedia.com.
SDT315 page 6,7_Layout 1 6/18/15 1:41 PM Page 6
The Drones are coming...
InterDrone is Three Awesome Conferences:
For Builders
For Flyers and Buyers
More than 35 classes,

tutorials and panels for
hardware and embedded
engineers, designers and
software developers building
commercial drones and the
software that controls them.
More than 35 tutorials and

classes on drone operations,
flying tips and tricks, range,
navigation, payloads, stability,
avoiding crashes, power,
environmental considerations,
which drone is for you, and more!
A BZ Media Event
For Business Owners,

Entrepreneurs & Dealers
Classes will focus on running a drone
business, the latest FAA requirements
and restrictions, supporting and
educating drone buyers, marketing
drone services, and where the next
hot opportunities are likely to be!
Register Today!
Meet with 80+ exhibitors!
Demos! Panels! Keynotes!
The Zipline!
September 9-10-11, 2015
Rio, Las Vegas
www.InterDrone.com
Instantly Search
Terabytes of Text
Using dtSearchs own document
filters, supports popular file types,
emails with multilevel nested
attachments, databases, other
static and dynamic web data
Highlights hits in all data types;
25+ search options
EDITORIAL
EDITOR-IN-CHIEF David Rubinstein
631-421-4158 x105 drubinstein@bzmedia.com
SENIOR EDITOR Alex Handy ahandy@bzmedia.com
COPY EDITOR Adam LoBelia alobelia@bzmedia.com
SENIOR ART DIRECTOR Mara Leonardi mleonardi@bzmedia.com
SOCIAL MEDIA AND Rob Marvin rmarvin@bzmedia.com
ONLINE EDITORS
Christina Mulligan cmulligan@bzmedia.com
COLUMNIST Larry OBrien
CONTRIBUTING WRITERS Alyson Behr, Patrick Hynds, G. Arnold Koch,
Lisa Morgan, Alexandra Weber Morales
CONTRIBUTING ANALYSTS Rob Enderle, Michael Facemire, Mike Gilpin,
Mike Gualtieri, Jeffrey Hammond, Al Hilwa
CUSTOMER SERVICE
SUBSCRIPTIONS subscriptions@bzmedia.com
The dtSearch product line includes

both enterprise and developer
products, including SDKs for
multiple platforms; APIs for .NET,
Java, C++, SQL, etc.
ADVERTISING TRAFFIC Mara Leonardi

631-421-4158 x109 mleonardi@bzmedia.com
adbox@bzmedia.com
LIST SERVICES Shauna Koehler
631-421-4158 x112 skoehler@bzmedia.com
REPRINTS Stacy Burris
631-421-4158 x108 sburris@bzmedia.com
ACCOUNTING Viena Ludewig
631-421-4158 x110 vludewig@bzmedia.com
OTHER QUESTIONS 631-421-4158 info@bzmedia.com
ADVERTISING SALES
The Smart Choice for Text

Retrieval since 1991
PUBLISHER David Lyman

978-465-2351 dlyman@bzmedia.com
WESTERN U.S., WESTERN CANADA, EASTERN ASIA, AUSTRALIA, INDIA
Paula F. Miller
925-831-3803 pmiller@bzmedia.com
EASTERN U.S., EASTERN CANADA, EUROPE, MIDDLE EAST, WESTERN ASIA
Jonathan Sawyer
603-924-4489 jsawyer@bzmedia.com
Visit www.dtSearch.com for

KXQGUHGVRIUHYLHZVDQG
FDVHVWXGLHV
IXOO\IXQFWLRQDOHYDOXDWLRQV
www.dtSearch.com 1-800-IT-FINDS
PUBLISHING DIRECTOR Ted Bahr

631-421-4158 x101 ted@bzmedia.com
PRESIDENT
FOUNDING EDITOR
Ted Bahr
Alan Zeichick
BZ MEDIA LLC
225 Broadhollow Road, Suite 211
Melville, NY 11747
TEL 631-421-4158
FAX 631-421-4130
www.bzmedia.com
info@bzmedia.com
* Build Tomorrow
Award Winning Modeling & Design Tools

*New Version 12
Collaborative modeling & design environment

$QDO\]HGHVLJQ EXLOGZLWKH[FHSWLRQDOTXDOLW\ HIFLHQF\
UML based core, plus many standards based extensions
BPMN, SysML, SoaML, BPEL & many others
Integrated coding, debugging & visualization tools
Performance, price & precision
Full lifecycle support with end-to-end traceability
Sparx Systems
Join the community: www.community.sparxsystems.com
www.sparxsystems.com
| UML | BPMN | DDS | BPEL | SysML | TOGAF | C++ | .NET | Java | ASP | PHP | Delphi | SoaML | SOMF | XML | XSD | XMI | WSDL | SPEM | *More
SD Times
July 2015
www.sdtimes.com
More than one way into the

market
How do you see yourself? How do you see others in your

organization? This comic infographic kind of puts these relationships
into an admittedly humorous perspective.
MongoDB has done well despite using an open-source business model. MongoDBs Kelly Stirman explained how other
companies can replicate that: The only way to move the
needle is with an open-source strategy. First, get massive
adoption. Then, figure out how to monetize it. If youre
trying to find a way to break into the market on your own,
you can read more at tinyurl.com/opensourcemarkets.
Students learn
programming by doing
Make School is an educational startup, one focused on
training coders of tomorrow by getting them into the
game early. Its philosophy is neatly summed up by its
cocreator, Yasu Desai: All you need to get employed is to
know how to build things. Nothing else really matters.
Thus, enrollees at Make School not only get hands-on
experience building their own apps, they also learn from
those actively working in Silicon Valley. Rob Marvins
detailed look at it is available at tinyurl.com/makeschool.
Manu Cornet (www.bonkersworld.net)
10
Whos got your back?

It can be hard to tell who (or what) you can trust
when youre on the Web. But instead of guessing
and hoping that this service or that
app wont compromise your data, the
Electronic Frontier Foundation has
come up with a handy survey to tell you
who the most secure companies are with your data.
The companies who scored the highest were Adobe,
Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia,
WordPress.com and Yahoo, reports Christina
Mulligan. You can see how the EFF came up with
those criteria at tinyurl.com/effreport.
Why Oculus picked Microsoft

Oculus and Microsoft are teaming up for Oculus platform. Why?
The main reason was Windows 10, the companys latest operating
system coming in July, CNET reported, says Christina Mulligan.
You can read more details about this partnership at
tinyurl.com/oculusmicrosoft.
Another Microsoft shuffle

Satya Nadella recently announced that his company is
undergoing another top-level reorganization. Stephen Elop,
Kirill Tatarinov, Eric Rudder and Mark
Penn are leaving in the midst of the
changes. To align with those goals, the
engineering efforts will be spilt up into
a Windows and Devices group, a Cloud
and Enterprise group, and an Applications and Services group, reports
Christina Mulligan. You can read more details about the
reorganization at tinyurl.com/msshuffle.
SD Times wants
to hear from you.
Join us on LinkedIn
and Facebook.
DOMAINS | MAIL | HOSTING | eCOMMERCE | SERVERS
1&1 DEDICATED
SERVER
BUSINESS LINE
Trust is important when it comes to choosing the right server provider. With 13 years of
server experience and 6,000 employees in 11 countries, 1&1 is one of the largest Internet
service providers in the world and a company you can rely on. Benet from our expertise
and the maximum security offered by our high-tech data centers.
Dedicated Server Business Line X8i and X10i,

built on Dell PowerEdge R630 hardware
Q
Latest Intel Xeon processors E5-2600 V3

(from 8 cores HT/2.3 GHz) and
from 64 GB DDR4 RAM
CHECK OUT ALL OUR
High-tech data centers
DEDICATED SERVER OFFERS AT
Best in Class Cisco-based IP rewall
1and1.com
Maximum availability
From 4 TB HDD, Hardware RAID 6
24/7 Customer Support
1 Gbit/s connection with unlimited trafc
Maximum security due to redundant

components
Also available as a 1&1 Managed Server

with OS managed by our experts
Optional 240 GB Intel SSD hard drive

with RAID 1
LIMITED TIME OFFER: Additional SSD

for free*
Broad range of Linux and Windows

operating systems
The complete 1&1 server range: Great

entry-level web servers from $39.99 per
month, to high-end servers with the
highest capabilities.
TRIAL
TRY FOR
30 DAYS
MONTH
FLEXIBLE PAYMENT
OPTIONS
CALL
SPEAK WITH AN
EXPERT 24/7
1 (877) 461-2631
*SSD offer and promotional pricing applies to the initial minimum contract term only and will renew at the regular rates. Visit www.1and1.com for full offer details, terms
and conditions. Dell, the Dell logo, the Dell badge and PowerEdge are trademarks of Dell Inc. Intel, the Intel Logo, Intel Inside, the Intel Inside logo, Intel. Experience Whats
Inside are trademarks of Intel Corporation in the U.S. and/or other countries. 1&1 and the 1&1 logo are trademarks of 1&1 Internet, all other trademarks are property of their
respective owners. 2015 1&1 Internet. All rights reserved.
1and1.com
www.sdtimes.com
July 2015
SD Times
FROM THE EDITORS
SOA lives in microservices and containers

R
emember that famous headline
from a few years back: SOA is
Dead! Well, reports of SOAs death
have been greatly exaggerated.
SOAthe term that defined service-oriented architectureis alive and
well today as the underpinning for
microservices and containers.
Together, microservices and containers comprise the final piece of a mechanism that ties Agile development, Continuous Delivery and DevOps together
in completing the transformation of how
we create software today. Those lengthy,
monolithic codebases SOA initially
sought to whittle down and streamline
now exist as these snippets of functionality, plugged in or swapped out as needed
as microservices, or ported easily to other
platforms through containers.
As representatives from both HP
and JetBrains alluded to in this months
Buyers Guide, microservices are in
some ways the ultimate dream of SOA
realized, combining that laser-focused

modular functionality with containers
to create a new deployment model
within applications.
In an interview on ALM, Forrester
analyst Kurt Bittner touched on how, in
a modern software development culture accelerated by Continuous Delivery with more flexibly defined roles
driven by the Agile and DevOps movements, containers and microservices
are applicable to everything.
At the same time that applications are
becoming composite networks of
microservices, Docker is changing the
way developers architect, build, test and
deploy those applications. As Alexandra
Weber Morales put it in this months feature, Docker has made containers cool.
Docker has revitalized DevOps with
image management and deployment
built around a vibrant developer community. At the same time, its allowed containersa concept within service-orient-
ed architecture thats been around for 15

yearsto eat up software development
in tandem with microservices, or what
ActiveStates Brent Smithurst referred to
in the feature as SOA for hipsters.
Containers and microservices have
facilitated a monumental technological
shift toward more Agile software development, but still more needs to be built
out. As Docker takes on challengers
like CoreOS and Joyent for the enterprise Linux container market, big players like Amazon and Microsoft are veering their own container efforts in other
directions.
Docker needs more robust integrations, better security, and for its ecosystem to work toward the goal of a common standard. Application containers
and microservices may represent the
final pieces of a puzzle SOAs been trying to solve for decades. Now we need
an industry-wide standard to put them
all together. z
When did open-source software get so scary?
n the beginning, open-source software was meant as a way for developers to scratch each others back. If you
created a functionality, you released it
into open source so that some other
developer didnt have to start from
scratch.
In the 1960s and early 1970s, No one
thought about rights to the software, let
alone business practices; the software
was a giveaway needed to sell the actual
article of commercethe expensive
hardware, wrote Donald K. Rosenberg,
a veteran in the software industry and a
respected open source authority, in his
book Open Source: The Unauthorized
White Papers. They believed that the
quest for material possessions was corrupting the world, and that life would be
better if lived more simply, particularly if
everyone cooperated and shared freely
what they had.

But that foundation upon which open
source was built has taken a turn. Today,
open-source software comes with strings
attached. Each open-source project has
a license that can restrict users from
being able to freely use it, or that can
back companies in a corner to release
their own intellectual property into the
open-source world. And then you have
the open-source compliance companies
whispering in your ear to use their tool,
arguing that if you dont use these tools
to gain an understanding of what you
have in your codebase, you risk potential
legal issues. Since open source is built on
other open source, its difficult to even
detect where all the code in your repository came from without help.
When did the use of open-source
software become such a worrisome
thought? Big names such as VMware,

Oracle, Microsoft and Cisco, to name
but a few, have been caught infringing
on open-source software licenses.
Of course, you have the developers
who still willingly give away their software and say Hey, if you use this, buy
me a beer. But the most popular of
open-source licenses contain strict terms
and conditions filled with legal caveats
that the average person wouldnt be able
to understand. Lawyers have become
part of the development team.
Bruce Perens, the definer of open
source, said it best when he wrote: Most
hackers know that Free Software and
Open Source are just two words for the
same thing. Unfortunately, though, Open
Source has de-emphasized the importance of the freedoms involved in Free
Software. z
13
SDT315 page 14-15_Layout 1 6/18/15 12:12 PM Page 14
14
SD Times
July 2015
www.sdtimes.com
Google I/O 2015 focuses on

Internet of Things platform
Android Studio 1.3, Polymer 1.0 and more also on display
BY ROB MARVIN
Google announced its end-to-end Internet of Things platform and demonstrated a developer preview of Android M
during the keynote of the Google I/O
developer conference in May.
The company also debuted new features and updates to platforms and
developer tools like Android Studio,
Polymer, Android Wear and the Google
services such as toolbars, menus,

Google Maps and mobile checkout
integration into an existing app workflow within the library.
The keynote also touched on new
application testing offerings, including
the release of Cloud Test Lab. Built on
its acquisition of mobile app testing
platform Appurify, the lab automatically runs tests on an application across the
Googles Sundar Pichai explains how Nest helped it create its IoT platform, Project Brillo.
Play developer console.

In terms of developer tools and
IDEs, Google announced the release of
Android Studio 1.3 on the Canary
developer channel.
Android Studio 1.3 features faster
Gradle build speeds and a new memory
profiler, along with full editing and
debugging support for C++. Developers
now have access to C++ error correction, code completion and debugging
from within the same code editor where
an Android apps Java code is running.
Google also announced a production-ready version 1.0 of Polymer,
Googles open-source application
development library built on the interoperable Web Components platform.
Polymer 1.0 adds new Polymer Elements to drop common features and
Top 20 Android devices worldwide,

providing developers with test reports,
screen videos and crash logs.
Cloud Test Lab will be available in the
Google Play developer console in the
near future, according to the company.
Googles end-to-end IoT push

Sundar Pichai, Googles senior vice
president of Android and Chrome,
introduced Googles new end-to-end
solution for the Internet of Things, consisting of an underlying IoT operating
system codenamed Project Brillo, an
open device-to-device connected communication protocol called Weave, and
IoT-focused user experience integrations built into Android smartphones
running Android M.
Pichai explained that Google has
worked with the Nest teamacquired

in January 2014 for US$3.2 billionto
create each facet of its IoT platform.
Project Brillo, Googles IoT OS, is
derived from Android with minimal
system requirements for simpler connected hardware and home appliances,
but it is still offering features such as
WiFi and Bluetooth support as well as
existing Android security and encryption features scaled for IoT devices.
Googles IoT platform is connected
via Weave, a communications layer that
allows a Weave OS physical device, an
Android smartphone and Googles
cloud server to talk to one another.
Weave is what Pichai referred to as a
shared understanding, a common language built into every Android and Brillo device. The open IoT communication
layer exposes cross-platform APIs, offering standardized schemas (or IoT communication patterns), along with giving
developers the ability to submit custom
Weave schemas. Google and Nest will
also offer a Weave certification platform
to integrate Weave into an existing development stack as well as cross-platform
availability on Android M devices.
Android M will include new user
interface functionality for Project Brillo
and Weave, enabling users to search
for, recognize, connect and control IoT
devices much the same way as connecting to a WiFi network.
A developer preview of Project Brillo
will be available in the third quarter of
2015. Open documentation for Weave
will be available throughout the year, and
Google aims to deliver the full Weave
stack by the fourth quarter of 2015.
Android M developer preview

The I/O keynote also offered a preview
of many of the new mobile features and
capabilities in the upcoming release of
Android M. Dave Burke, Googles vice
www.sdtimes.com
president of engineering for Android,

introduced and demonstrated more
than half a dozen Android M features:
App permissions: Simplified app
permissions down to specific device
features (such as location, camera or
microphone) to give users a more transparent choice over how apps are using
their data. Apps will also now ask permission the first time a user tries a new
feature rather than during installation
for faster updates.
Chrome Custom Tabs: Improved
mobile Web browsing experience, with
updated traditional WebViews functionality with Chrome Custom Tabs
running on top of an app. The tabs give
developers and users access to expanded Chrome browsing capabilities such
as password management, translation
and security, while maintaining the look
and feel of the app itself.
App Links: Improved deep-linking
capabilities from mobile Web browsing
to in-app content. Android M implements an enhanced intent system and
automatically verifies deep-link code
attributes in the application manifest.
Android Pay: Google provided new
information on the open payment platform, which will roll out with the launch
of Android M. It will be integrated with

debit cards, credit cards and banks. Fingerprint sensors in Android hardware
will authorize Android Pay transactions.
Power and charging: Android M
introduces a new Doze feature for managing power usage. Smartphones or
tablets use motion detection to register
inactivity and reduce background data
usage while remaining active for alerts
and notifications. A new bidirectional
USB charger built on the Type C hardware standard speeds up device charging by three to five times.
UI improvements: Users can more
easily auto-select words with a floating
toolbar for copying and pasting. Simplified volume control adds a dropdown
menu to control volume of individual
audio streams.
Now on Tap: New Google Now functionality on Android M gives users quick
answers to questions from within an
application without switching contexts.
The pilot program is designed as a way
for developers to reach and re-engage
with users once their app is indexed,
according to Google, by understanding
and responding to real-time context.
The Android M preview is available for
Nexus 5, 6, 9 and Nexus Player devices. z
Best of the rest

Android Wear: David Singleton, Googles director of Android Wear,
demonstrated new capabilities of the wearable OS such as alwayson screens optimized for glances, quick wrist gesture interactions
to command the device without tapping, and emoji recognition.
Users can now sketch emojis on a watch face, which Android Wear will recognize.
Google Photos: A new, free cross-platform photo and video storage, editing and sharing
service. It provides users unlimited content storage across all devices on Android and iOS.
Play Store: New developer capabilities in the dashboard show how many users are
looking at an app and making purchases, in addition to install data. The Play Store
console now gives a snapshot of an apps conversion funnel of where organic and paid
traffic is coming from, and new Play Store listing experiments test different graphics
and text in an apps listing.
Android Nanodegree: Google is offering a six-month course for $2 per month covering
the entire life cycle of Android development.
Google apps on iOS: To improve the developer experience for iOS, the CocoaPods
dependency manager will now be the default distribution channel for Android SDKs
for apps such as Google Maps, Google Analytics and more.
Virtual reality: Google demonstrated new capabilities of the DIY Google Cardboard VR
headset, a new Google Expeditions virtual reality technology
that provides virtual field trips from within a classroom, and a
new Jump VR platform for virtual reality video creation through
a GoPro-enabled hardware rig and a VR video editor and player.
YouTube will support Jump content this summer. z
July 2015
SD Times
Facebook goes
with React Native
for mobile
development
BY ROB MARVIN
Facebook has revealed that it will no

longer be using HTML or HTML5 in
its mobile application development
going forward. Instead, it is developing exclusively using its own opensource React Native JavaScript framework.
David Mortenson, Facebooks director of developer infrastructure, said
that the company will write apps in
React Native rather than reconsider
HTML5 development or building apps
in vanilla JavaScript, according to The
Register.
Facebook open-sourced React
Native in March during its F8 developer conference as a cross-platform native
environment for developers to build
JavaScript mobile UIs without browser
or WebView involvement.
Mortenson, whose previous experience includes director of development
for Microsofts .NET Framework, said
Facebooks internal transition from
HTML5 to React Native was a really
big shift we had to make. We decided
the phones were not yet powerful
enough to have a really awesome, firstclass experience for iOS and Android,
so we bit the bullet.
Mortenson also announced that the
company is open-sourcing Infer, a program that analyzes mobile app code
for errors before deployment to catch
common problems caused by null
pointers, resource leaks and memory
leaks. He told The Next Web that
Infer represents an open-source push
toward Android development in particular.
We havent had as much success
open-sourcing Android projects to
date, but Infer is one of the projects
that weve released this year that has a
very strong Android resonance, he
said. z
15
SD Times
July 2015
www.sdtimes.com
Inside the redesigned Ansible 2.0

BY ROB MARVIN
Ansible 2.0, the major code rewrite of

the open-source IT automation and
configuration-management platform,
was to be released in late June.
The code refactoring milestone to the
technology will implement a host of new
features and updates focusing on modularity, better object-oriented programming (OOP) and customizability. Components such as XAML parsing were
overhauled to add more classes and general-purpose OOP functionality.
At AnsibleFest NYC early last
month, Ansible CTO Tim Gerla said
Ansible has become an equalizing technology, and he talked about how the 2.0
codebase represents a mature point
where the community and contributors
can become the stewards of Ansible.
Now that weve gotten this refactoring out of the way, we dont want to
break anybodys playbooks, said Gerla.
At this point, Ansible is really stable
and mature, and the community
approachespecially in Ansibles modulesare crucial, and were working on
anything we can do to remove any kind
of funneling restrictions on those contributions going forward.
James Cammarata, Ansibles director
of core engineering, ran down the major
new features and changes in Ansible 2.0
as part of a concerted effort to ensure
100% backward compatibility with Ansible playbooks. One of the biggest new
features he mentioned was blocks.
Allowing for easier grouping of related tasks, blocks in Ansible 2.0 are a
method for catching errors during task
execution. Blocks enable try/except
handling, Cammarata said, giving
developers the ability to execute a set of
tasks regardless of whether an exception has occurred, and to execute code
cleanup at the end of a deployment.
Ansible 2.0 also rolls out a new execution strategy. Developers will be able
to combine the traditional linear strategy of waiting for a host to complete all
tasks with a new free strategy of running through task lists as fast as possible. The strategies exist as a playbook-
Photo by Rob Marvin
16
Ansibles James Cammarata spoke about its module change and refactored 2.0 codebase.
level setting and, as Cammarata

explained, act essentially as plug-ins.
Other noteworthy features in Ansible 2.0 include a dynamic Include+
action for task evaluation, a new VariableManager class to better control the
order and source of variables, and
improved error messages that show any
Ansible playbook error.
Cammarata said all these features
play into Ansibles focus on OOP to
emphasize more modularized roles.
The end goal is to make things much
easier to test with unit tests, he said
Cammarata.
Modules, API changes and beyond

Cammarata explained that while playbooks wont change, the code overhaul
did necessitate differences in internal
Ansible APIs such as Connection and
Action. Ansible is working on developing a transition class and plug-ins to
make it easier to migrate and ensure
Ansible 2.0 compatibility.
Ansible 2.0 also comes with 95 new
modules. The most significant changes
here are two new sub-modules: the
extras module will become a separate
package, while the core module will
be absorbed back into the main Ansible
GitHub repository.
Were trying to make it easier for
people to contribute code back to us,

said Cammarata.
AnsibleFest NYC also brought a
preview of the latest release of Ansible
Tower, Ansibles enterprise product
that has a UI, dashboard and REST
API for Ansible. Ansible Tower 2.2 has
push-button functionality for Ansible
deployments with standardized jobs,
access and compliance controls, audit
trailing, and security permissions.
Tower 2.2 marks the beginning of a
major effort for us to revamp the UI
and the overall user experience, said
Gerla. We want to make it as simple to
use as Ansible.
Bill Nottingham, Ansibles director
of products, demonstrated some of the
new capabilities in Ansible Tower 2.2.
The main features and capabilities
coming in Ansible Tower 2.2 include:
Inventory support for OpenStack
An easy backup and restore feature:
Ansible playbooks make it easy to do
repeatable deployments, but your data
is not always repeatable, said Nottingham. The backup and restore feature
provides that data repeatability
Ansible Galaxy integration: More
robust compatibility with the Ansible
Galaxy website, a hub for Ansible content
A more secure password policy. z
18
SD Times
July 2015
www.sdtimes.com
MongoDB creates BI connector,

new tools to cross SQL-NoSQL chasm
BY DAVID RUBINSTEIN
One of the great appeals of NoSQL databases is the flexibility of schemas. Unlike
relational databases, NoSQL schemas
have a low upfront overhead and are easy
to change over time. The disadvantage,
though, is that they cannot take advantage of SQL structures, and this makes
visualizing the data a difficult task.
MongoDB is looking to close that
gap by announcing a connector that
enables any business intelligence tool
that understands SQL to look at and
visualize data in MongoDB.
Created under a partnership with
Tableau, the connector works with Cognos, Excel and other business intelligence tools. With Excel alone, there are
hundreds of millions of installs that can
point at MongoDB and visualize data,
according to Kelly Stirman, vice president of strategy at MongoDB.
The company demonstrated how the
connector works at MongoDB World
by looking at JSON data from the Federal Aviation Administration and

attendee data to see the likelihood of
those attendees getting home on time,
with that information represented in a
rich structure, Stirman said.
The flexibility of schemas leaves
defining the data structure to developers, whereas in traditional database
shops, the database administrator would
hand the developers a schema and the
developers would write their applications to work with that data model.
Theres no governance around the
quality or integrity of data, Stirman said.
This accelerates application development, but its unnerving to not have a
central mechanism to enforce a schema.
Thus, MongoDB announced it is providing validation rules for data, so Youll
get an error if you try to import data that
does not adhere to the rules, Stirman
explained. The new tool, codenamed
Mongo Scout, points to the data to
show you what you have, he added.

Users can start a project with few or
no rules at all, and add them in later.
Scout will make it easier for DBAs to
create the right set of data rules and
validations, to make sense of the data
quickly, Stirman said. Scout, he added,
also allows a user to manage data
retroactively, taking what was entered
before rules were established and
determining what to do with it.
Finally, in the relational database
world, joins are a common way to
view data from different tables to gain
insights into customers and purchasing
history by zip code, for example. Stirman said that NoSQL databases do not
provide the ability to join databases.
MongoDB announced that it is adding
dynamic lookups so data from multiple
data sets can be viewed.
MongoDB also created a new storage
engine for encrypted data, which is considered important for large retailers. z
DJI unveils development platform for drones

BY CHRISTINA MULLIGAN
DJI is giving developers a new platform

to research and test their drone applications and technology. The company
revealed a quadcopter designed specifically for developers to take their hardware and software solutions to the sky.
The DJI Matrice 100 (M100) provides developers everything they need
to fly, without having to tune or program
the platform. Developers looking to test
out their own software can program the
platform as they deem necessary.
The M100 makes it easy to add
processors, sensors and other equipment, opening the possibilities for how
people use aerial technology across
industries, said Frank Wang, CEO and
CTO of DJI. Were excited to see how
researchers and developers will use this
platform to test how aerial technology
can be used for agriculture, inspection,
The Matrice 100 is

designed with developers in mind, and has an
object-avoidance system and sensors.
search and rescue, and several other

fields.
The M100 features multiple ports
onto which peripheral hardware can be
mounted, and can fly for 20 minutes
with a 2.2-pound payload. The platform
can also be modified with an extra battery compartment for an extra 20 minutes of flight time, but in turn diminishes the payload capacity.
In addition, DJI also unveiled a col-
lision-avoidance system for drones. The

DJI Guidance system uses a network of
sensors and cameras to identify when a
drone is within 65 feet of an object, and
will prevent drones from flying close to
them. The system can be mounted on
any robotic system with USB and
UART connection ports.
DJI has already made flight more
accessible than ever before, but with our
expanding developer suite, we are making aerial innovation open to anyone with
a creative vision, said Andy Pan, vice
president of ecosystems at DJI. Using
our high-performance aerial platforms
and easy-to-use development kits, the
possibilities for aerial technology for
researchers and developers are endless.
Both the DJI M100 and Guidance
come with SDKs to provide developers
with flight data and flight-control functions. z
www.sdtimes.com
July 2015
SD Times
Oculus readies
consumer
headset
Oculus Rift, the virtual reality headset

first announced three years ago, will
finally be making it into consumers
hands early next year. The companys
CEO Brendan Iribe introduced the consumer version of the Oculus Rift in June.
The Rift delivers on the promise of
consumer virtual reality and next-generation VR gaming, the Oculus team
wrote in a blog post.
The Rift will feature custom display
and optics technology, a tracking system, an integrated VR audio system,
and an improved headset design to provide balance and stability.
Oculus also announced a partnership with Microsoft to bring the Oculus
Oculus is also working with

Microsoft on a VR peripheral,
called Oculus Touch.
Rift to Xbox One. As a result, every

Oculus Rift will come with a wireless
Xbox One controller.
For games that require other inputs,
the company unveiled a prototype of the
Oculus Touch: a pair of tracked controllers to provide the sense of touch in
virtual reality worlds. While the Xbox
controller is great for many games and
genres, we want an input device that lets
you to reach out and interact with objects

in VR naturally, said the Oculus team.
The prototype of the Oculus Touch,
called Half Moon, features two controllers (one for each hand) with a traditional analog thumbstick, an analog trigger, and two buttons. The controller is
wireless, and can recognize hand movements such as pointing, waving, and
thumbs up. z
Couchbase Server 4.0 gets N1QL

SQL-based query language gives JSON document capabilities to developers
BY ROB MARVIN
Couchbase is rolling out a new SQL

query language that gives developers
the ability to combine JSON data modeling with declarative SQL queries for
NoSQL data.
The NoSQL database platform
provider announced a beta of the N1QL
language as part of Couchbase Server
4.0. According to Couchbase CEO Bob
Wiederhold, N1QL is a NoSQL query
language based on SQL used to query
JSON-based document databases.
N1QL also enables developers to integrate Couchbase data with third-party
business intelligence and reporting tools.
The N1QL query language allows
us to expand the use cases we can support for Web, mobile and IoT applications, said Wiederhold. N1QL makes
it easier to access and manipulate the
data stored in Couchbase with ad hoc
and complex queries for developers to
build those kinds of capabilities into
their applications.
Wiederhold explained that the

NoSQL movement was designed to get
away from relational databases, not from
SQL. N1QL is intended to act as a SQLbased language for the NoSQL space
much the same as players in the Hadoop
space leverage SQL queries, he said.
N1QLs developer features and road map

Aside from the languages JSON data
capabilities, Wiederholder drew attention to N1QL features for developers
building applications within frameworks.
Couchbase will be plugged into a
developers framework, and theyll
experience this rich ability to be able to
query the database, combine and
manipulate data, he said. Youll be
able to do joins, to nest and un-nest
information in the documents.
Other features include:
Joins: A relational database capability designed for document databases to
combine the information in two separate NoSQL documents.
Nest/un-nest capabilities: JSON

documents contain what Wiederholder
explained were nested constructs for
more dynamic data than in relational
databases. N1QL allows developers to
reverse the nesting constructs to avoid
flattening all the data in a document.
Multi-dimensional scaling: A highperformance index-building ability used
in tandem with N1QL for creating highperformance enterprise applications.
As Couchbase is an open-source
company, the full N1QL implementation is available as open source for
developers. This is a full implementation of SQL, said Wiederholder. Its
not like we picked 60% of the capabilities and implemented them. Weve
built a language that has a mathematical basis; it has an algebra that can
describe the grammar of the language.
The N1QL beta is available with the
release of Couchbase Server 4.0, and
the SQL-based query language will be
generally available later this summer. z
19
22
SD Times
July 2015
www.sdtimes.com
Qualcomm
Developer Network
Push the boundaries
of what mobile can do
As we think bigger together, everyones

possibilities are growing. From highf[h\ehcWdY["XWjj[ho[_Y_[djWffijed[m
connected experiences for the Internet of
Things, Qualcomm Developer Network has
the tools and resources you need to push
boundaries and transform the way we live.
Visit > developer.qualcomm.com

Come see us > AnDevCon, booth 600-700
2015 Qualcomm Technologies, Inc. All rights reserved. Qualcomm is a
trademark of Qualcomm Incorporated, registered in the United States and
other countries and is used with permission.
Are brainwaves
the replacement
to passwords?
Researchers claim brainprints
work with 94% accuracy
Every account you have

should have a different password, and those passwords
should contain special characters, upper and lowercase letters, and numbers, according
to common password recommendations. That, though,
makes it difficult to remember them all. But what if
you didnt have to?
Researchers at the
University of Binghamton believe
they have discovered a way where
brainwaves can be
used as passwords.
In a newly published
study, Brainprint, Binghamton researchers took 45
volunteers and observed
their brain signals as they
read them a list of acronyms.
According
to
the
researchers, they were able
to get a computer system to
identify each volunteer
based on how their brain
reacted to reading and recognizing the acronyms. The
researchers say each participants brain reacted differently, and the system verified their identities with
94% accuracy.
This study could open the
door for brain biometrics as
a new form of passwords,
and replace the need for finger and retina biometrics,
according to Sarah Laszlo,
assistant professor of psychology and linguistics at
Binghamton University and

coauthor of Brainprint.
If someones fingerprint
is stolen, that person cant
just grow a new finger to
replace the compromised
fingerprint, she said. The
fingerprint for that person is
compromised forever. Fingerprints are non-cancellable. Brainprints, on
the other hand, are
potentially
cancellable. So, in the
unlikely event that
attackers were actually able to steal a
brainprint from an
authorized user, the
authorized user could then
reset their brainprint.
It may be some time
before this type of brain biometric is implemented in
low-security applications,
but the researchers see a
market for this in high-security applications.
We tend to see the applications of this system as
being more along the lines of
high-security physical locations, like the Pentagon or
Air Force Labs, where there
arent that many users that
are authorized to enter, and
those users dont need to
constantly be authorizing
the way that a consumer
might need to authorize into
their phone or computer,
said Zhanpeng Jin, assistant
professor of electrical and
computer engineering at
Binghamton. z
www.sdtimes.com
July 2015
SD Times
MapR 5.0 enables Hadoop in real time

BY ROB MARVIN
MapR announced the release of MapR

5.0, along with new auto-provisioning
templates for data lake deployment,
interactive SQL data exploration, and
operational analytics at Hadoop Summit in June.
Version 5.0 of the MapR Hadoop
distribution adds a new Views feature
for the newly released Apache Drill
1.1 for agile data governance, and
granular access controls for better
unstructured file security. MapR 5.0
also includes real-time data transport for real-time search and data
replication integrated with Elasticsearch, along with support for Apache
Spark 1.3, and for data frames and
YARN 2.7 with a new Docker container executor.
Jack Norris, CMO of MapR, said
MapR 5.0 is designed to extend
Hadoops capabilities to real-time applications.
Were seeing a whole new class of
flexible applications that give a whole
lot of power to developers, he said.
With [MapR 5.0], theyre free to
choose between different methods for
accessing and manipulating data in
their application, but be assured their
data protection, synchronization and
data availability is the same.
MapRs new auto-provisioning templates reduce complexity in distributing
Hadoop services by selecting optimal
layouts, with rack awareness to automatically distribute services across failure domains, and to execute health
checks on data lakes and the Hadoop
distribution as a whole.
In other Hadoop Summit news...

Hortonworks released version 2.3 of
the Hortonworks Data Platform
(HDP), its open-source enterprise
Hadoop platform. Version 2.3 adds
Hortonworks SmartSense, a proactive
Big Data monitoring service for large
clusters, and enhancements to data
encryption and authorization through
Apache Ranger and Apache Knox.
Apache Atlas, a new incubator proj-
ect developed through the Data Governance Initiative, adds a scalable metadata service, SQL metrics, and a UI for
data search. Additional functionality in
HDP 2.3 includes:
A new Apache Hive user view running on Apache Ambari to write, run
and debug queries
A Data Frame API that enhances
Apache Spark on YARN through
machine-learning algorithms for feature-rich Spark applications
A Web interface for forms-based creation of Apache Falcon data feeds and
pipeline processing.
Pentaho 5.4 released

Pentaho, now an official subsidiary of
Hitachi Data Systems, released Pentaho 5.4 with orchestration for Apache
Spark jobs, new APIs for embedded
enterprise analytics, and integrations
with Amazon Elastic MapReduce and
SAP HANA. Pentaho 6.0 is expected to
be released later this year.
Cloudwick launches Cloudwick Insights

Open-source Big Data integration soft-
ware provider Cloudwick rolled out a

new Cloudwick Insights service to
assess Hadoop and Spark jobs by CPU,
RAM, disk I/O and network utilization
using Pepperdata. The service is
designed to optimize real-time Hadoop
performance.
Datameer and Tableau announce analytics

Big Data platform Datameer and business analytics provider Tableau
announced a new technology connector
combining their solutions into a
Hadoop analytics and visualization tool.
Developers leveraging the solution will
be provided with Datameers spreadsheet data interface through Tableau
Desktop or Tableau Server for data
visualization reporting.
Teradata launches Teradata RainStor

Big Data analytics provider Teradata
announced the launch of Teradata
RainStor for archived SQL-based data
analytics, Teradata Loom 2.5 for data
lake security, and enterprise support for
Facebooks open-source Presto SQL
query engine. z
Databricks announces Apache Spark 1.4

BY ROB MARVIN
Databricks has announced the general

availability of Apache Spark 1.4, including SparkR, a new R API for data scientists.
Version 1.4 of the open-source Big
Data processing and streaming engine
also enhances Sparks DataFrame API
features, Python 3 support, a component upgrade past alpha for Sparks
machine learning pipeline, and new
visualization and monitoring capabilities for Spark Streaming and Core.
Below is a more detailed breakdown
of the new features and improvements
in Spark 1.4:
SparkR: The first new language API in
Spark since PySpark in 2012, SparkR is
based on the engines parallel DataFrame abstraction, and it allows developers to create SparkR DataFrames from
local R data frames or other sources,
including Apache Hive and Parquet,

HDFS, and JSON.
DataFrame improvements: New
Window functions added to Spark SQL
and other DataFrame features including
better serializer memory use, statistical
and mathematical function support, and
support for Project Tungsten.
Machine learning pipeline: The
Spark ML pipeline, first introduced in
Spark 1.2, now includes stable APIs for
production-ready machine-learning
workloads.
DataVis and monitoring: New visual debugging and monitoring utilities
are designed to help developers better
understand Spark application runtime
behavior. Additional data visualization
tools include an application timeline
viewer, a computation graph visualizer,
and visual monitoring over data streams
to track latency and throughput. z
23
Learn How To Master Big Data
November 2-4, 2015
CHICAGO
Holiday Inn Chicago Mart Plaza River North
Choose from 55+

classes and tutorials!
Attend Big Data TechCon to get practical training
on Hadoop, Spark, YARN, R, HBase, Hive,
Predictive Analytics, and much more!
Take a Big Data analytics tutorial, dive deep into
machine learning and NoSQL, learn how to master
MongoDB and Cassandra, discover best practices for
using graph databases such as Neo4j and more. Youll
get the best Big Data training at Big Data TechCon!
www.BigDataTechCon.com
A BZ Media Event
Big Data TechCon is a trademark of BZ Media LLC.
People are talking about BigData TechCon!

Great for quickly coming up to speed in the big data landscape.
Ben Pollitt, Database Enginee, General Electric
There was a large quantity and variety of educational talks with

very few sales lectures. It was just informative and inspiring.
This was the best conference ever! Get a ticket for 2015!
Byron Dover, Big Data Engineer, Rubicon Project
www.sdtimes.com
July 2015
SD Times
Researchers can count on WiFi

Signals can be used to determine how many people are in an area
WiFi signals are almost everywhere, and

researchers from the University of California, Santa Barbara (UCSB) want to
utilize those signals to do more than
provide
Internet
access.
The
researchers have discovered a way to
use WiFi to count the number of people
in a given area, even when theyre not
carrying a WiFi-enabled device.
Our approach can estimate the
number of people walking in an area,
based on only the received power
measurements of a WiFi link, said
Yasamin Mostofi, professor of electrical
and computer engineering at UCSB.
According to her, potential use cases
for their findings could range from
energy efficiency applications to emergency response.
There are several potential applications that can benefit from an estimation of how crowded an area is, the
researchers wrote on the projects

website. For instance, heating and
cooling of a building can be better
optimized based on learning the concentration of the people over the
building. Emergency evacuation can also benefit from
an estimation of the level
of occupancy. Finally, stores
can benefit from counting the
number of shoppers for better
business planning.
The researchers accomplished
this by placing two WiFi cards at
opposite ends of an area and
using power measurements between
them to estimate the number of people.
Given that WiFi networks are available in many buildings, we envision that
they can provide a new way for occupancy estimation, in addition to cameras and other sensing mechanisms. In
particular, its potential for counting
behind walls can be a nice complement

to existing vision-based methods, the
researchers wrote.
Currently, the researchers have been
able to count up to nine people indoors
and outdoors. But some limitations include losing track of
people when they cross the
line of sight between the WiFi
cards, and multi-path fading
when a person is not in the direct
line of sight. The researchers were
able to estimate the number of people walking by creating a probabilistic mathematical framework
based on those problems.
This is about counting walking people, which is very challenging, said
Mostofi. Counting this many people in
such a small area with only WiFi power
measurements of one link is a hard
problem, and the main motivation for
this work. z
25
We know how application development can be.
INTRODUCING
MOBILE CAPTURE SDK

Try it free for 30 days with full support
ATALASOFT.COM
Let DotImage take some of the bite out of your challenges.

Connecting the dots is a no-brainer. DotImage image-enables your
.NET-based web application faster, more cost eectively, and less
painfully than if done on your own. This proven SDK is versatile, with
options including OCR capabilities, WingScan compatibility, and
support for a range of formats. Coupled with dedicated assistance
from our highly knowledgeable and skilled engineers, DotImage
helps your business connect with powerful information hidden
inside your documents, making the big picture much easier to see.
Image-enabling experts & bacon connoisseurs. Visit us online to see our full line of SDKs for .NET, Java, and Mobile.
www.atalasoft.com
SDT315 page 27_Layout 1 6/19/15 11:53 AM Page 27
www.sdtimes.com
July 2015
SD Times
COMPONENT WATCH
dtSearch adds support

for encrypted PDFs
dtSearch is expanding its support to a

broader range of encrypted PDFs in the
latest release of its product line. The
enterprise and developer text-retrieval
software provider announced version
7.8, with support for password-protected
PDF files encrypted up to 128-bit RC4,
and 128-bit and 256-bit AES.
Encrypted PDFs that we support
can be handled now just like any other
supported data types, said Elizabeth
Thede, director of sales at dtSearch.
dtSearch automatically recognizes
supported data types, and can automatically index and search them.
In addition to encrypted PDFs,
dtSearch supports Web-ready content,
databases, Microsoft Office formats,
compression formats, e-mails and
attachments, and recursively embedded objects.
Developers use dtSearch because it
combines both the text search capabili-
ties and the document filters for data

support, according to Thede.
The dtSearch Engine is especially
helpful in very high-data volume situations as it includes a terabyte indexer,
which can index up to a terabyte in a single index, she said. Developers can still
create as many terabyte-size indexes as
they want, and simultaneously search
them. For high-volume searching, the
dtSearch Engine also offers very efficient
multi-threaded searching, with no limit
on the number of concurrent search
threads. For online search, the products
can run in a completely stateless manner,
making it very easy to scale.
Other features include Android,
Linux, .NET and Windows SDKs; the
ability to parse, index, search and
extract data; federated search across
any amount of directories, e-mails and
databases; more than 25 search options;
international language support; and
faceted search options. z
dtSearch 7.8 also works with databases, e-mails and Web-ready content
In other component news

Accusoft has updated its HTML5 documents viewer with new and improved
features for viewing and controlling documents. Prizm Content Connect version
10.2 provides e-discovery enhancements,
improved document rendering, and template-based signing. In addition, the document, content and imaging solution
provider announced the addition of
three new APIs to its Cloud Services, and
a Viewer Wizard to provide a customized
user experience. The APIs include a barcode API, OCR API and conversion API.
Software development tool provider
DevExpress recently announced the
availability of DevExpress Universal 15.1,
an updated version of its software development suite for Visual Studio. The latest release comes with new products and
features designed to help developers
create desktop, Web and mobile solutions. Features include new and
improved report designers; GDI+-powered report viewers; new pivot grid widgets; a new scheduling/calendar widget; a
Microsoft universal apps-inspired ribbon;
and new navigation UI controls.
LEAD Technologies has announced a
major update to LEADTOOLS 19. According to the image developer tool provider,
the update focuses on the companys
document and medical imaging engines
as well as its OCR, barcode, forms, annotations, DICOM and PACS technologies.
The document viewer and document
converter were updated to be more efficient at raster and SVG image rendering,
generating thumbnails and extracting
text. The Advantage OCR engine was
updated to improve accuracy in detecting text orientation, font characteristics
and paragraphs. The medical viewer control in LEADTOOLS medical product line
was updated to include customization of
cells, subcells, ruler and window level
range. Other features include enhanced
search, export and anonymization
options for the DICOM storage server;
broader backward compatibility with older HL7 message versions; and a new Web
interface for CCOW. z
27
SDT315 page 28-30,32,35_Layout 1 6/19/15 11:55 AM Page 28
28
SD Times
July 2015
www.sdtimes.com
DOCKER AND THE

COOLIFICATION
OF CONTAINERS
Optimized for apps and developers, the open-source tool

is bringing microservices to the masses
BY ALEXANDRA
WEBER MORALES
is first presentation may have ended inauspiciously

with the moderator cutting him off mid-sentence at
the five-minute mark, but the developers sitting in
Solomon Hykes 2013 PyCon session knew that the
founder of Docker, an open-source application container
engine, had unveiled a tool that would bring revolutionary
simplicity to deployment. They began texting their respective motherships with news of the discovery almost immediately. John Wetherill, technology/PaaS evangelist for the
Vancouver-based ActiveState, was one of them.
When we first shipped the Stackato PaaS in early
2012, we used plain vanilla [Linux]
containers and our own tool, called
Fence, to orchestrate them, said
Brent Smithurst, vice president of
product management for ActiveState. John [Wetherill] was at the
Python conference where Solomon
Hykes did his presentation on
Docker containers. He texted me
from the session, Wow, this guy is
showing a great service for us.
Solomon shared the source code
with us before the release on
GitHub, and we were able to work
it into Stackato.
www.sdtimes.com
Containers are 15 years oldwe

were doing containers before they were
cool, said John Gossman, an architect
on Microsofts Azure core team. But
the industry, until Docker came along,
didnt recognize containers could be a
great developer experience. Thats what
Solomon did.
At the nexus of microservices,
DevOps, Continuous Delivery and
service-oriented architectures (SOAs),
San Francisco-based Docker may have
set a land-speed record for fastest formation of a vibrant technology ecosystem around a single tool. Launched in
March 2013, in just two years the company now claims to have 4 million
developers using Docker to deploy
platform-independent apps packaged
with all the components, libraries and
operating systems they need to run.
They have downloaded the container format close to 500 million times,
said David Messina, vice president of
enterprise marketing at Docker. That
points to incredible traction. At DockerCon in June last year, the number of
container downloads was 3 million.
Adrian Cockroft, a technology fellow
at Battery Ventures best known for
leading Netflixs cloud migration, concurs: This has taken off faster than
every other ecosystem Ive ever seen.
Hadoop took five years or so to start to
grow. Docker took six months to do
what most ecosystems do in years.
Hadoop is an apt comparison,
because just as that technology has made
crunching Big Data economical, Docker slashes the cost of deployment,

according to Cockroft. In the old days,
you had a data center full of machines,
and most were idle, he said.
What virtual machines did was consolidate the CPU power. Docker takes
it an extra step because it consolidates
the memory, and that is more
expensive.
Consolidating all
the containers into a
smaller memory footprint saves money
because it uses less
RAM to run an equivalent amount of work.
Typically, youre running
inside a VM, but instead of 10 VMs, now
youve got one, said Cockroft. Or on
Amazon Web Services, you can have 8x
large instead of 10x large. So you have
the same memory footprint, but now
youre running eight containers. That
could be a 50% to 70% cost savings.
Docker: What, who and why

In addition to its low memory overhead,
Docker wins points for isolation, fast
boots and shutdowns, and cloud deployment elegance. Written in Googles
highly portable Go programming language, the Docker engine comprises a
daemon/server that manages the containers, with a client to control the daemon. Containers, according to Dockers
Web-based command-line tutorial, are a
process in a box. The box contains
everything the process might need, so it
has the file system, system libraries, shell
and such, but by default none of these
are running. You start a container by
running a process in it.
Docker has revitalized DevOps in
three ways:
1. By adding image-management
and deployment services to longstanding, difficult-to-use Linux container
technology
2. By launching a vital developer
community around the open-source
Docker engine
3. By assembling an ecosystem of
complimentary technologies that make
deploying microservices and monolithic
apps alike a push-button affair.
July 2015
SD Times
The Docker Hub has 100,000+

Dockerized services in the hub that I as
a developer can pull from, said Dockers Messina. If I have an app that has
a Linux distribution, a language stack, a
database like MongoDB and a Web
server like nginx, I can orchestrate
these services from my desktop.
While much of the DevOps tooling
(such as Puppet or Ansible) has focused
on the Ops end of the pipeline, Docker
owes much of its popularity to a massive
developer following. The driving force
for Docker are Dev teams, but Ops is
also a critical stakeholder, said Messina.
In the majority of organizations, development has led the process of containerization. But in others, like Yelp or
Groupon, Ops set up a framework
around Docker, then began marketing
the productivity improvement to development.
Not surprisingly, Dockers rapid rise
has sparked some controversy. While
software companies like Microsoft, Amazon, ActiveState, JFrog, ClusterHQ and
more jockey to ride the containerization
wave, criticisms have been lobbed. One
is that the tool is too simplistic for enterprise use. Thats the argument made in a
December 2014 manifesto by CoreOS,
which launched a competitor, Rocket, as
a container runtime designed for composability, security and speed.
According to Alex Polvi, CEO of
CoreOS, the Docker repositorys original manifesto described a simple container standard. Unfortunately, a simple reusable component is not how
things are playing out, he said.
Docker now is building tools for
launching cloud servers, systems for
clustering, and a wide range of functions: building images, running images,
uploading, downloading, and eventually
even overlay networking, all compiled
into one monolithic binary running primarily as root on your server. The standard container manifesto was removed.
We should stop talking about Docker
containers, and start talking about the
Docker Platform. It is not becoming
the simple composable building block
we had envisioned.
One of Rockets core design princicontinued on page 30 >
29
30
SD Times
July 2015
www.sdtimes.com
< continued from page 29
ples is security, and Dockers approach

to security has been the other main
controversy facing the young company.
Security: Whats in that image?

No one denies there are risks associated
with using images downloaded from the
public Docker registry, as noted in a May
15, 2015 blog by the container startup
Banyan Ops. The report, by Jayanth
Gummaraju, Tarun Desikan and Yoshio
Turner, was titled Over 30% of Official
Images in Docker Hub Contain High
Priority Security Vulnerabilities. Known
exploits such as Shellshock, Heartbleed
and POODLE were found in images the
company pulled from Docker Hub. But
is the claim as damning as it seems?
Its inaccurate. The official repositories are the 70-plus repos that we
work very specifically with the ISVs to
create, said Dockers Messina. There
is parity with what they have and what
the ISVs have.
We go through a very rigorous
process ourselves. Before they make
the official repo, we go through the vul-
Five security tips for

container-crazed coders
To avoid kernel exploits, denial of service attacks, cracked database passwords, poisoned images and more,
these basics are a must (but by no
means a complete security strategy):
The usual rules of Internet hygiene
apply: Verify image quality and
provenance.
Set boundaries: Containers are
safest when segregated within VMs.
Check your privilege: Dont run containers with the privilege flag,
and drop privileges ASAP.
Stay lean: Containers shouldnt
include anything the application
doesnt need to run.
Protect the host: Run as non-root
whenever possible. z
Alexandra Weber Morales
1.
2.
3.
4.
5.
nerabilities ourselves. What that

[report] did was take a set of raw numbers that dont reflect how developers
use the images. We dont remove
images from Hub. Also, what they
scanned for was inaccurate: They just
looked for the release level, just the

numbers, as opposed to scanning for
vulnerabilities. Debian has much deeper level of code numbering scheme...
So basically, their counting is wrong.
Cockroft added: The container provides some isolation, but not as much as
a VM. When VMs came out, people
werent happy about VM security. People were saying you could break out
and control the host machine. In fact
thats happened very rarely. The isolation that Docker gives you is improving
over time.
Via Dockers layered image model, its
easier to get out patches and updates
across a codebase as opposed to the noncontainerized model, according to a
Docker white paper on security best
practices. That paper concludes that
The simple deployment of Docker
increases the overall system security levels by default, through isolation, confinement, and by implicitly implementing a
number of best practice, that would otherwise require explicit configuration in
every OS used within the organization.
continued on page 32 >
32
SD Times
July 2015
www.sdtimes.com
Especially in a bare-metal scenario,

deployed without x86 virtualization,
Dockers security best practices white
paper notes that Containers do not
provide ring-1 hardware isolation, given
that it cannot take full advantage of
Intels VT-d and VT-x technologies. In
this scenario, containerization is not a
complete replacement of virtualization
for host isolation levels.
Could security concerns around
Docker images be overstated? Microsofts Gossman doesnt think so. We are
super paranoid about security here. Its
one of our highest goals. I dont ever dismiss any sort of security questions. You
need good security practices. You dont
download an image without running any
tools on it to make it secure. That may be
fine for dev and test, but not for production. In the multi-tenant cloud, we
assume theres a very sophisticated hacker there. They can sign up for Azure and
theyre going to be sitting right next to
customer data.
Calling for containers

As the cloud market matures, its interesting to observe the relative positions
and philosophies of Microsoft and
Amazon, two cloud providers with distinctively different offerings, but both
are scrambling to react to an onslaught
of customers who began asking to run
Docker on their respective platforms in
2013.
In Amazons case, much of the action
was around batch processing, encapsulating tasks in Linux containers, then
running those containers on a fleet of
instances. The biggest challenges? Cluster management, scaling, configuration
management, container sprawl, availability, security (enforcing isolation) and
scheduling. Their answer? Amazon EC2
Container Service, which provides a
cluster-management infrastructure for
Docker containers and provides existing
features like security groups, Elastic
Load Balancing, EBS volumes and
Identity and Access-Management roles.
Amazon is a strange animal, said
JFrogs Simon. They are Infrastructureas-a-Service, most popular for public
cloud, but they already solve quite a lot of
Microservices:
SOA for hipsters?
In all the excitement around containers, the
question of what defines a microservice
turns out to be an elusive one. While a number of executives were hard-pressed to
make a distinction between microservices and components, they may be reassured to
know that even software architecture guru Martin Fowler notes in a 2014 paper entitled Microservices, While there is no precise definition of this architectural style,
there are certain common characteristics around organization around business capability, automated deployment, intelligence in the endpoints, and decentralized control
of languages and data. He goes on to describe microservices as suites of small services that communicate via lightweight mechanisms such as an HTTP resource API to
comprise a single application.
But havent component-based development, and later service-oriented architectures, been software developments goal for decades?
I see it as next-level SOA, for sureSOA for hipsters. Because its a useful way to
architect things if you need it, but not necessarily a new, new badge, said Brent
Smithurst, vice president of product management for ActiveState.
Fowler is optimistic about the new term, however. In the paper, he explains SOAs
spotty record: When weve talked about microservices, a common question is
whether this is just service oriented architecture that we saw a decade ago. There is
merit to this point, because the microservices style is very similar to what some advocates of SOA have been in favor of.
The problem, however, is that SOA means too many different things, and that most
of the time that we come across something called SOA, its significantly different to the
style were describing here, usually due to a focus on ESBs used to integrate monolithic
applications. In particular we have seen so many botched implementations of service
orientationfrom the tendency to hide complexity away in ESBs, to failed multi-year initiatives that cost millions and deliver no value, to centralized governance models that
actively inhibit change, that it is sometimes difficult to see past these problems.
As a result, Fowler writes, microservices might finally mean service orientation
done right. z
Alexandra Weber Morales
the issues of virtualization: The ability to

create a VM, spawn a new exact copy of
VM, orchestration. Theyve already met
the appeal for containers. I dont know
how many people will actually use containers on top of Amazon. Similar questions abound for Microsoft. The answer,
in both cases, is portability.
The big thing we hear is that people
dont mind running on AWS, but they
dont want to use native tools because
what if they want to move it? You can
just move Stackato over to Azure, HP
Cloud or in-house, said ActiveStates
Smithurst.
Cross-technology compatibility is
definitely a motivation for Microsoft. I
wrote the original thought piece on
containers at Microsoft, said Gossman.
Our strategy is pretty simple. If we
wanted to be, two or three years back,
the Windows and .NET cloud, we
wouldnt even have succeeded at that.
People want to run Java and Oracle on

Windows. Customers have asked us to
run Docker on Azure, and theyre also
asking to run it on Windows. Windows
is incredibly popular in private data
centers and local clouds and competitive public clouds. Developers really
like using Docker. We dont want to
have people choose.
Getting the Docker command-line
interface to run in a Linux VM on
Azure wasnt hard, Gossman said. More
effort was needed for the Docker
extension, which makes it easy to install
Docker and images. Microsoft is working on integrating Docker Compose
(which he predicts wont be available in
the next version), and is working on
Docker Swarm for Azure, as well as
Mesos and CoreOS on Azure. Nano
Server, a minimal-footprint installation
option of Windows Server optimized
Take your Android development

skills to the next level!
Whether youre an enterprise developer, work for a commercial
software company, or are driving your own startup, if you want to build
Android apps, you need to attend AnDevCon!
July 29-31, 2015

Sheraton Boston
Choose from more than 75 classes and
in-depth tutorials
Meet Google and Google Development Experts
Network with speakers and other Android developers
Check out more than 50 third-party vendors
Women in Android Luncheon
Panels and keynotes
Receptions, ice cream,
prizes and more
Android is everywhere!
But AnDevCon is where
you should be!
(plus lots of coffee!)
Register Early and Save at www.AnDevCon.com

A BZ Media Event
#AnDevCon
AnDevCon is a trademark of BZ Media LLC. Android is a trademark of Google Inc. Googles Android Robot is used under terms of the Creative Commons 3.0 Attribution License.
www.sdtimes.com
for cloud and container-based deployment, is also being prepped for release.
As for orchestration, We dont have
an exact plan there, said Gossman. If
you look at the tools, in most cases they
havent even reached 1.0. We could
build our own service, but its not clear
which version is what the customer
wants. We want to expand the Service
Fabric that we announced recently to
Linux and other languages.
Finally, with regard to porting the
Docker-management experience, Gossman said, There will also be a native API
because other people will want other
management experienceseven though
we believe all the action is for Docker.
July 2015
SD Times
a list of Docker Commands
Orchestration, monitoring, data and more
Attach to a running container

Build a container from a Dockerfile
commit Create a new image from a containers
changes
diff
Inspect changes on a containers
filesystem
export Stream the contents of a container as
a tar archive
history Show the history of an image
images List images
import Create a new filesystem image from
the contents of a tarball
info
Display system-wide information
insert
Insert a file in an image
inspect Return low-level information on a container
kill
Kill a running container
login
Register or log in to the Docker registry server
Orchestration is a major concern with

containerization, which has the tendency to produce sprawl. Microservices
are really interesting, but now you have
a classic configuration-management
issue. Now, instead of single executable,
you have a swarm of things, said James
Creasy, vice president of engineering at
SKUR, a robotic measurement startup
for the construction industry. Creasy
and others like him represent a wave of
future adopters who are waiting for
containers to mature before they hop
on board.
A full-fledged production ecosystem
will be part of the attraction for Creasy.
Luckily for him, Dockers API for
automating and fine-tuning container
creation and deployment has led to
integrations for deployment, multinode deployment, dashboards, configuration management, and Continuous
Integration.
While Docker works as a simple,
one-machine PaaS, managing a fleet of
containers takes a different level of
automation. Thats where Kubernetes,
CloudFoundry, TerraForm, Mesos,
CoreOS, Dokku, Deis, Flynn, Docker
Swarm and others can add a scheduling
layer, creating a mid-point between
IaaS and PaaS in what some call Containers-as-a-Service, or CaaS.
On the monitoring side, a raft of
technologies claim to make peeking
into Docker containers and tracking
their performance and behavior easy:

DockerUI, OpenStack Horizon, Shipyard, cAdvisor, New Relic, ClusterUP,
BoxSpy and more. For storage, Flocker
is attempting to answer the question of
how to add state to containers.
Containers have been driven by
very advanced, forward-thinking developers who say, We dont put state in
our apps. We make sure we dont have
anything that needs to persist, with the
data that those apps talk to being external to the app layer, said Mark Davis,
CEO of ClusterHQ provider, of the
new Flocker 1.0 container data-management software.
While thats fine, one thing weve
discovered is that theres no such thing
as an app that is actually stateless. An
app without data is useless. Even the
most trivial app has data. So how can we
deal with these stateless microservices?
Is there a way for us to build databases,
queues and key-value stores?
Swisscom, Switzerlands leading telco provider, has implemented Flocker
with EMC ScaleIO as part of a PaaS
initiative. With Flocker, Swisscom uses
EMC ScaleIO as its persistent storage
back end, gaining both scale-out storage for its microservices and data portability between physical and virtual
servers, improving operational management and increasing density of distributed server-hosted applications.
Fetch the logs of a container

Look up the public-facing port which is
NAT-ed to PRIVATE_PORT
ps
List containers
pull
Pull an image or a repository from the
Docker registry server
push
Push an image or a repository to the
Docker registry server
restart Restart a running container
rm
Remove a container
rmi
Remove an image
run
Run a command in a new container
search Search for an image in the Docker index
start
Start a stopped container
stop
Stop a running container
tag
Tag an image in a repository
version Show the Docker version information
wait
Block until a container stops, then
print its exit code
attach
logs
build
port
Swisscom has been watching Linux-based containers since their beginning, said Marco Hochstrasser, head of
Swisscom Application Cloud. We
believe that lightweight containers can
provide significant benefits to major
service providers, including dramatically higher density of applications per
server. That means greater efficiency,
decreased costs and higher flexibility.
We decided to use Docker containers for a major new initiative, but as we
investigated options, we realized that
without a solution for persistent container data management, we wouldnt
be able to achieve the benefits we
sought. When we saw Flocker from
ClusterHQ, we knew we had found a
compelling open-source solution.
Prediction: Docker goes into production

What will the next six months hold for
Docker? Its evolving extremely
quickly. Im hoping that at DockerCon
well see more production-ready case
studies, said Battery Ventures Cockroft. People running Docker in production, theyve hand-crafted a lot of
things. But its a matRead this story on
ter of months to havsdtimes.com
ing more tooling:
Products making it
easy for test and dev
workloads to switch
over to production. z
35
Agility and
automation
at enterprise
scale
EMPOWER YOUR DEVELOPERS WITH COLLABNET TEAMFORGE.
The industrys #1 Enterprise Open ALM and collaboration platform, TeamForge has you covered from agile
planning to distributed and centralized source code management through review, delivery and DevOps.
It combines the exibility and velocity of an open-source development environment with cross-project
visibility, access control and consistent integration of best practices.
TeamForge helps you innovate and scale success across your enterprise.
Learn why CollabNet was listed in the Top 100 for Best ALM and Development Tools by SD Times.
Collab.net/ALM
2015 CollabNet, Inc. All rights reserved. CollabNet TeamForge is a registered trademark of CollabNet, Inc.
www.sdtimes.com
July 2015
SD Times
ALM TECHNIQUES CAN HELP

KEEP YOUR APPS IN PLAY
Now that Agile, DevOps and Continuous Delivery have matured,
developers need to bring new twists to their favorite tools
or developers and enterprise

teams, application life-cycle management in todays development
climate is an exercise in organized chaos.
As movements such as agile,
DevOps and Continuous Delivery have
created more hybrid roles within a
faster, more fluid application delivery
cycle, there are new definitions of what
each letter in the ALM acronym means.
Applications have grown into complex
entities with far more moving parts
from modular components to microservicesdelivered to a wider range of
BY ROB MARVIN
platforms in a mobile and cloud-based
world. The life cycle itself has grown
more automated, demanding a higher
degree of visibility and control in the
tool suites used to manage it all.
Kurt Bittner, principal analyst at
Forrester for application development
and delivery, said the agile, DevOps
and Continuous Delivery movements
have morphed ALM into a way to manage a greatly accelerated delivery cycle.
Most of the momentum weve seen
in the industry has been around faster

delivery cycles and less about application life-cycle management in the sense
of managing traceability and requirements end-to-end, said Bittner. Those
things are important and they havent
gone away, but people want to do it
really fast. When work was done manually, ALM ended up being the core of
what everyone did. But as much of the
work has become automatedbuilds,
workflows, testingALM has become
in essence a workflow-management
37
38
SD Times
July 2015
www.sdtimes.com
tool. Its this bookend concept that

exists on the front end and then at the
end of the delivery pipeline.
Don McElwee, assistant vice president of professional services for Orasi
Software, explained how the faster, more
agile delivery process correlates directly
to an organizations bottom line.
The application life cycle has
become a more fluid, cost-effective
process where time to market for
enhancements and new products is
decreased to meet market movements
as well as customer expectations, said
McElwee. It is a natural evolution of
previous life cycles where the integration of development and quality assurance align to a common goal. By reducing the amount of functionality to be
deployed to a production environment,
testing and identifying issues earlier in
the application life cycle, the overall
cost of building and maintaining applications is decreased while increasing
team unity and productivity.
In addition to the business changes
taking place in ALM, the advent of agile,
DevOps and Continuous Delivery has
also driven a cultural change, according
to Kartik Raghavan, executive vice president of worldwide engineering at CollabNet. Raghavan said ALM is undergoing a
fundamental enterprise shift from a lifecycle functionality focus toward a delivery process colored more by the consumer-focused value of an application.
All these movements, whether its
agile or DevOps or Continuous Delivery, try to take the focus away from the
individual pieces of delivery to more of
the ownership at an application level,
said Raghavan. Its pushing ALM
toward more of a pragmatic value of the
application as a whole. That is the big
cultural change.
ALM for a new slate of platforms

Bittner said ALM tooling has also segmented into different markets for different development platforms. He said
development tool chains are different
for everything from mobile and cloud
to Web applications and embedded
software, as developers deploy applicacontinued on page 41 >
What developers need in a tool suite

for the modern application life cycle
Hadi Hariri, Developer Advocacy Lead, JetBrains
A successful tool is one that provides value by removing grunt work and errors via
automation. Its job is to allow developers to focus on the important tasks, not fight
the tool.
Don McElwee, Assistant Vice President of Professional Services, Orasi Software

Developers should look for a suite of tools that can provide a holistic solution to maximize collaboration with different technologies and other teams such as Quality
Assurance, Data Management and Operations. By integrating technologies
that offer support to different departments, developers can maximize the talents of those individuals and prove that their code can work and be comfortable with potential real-world situations. No longer will they wonder how it will
work, but can tell exactly what it does and why it will work.
Jason Hammon, Director of Product Management, TechExcel

The focus should really be traceability. You can manage requirements, implementation and testing, but developers need to look for something thats flexible with an understanding that if they should want to change their process later, that they have flexibility to modify their process without being locked into one
methodology. You also need flexibility in the tools themselves, and tools that can scale
up with the customers and data you have. You need tools that will grow with you.
Paula Rome, Senior Product Manager, Seapine Software

Developers should do a quick bullet list. What arent they happy about in their current process? What are they really trying to fix with this tool? Are things falling
through the cracks? Are you having trouble getting the information you need to
answer questions right now, not next week? Do you find yourself repeating manual
processes over and over? Play product manager for a moment and ask yourself what
those high-level goals are; what ALM problems youre really trying to solve.
Kartik Raghavan, Senior Vice President of Engineering, CollabNet

[Developers] need to differentiate practitioner tools that help you do a job at a granular level from the tools that give you a level of control, governance or visibility into
an application. Especially for an enterprise, you have to first optimize tool delivery.
Whatever gets you the best output of high-quality software quickly. There are rules
and best practices behind that, though. How do you manage your core code? What
model have you enabled for it? Do you want a centralized model or a distributed model, and when you roll those things out, you need to set controls. You need to get that
right, but with the larger focus of getting rapid delivery automation in place for your
Continuous Delivery life cycle.
Matt Brayley-Berger, Worldwide Product Marketing Manager for Application Life

Cycle and Quality, HP
Any tool set needs to be usable. That sounds simple, but oftentimes its frustrating when its so far from the current
process. The tool itself may also have to annotate the existing processes rather than forcing change to connect that
data. You need a tool thats usable for the developer, but
with the flexibility to connect to other disciplines and do
some of the necessary tracking on the ground level
thats critical in organizations to report things back.
Teams shouldnt have to sacrifice reporting and
compliance for something thats usable. z
Rob Marvin
The secret to agile delivery? Tap into

the ALM hub of activity and insight
Do you need to manage the unmanageable?
Enter ALM
Unprecedented velocity, uncompromised
quality, and fully integrated dev and test
Most organizations want not
just agility, but also speed 1
2010
2020
elopm
Dev
Forrester
Plan
30X
Social, mobile, analytics,

cloud have reached the
tipping point in 2013. 2
more app
refreshes per year compared
to 2010.3
Are your dev/test processes
ready for this velocity?
Gartner
HP Application
Lifecycle
Management
t
en
By 2020, we will experience
Validate
Build
Stress
Deploy
Report
Te
st
in g
Scrum master
Functional test
engineer
A single pane of glass

to manage the agile
application lifecycle
HP Agile Manager
VP of apps
HP UFT, HP SV
d
e
Business analyst
HP RM
App security tester
HP ALM
Co
HP Fortify
ll a b o r a t i v e
Quality assurance
HP QC
HP Performance Center,
HP SV
ated
om
Sprinter
Performance
engineer
Au
t
Un
i
Manual tester
HP Executive Scorecard
Developer (Java)
HP ALI and IDE, build,
SCM integration
Developer
(SAP/Oracle)
HP ALI and IDE, build,
SCM integration
HP ALM gives you:

Single-pane-of-glass visibility
Decision-support system
Flexibility for any methodology

Scalability from project to enterprise
Complete traceability
Cohesive quality management
Learn more at hp.com/go/hpalm

1. Better Outcomes, Faster Results, Continuous Delivery And The Race For Better Business Performance, Forrester Research, November 2013.
2. Gartner Research, Transform Your Business With the Nexus of Forces, 28 February 2014.
3. HP internal analysis, comparing app updates in 2010 to expected app updates in 2020.
4. The Gantry Group, ROI Benchmark Study Report: Application Lifecycle Management Solutions Product Spotlight: Upgrading from HP Quality
Center Enterprise to ALM, September, 2013.
2UDFOHDQG-DYDDUHUHJLVWHUHGWUDGHPDUNVRI2UDFOHDQGRULWVDOLDWHV
Copyright 2015 Hewlett-Packard

Development Company, L.P.
www.sdtimes.com
tions to everything from a mobile app

store to a cloud platform such as Amazons AWS, Microsofts Azure or OpenStack.
[Tool chains] often fragment along
the technology platform lines, said Bittner. People developing for the clouds
main goal is to get things to market
quickly, so they tend to have a much
more diverse ecosystem of tools, while
mobile is so unique because the technology stack is changing all the time
and evolving rapidly.
Hadi Hariri, developer advocacy lead
at JetBrains, said the growth of cloudbased applications and services in particular has shifted customer expectations
when it comes to ALM.
Before, having on-site ALM
solutions was considered the de
facto option, he said. Nowadays,
more and more customers dont
want to have to deal with hosting,
maintenance [or] upgrades of
their tools. They want to focus on
their own product and delegate
these aspects to service and tool
providers.
CollabNets Raghavan said this shift
toward a wider array of platforms has
changed how developers and ALM tool
providers think about software. On the
surface, he said he sees cloud, mobile,
Web and embedded as different channels for delivering applications.
He said there is more focus when
developing and managing an application on changing the way a customer
expects to consume an application.
Each of these channels represents
another flavor of how they enable customers to consume applications, said
Raghavan. With the cloud, that means
the ability to access the application anywhere. Customers expect to log into an
application and quickly understand what
it does. Mobile requires you to build an
application that leverages the value of
the device. You need an ALM suite that
recognizes the different tools needed to
deliver every application to the cloud,
prepare that application for mobile consumption, and even gives you the freedom to think about putting the app on
something like a Nest thermostat.
Whats in an application?
Applications are becoming composites,
according to Forresters Bittner, and he
said ALM must evolve into a means of
managing the delivery of these composite applications and the feedback coming from their modular parts integrated
with the cloud.
A mobile application is typically not
standalone. It talks to services running
in the cloud that talk to other services
wrapping legacy systems to provide
data, he said. So even a mobile application, which sounds like a relatively
whole entity, is actually a network of
things.
ALM has become

in essence a
workflow
management
tool.
Kurt Bittner, Forrester
Matt Brayley-Berger,
worldwide product marketing manager
of application life cycle and quality for
HP, expanded on this concept of application modularity. With a composite
application containing sometimes hundreds of interwoven components and
services, he said the complexity of
building releases has gone up dramatically.
Organizations are making a positive
tradeoff around risk, he said. Using all
of these smaller pieces, the risk of a single aspect of functionality not working
has gone down, but now youre starting
to bring in the risk of the entire system
not working. In some ways its the ultimate SOA dream realized, but the other side means far more complexity to
manage, which is where all these new
ALM tools and technologies come in.
Within that application complexity is
also the rise of containers and microservices, which Bittner called the next big
growth area in the software development life cycle. He said containers and
microservices are turning applications
from large pieces of software into a network of orchestrated services with far
July 2015
SD Times
more moving parts to keep track of.

Containers and microservices are
really applicable to everything, said Bittner. Theyll lead to greater modularity
for different parts of an application, to
give organizations the ability to develop
different parts of an application independently with the option to replace
parts at runtime, or [to] evolve at different speeds. This creates a lot of flexibility
around developing and deploying an
application, which leads to the notion of
an application itself changing.
JetBrains Hariri said microservices
are, at their core, just a new way to think
about existing SOA architecture, combined with containers to create a new
deployment model within applications.
Microservices, while being sometimes touted as the new thing, are actually very similar, if not the same, as a
long-time existing architecture: SOA,
except nowadays it would be hard to put
the SOA label on something and not be
frowned upon, he said. Microservices
have probably contributed to making us
aware that services should be small and
autonomous, so in that sense, maybe the
word has provided value. Combining
them with containers, which contribute
to an autonomous deployment model, it
definitely does give rise to new potential
scenarios that can provide value, as well
as introduce new challenges to overcome in increasing the complexity of
ALM if not managed appropriately.
Within a more componentized application, Orasis McElwee said its even
more critical for developers and testers
throughout the ALM process to
meticulously test each
component.
ALM
must
now be able to
handle agile concepts, where smaller
portions of development
such as Web services change often and
need to deployed rapidly to meet customer demand, said McElwee. These
smaller application component
changes must be validated quickly
for both individual functional and
larger system impacts. There
must be an analysis to detercontinued on page 42 >
41
42
SD Times
July 2015
www.sdtimes.com
mine where failures are likely based on

history so that higher-risk areas can be
validated quickly. The ability to identify
tests and associated data components
are critical to the success of these smaller components.
Managing the modern automated pipeline

For enterprise organizations and development teams to keep a handle on an
accelerated delivery process with more
complex applications to a wider range
of platforms, Bittner believes ALM
must provide visibility and control
across the entire tool chain.
Theres a tremendous need for a
comprehensive delivery pipeline, he
said. You have Continuous Integration
tools handling a large part of the pipeline
handing off to deployment automation
tools, and once things get in production
you have application analytics tools to
gather data. The evolution of this ecosystem demands a single dashboard that
lets you know where things are in the
process, from the idea phase to the point
where its in the customers hands.
To achieve that visibility and end-toend control, some ALM solution
providers are relying on APIs. TechExcels director of product management
Jason Hammon said that when it comes
to third-party and open-source automation tools for tasks such as bug tracking,
test automation or SCM, those services
should be tied with APIs without losing
sight of the core goals of ALM.
At the end of the day, someone is
still planning the requirements, he
said. Theyre not automating that
process. Someone is still planning the
testing and implementing the development. The core pieces of ALM are still
there, but we need the ability to extend
beyond those manual tasks and pull in
automation in each stage.
Thats the whole point of the APIs
and integrations: Teams are using different tools. As the manager I can log in
and see how many bugs have been
found, even if one team is logging bugs
in Bugzilla, another team is logging
them in DevTrack, and another team is
logging them in JIRA. We cant say,
Heres this monolithic solution and
ALM rules and principles to follow

Magdy Hanna, CEO of Rommana Software and chairman of the
International Institute for Software Testing, laid out some of the
most important rules, tips and crucial components that a developer,
project manager or tester must focus on in the ALM process.
n Whats in an ALM tool: Application life-cycle management is
supposed to span the whole life cycle, so a tool is not considered
to be an ALM tool unless it supports every phase of an application
life cycle, said Hanna. The first characteristic of an ALM tool is
supporting every single phase, from inception, requirements, planning and management to development, QA and testing, and Magdy Hanna
change management.
n Collaboration: Collaboration is critical to every life cycle, said Hanna. A tool needs
strong collaboration support to allow a team to communicate on the spot in real-time,
and all collaborations must be documented in the tool. When products last a long
time, people will have questions about why decisions were made. Teams must always
have the ability to go back and look at the collaboration notes.
n A hybrid agile mindset: In ALM nowadays, no company will run all agile or all nonagile projects. Every company runs a hybrid set of projects, said Hanna. As a result,
organizations and teams within organizations must meet agile and non-agile seamlessly, and you dont need a separate set of tools for both. Agile has taken some very
good software engineering practices weve had for years and expanded on them.
n Feature-based project management: We need to change our thinking about project
management, said Hanna. Weve been treating requirements management as managing tasks and resources, but a project should really be managed based on features,
which are the most important factors of any product: what were delivering to customers. In feature-based project management, we focus on managing whos assigned
a specific feature and whos designing, coding and testing that feature.
n Traceability: The whole reason ALM came about was to help us ensure the traceability
that single-solution tools do not have: backward and forward traceability between every
artifact of an application, said Hanna. A critical component of ALM is one single repository where all artifacts are stored to pull any report to link all these pieces together.
n QA and testing: ALM tools must document on the fly in an agile project, said Hanna.
If I have a QA team performing some kind of exploratory or ad hoc test (I call it on-thefly testing), I should have an easy way to document an idea very fast with one line.
n Versioning support: ALM needs the support of versioning, but when we moved to agile,
many forgot about versioning, said Hanna. An ALM tool needs to support versioning of
not just user stories but all the testing artifacts to allow for change management.
n Dont be reliant on requirements: We should never be relying on requirements or
user stories for development and testing, said Hanna. No one can write good
requirements. So if you have poorly written requirements, you will have poorly written code. Developers must think in scenarios: What kinds of use cases could possibly
occur in production? The code we write will only handle 20% to 30% of what will happen in the field, so we give the users tools. Doing it right the first time means an ALM
tool supports an ALM methodology. A tool without a methodology is nothing. z
Rob Marvin
everyone should use just this. People

dont work that way anymore.
Keeping track of all these automated
processes and services running within a
delivery pipeline requires constant information. Modern ALM suites are built on
communication between teams and
managers, as well as streams of real-time
notifications through dashboards.
Anywhere in the process where you
have automation, metrics are critical,

said HPs Brayley-Berger. Being able
to leverage metrics created through
automation has become a valuable way
to course-correct. Were moving more
toward an opportunity for organizations
to use these pieces of data to predict
future performance. It almost sounds
like a time-travel analogy, but the only
Quality Isnt Coincidental

Performance Isnt Optional
Orasis Quality Assurance Tools and Services
Turn Intention into Reality
User expectations keep escalating, even as
tools from Orasi. From team-activity data
budgets get tighter and release cycles grow
monitoring, analysis and reporting to defect
shorter. Superior application quality and
synchronization between QA and development,
performance arent negotiable, and apps that
Orasis palette of solutions are your safety net
dont meet the challenge experience broad
in a very risky world. Stop regrettingstart
user rejection.
achieving.
Reduce the risk of failure and increase user

adoption with quality assurance services and
Orasi Software, Inc.

114 TownPark Drive, Suite 400
Kennesaw, GA 30144
Automate Your
Mobile
Testing
to Increase Device
Coverage and
App Reliability
Global
Consulting
Services
Provide Right
Skills for Any Task
Automate Your
Test Data
Management
for Fast
and Accurate
Testing
www.orasi.com
Functional &
Performance
Testing
for the Busiest
of Software
Development
Schedules
Developed by JetBrains, makers of the legendary IntelliJ IDEA
jetbrains.com/youtrack/agile
www.sdtimes.com
July 2015
SD Times
Requirements must keep pace with agile

BY DAVID RUBINSTEIN
It long has been understood that

requirements are the very first step in
the application life cycle. After all, you
cant build what you dont know, so
requirements are what inform software
development from the beginning.
Requirements take time to create,
though. Business meetings result in ideas
for new products or features, and then
business analysts need to put that into a
form developers can work with to create
the software. Often, those requirements
are in a large document, delivered to
programmers who then have to mentally
transpose the language of requirements
to a programming language. In the end,
the expectation (sometimes more a
hope) is that the developer will have
understood the requirement correctly
and built the right thing.
Today, though, the name of the game
in software development is velocity.
Development shops are going agile,
reducing projects that took a year or
more to finish into smaller deliverables
that come out in a matter of weeks or
even days. So, the lengthy requirements
process doesnt seem to mesh with highvelocity software development.
Large companies are moving to
agile but still struggle, said Bryan Lipson, director of product definition at
requirements-management solution
provider iRise. They do a requirements
document on the business side and
hand it to IT. There it gets siloed up into
user stories, so [the process] starts traditional but becomes agile. Other [organizations] are real aggressive with agile.
They start projects without writing
much down, but find theyre using iterations to fix prior iterations. Iterating in
code can be expensive... Even in agile
shops, there needs to be a process to
flesh out and iron out requirements
before coding begins.
As agile turbo-chargesw the life cycle,
its important for requirements to keep
pace. But according Mik Kersten, CTO
of Tasktop, Its meshing terribly. The
bottom line is it has to mesh, but the
What exactly ARE requirements?

Requirements define the things we want our applications to do, but before they are
requirements, Microsofts agile guru Sam Guckenheimer said, they start as a belief.
Everything is a hypothesis, he said. The hypothesis has to be turned into an
experiment, substantiated or diminished with data. Then, you either do more or do
something else. What we get is validated learning.
The goal, said Guckenheimer, is to get the maximum validated learning at the least
cost by having your hypothesis validated or diminished in the shortest time possible.
Or, as Tasktop CTO Mik Kersten more succinctly stated, requirements are what youre going to build to delight users and how you
make sure youve got all the right parts.
Guckenheimer said experiments change requirements thinking
from how good the organization is at predicting the future to how
many experiments can it run per unit of time that are substantiated by data. He called this an extension of the build-measure-learn
principle.
Guckenheimer gave an example of a company with the requireMik Kersten
ment of raising customer engagement. Under the old way of thinking, the company would come up with features it thinks will achieve the goal, and spec
them out for development. Today, he said, the first question to ask is whats the first
meaningful experiment that can be done to raise customer engagement.
So maybe we run an AB test on the sign-on experience. Does that move the needle? said Guckenheimer. Next is an opportunity to run another experiment. Your
opportunity to [achieve] the business goal is gated by the number of meaningful
experiments you can run in the unit of time you have.
Why do this? Our ability to predict the outcome, he replied, is not as good as we
think. z
David Rubinstein
gears are turning at different speeds.

Theres a directive from the CIO to
become more agile. Agiles great. The
result is that development is faster, but
nothings changing in requirements.
Organizations need to figure out
how to get requirements and traceability throughout the life cycle, or Youre
not getting the ROI on your agile
investment, said Kersten. Writing
requirements in Word and updating
them every six months, he said, is no
longer competitive.
Chained to legacy systems

Organizations need speed to be competitive, yet most of their outward-facing
Web applications are tied to back-end
systems that are not designed for quick
change. That leaves organizations facing
the dilemma of having two-speed (or
bimodal) IT. You need a fundamentally
different process for both delivering
new products to new customers and new
channels using new technology, and for

maintaining and updating the legacy
back-end systems, according to Justin
Arbuckle, chief enterprise architect and
vice president of EMEA at DevOps
company Chef.
Theres the unicorn stuff, delivering
at high speed, with little or no compliance, and little technical debt, he said.
Legacy systems are all about compliance, with a lot of technical debt. This
has created the view that innovation and
compliance are orthogonal. Basically,
organizations are saying, Pick one. But
that does not have to be the case.
It turns out that building a highvelocity development pipeline enables
compliance. The requirements you get
from a compliance program, for workflow, say, or security, are likely vague
and ambiguous. Its in a 300-page Word
document that a developer has to interpret and turn into code. But automacontinued on page 46 >
45
46
SD Times
July 2015
www.sdtimes.com
Requirements must keep pace

tion tools [like those used in high-velocity development] let you express that
compliance rule in an authoritative
way.
iRises Lipson agrees that it is virtually impossible to define the work that
needs to be done in a Word or Google
document. Instead, he and others advocate for prototyping requirements. This,
though, involves restructuring teams to
include designers, developers and businesspeople from the beginning, not simply keeping them in the loop.
Prototyping allows for a collaborative and iterative experience for all
stakeholders, as end users can annotate
the screen and business analysts can
refine the model. When all are in agreement, the prototype gets turned into
functional and non-functional requirements.
The big velocity gain is from prototyping, said Kevin Parker, vice president of worldwide marketing at Serena.
The way in which development happens has changed. Were in a world of
incremental development. Theres an
ongoing cadence of fine-tuning what
already exists.
In many organizations, visual design-
ers do the prototyping, turning requirements into screens. Following up on the

point made by Microsofts Guckenheimer, Lipson said there is some danger in just looking at a backlog written on
a user card without validating. At the end
of the day, youre guessing a feature
addresses a need.
Prototypes of requirements help
organizations validate that the new functions or capabilities will satisfy a need.
Its all about the feedback
Calling Moscow
The Dynamic Systems Development
Method Consortium has devised a way
to prioritize requirements called MSCW
(or Moscow). There are four components for classifying requirements:
n Must haveWithout it, youre not
even creating a product
n Should haveNot critical, but better
with it
n Could haveFor the evolution of the
product, to see what comes down the pike
n Wish to haveThe Wouldnt it be
awesome? feature. z
David Rubinstein
Requirements are created primarily in

two ways. First, when a company is
planning a new product, it needs to
decide what it wants it to do. But even
then, big requirements are rare, only
seen in specialized, highly regulated
cases, according to Guckenheimer.
Today, he said, organizations do this
little bit, take measurements, learn,
then do the next little bit. We learn as
we go. This continually reduces the
code of uncertainty by gathering the
learning to see what we can do next. Its
a totally virtuous cycle.
The second way to get requirements
is through customer feedback. Before
organizations go into the tunnel to
build the software, Guckenheimer said
organizations should try things with

their customers to understand the
problems theyre facing. This way, we
know that if we solve the problems, and
we have something that they will say,
Yes, well pay for that. Now you have a
minimal product.
Even with a huge journey, Guckenheimer said, you prove that journey one
step at a time, in small batches that
build trust. You create as many feedback loops as possible, from low-visibility telemetry to whos using what to
high-touch engagement about what
they like and dislike. Organizations
should do this, he said, in order to get
that understanding to move the needle
to higher customer satisfaction. z
Where ALM goes from here
way for organizations to go even faster

than they already are is to think ahead:
What should teams automate? Where
are the projects likely to face challenges?
An end-to-end ALM solution
plugged into all this data can also overwhelm teams working within it with
excess information, said Paula Rome,
senior product manager at Seapine
Software.
We want to make sure developers
are getting exactly what they need for
their day-to-day job, said Rome.
Their data feed needs to be filled with
notifications that are actually useful.
The ALM tool should in no way be preventing them from going to a higherlevel view, but we want to be wary of
counterproductive interruptions.
Rome said it was not so long ago that

ALMs biggest problem was that nobody
knew of it. Now, in an environment
where more and more applications exist
purely in the cloud rather than in traditional on-premise servers, she said ALM
provides a feeling of stability.
Organizations are still storing data
somewhere, there are still multiple components, multiple roles and team members that need to be up to date with
information so youre not losing the
business vision, said Rome. But with
DevOps and the pressure of Continuous
Delivery, when the guy who wrote the
code is the one fixing the bug in production, an ALM tool gives you a sort of
DevOps safety net. You need information readily available to you. You can get
a sense of the source code and you can
start following this trail of clues to whats

going on to make that quick fix.
As the concepts of what applications
and life cycles are have changed,
TechExcels Hammon said ALM is still
about managing the same process.
You still need to be able to see your
project, see its progress and make sure
theres traceability from those requirements through the testing to make sure
youre on track, and that youve delivered
both what you and the customer expected you to, said Hammon. Even if
youre continuously Read this story on
delivering, its a way to
sdtimes.com
track what you need to
do and what youve
done. That never
changes, and it may
never change. z
ALM tool suite guide on page 48 >
www.techexcel.com
48
SD Times
July 2015
www.sdtimes.com
A guide to ALM tool suites

n Atlassian: Teams use Atlassian tools to
work and collaborate throughout the software development life cycle: JIRA for tracking issues and planning work; Confluence
for collaborating on requirements; HipChat
for chat; Bitbucket for collaborating on
code; Stash for code collaboration and Git
repository management; and Bamboo for
Continuous Integration and delivery.
n Borland, a Micro Focus company: Borlands Caliber, StarTeam, AccuRev and Silk
make up a comprehensive ALM suite that
provides precision, control and validation
across the software development life cycle.
Borlands products are unique in their ability to integrate with each otherand with
third-party toolsat an asset level.
n CollabNet: CollabNet TeamForge ALM
is an open ALM platform that helps automate and manage the enterprise application life cycle in a governed, secure and
efficient fashion. Leading global enterprises and government agencies rely on
TeamForge to extract strategic and financial value from accelerated application
development, delivery and DevOps.
n HP: HP ALM is an open integration
hub for ALM that encompasses requirements, test and development management.
With HP ALM, users can leverage existing
investments; share and reuse requirements
and asset libraries across multiple projects;
see the big picture with cross-project
reporting and preconfigured business
views; gain actionable insights into who is
working on what, when, where and
why; and define, manage and
track requirements
through every step of
the life cycle.
n IBM: IBMs Rational solution for Collaborative Lifecycle Management is
designed to deliver effective ALM to agile,
hybrid and traditional teams. It brings
together change and configuration management, quality management, requirements management, tracking, and project planning in a unified platform.
n JetBrains: JetBrains offers tools
for both individual developers as well
as teams. TeamCity provides Con-
tinuous Integration and Deployment, while

YouTrack provides agile project and bug
management, which has recently been
extended with Upsource, a code review and
repository-browsing tool. Alongside its individual developer offerings, which consist of
its IDEs for the most popular languages on
the market as well as .NET tools, JetBrains
covers most of the needs of software development houses, moving toward a fully integrated solution.
reports, use cases, timelines, change

requests, estimates and resources; one
common repository for all project artifacts and documentation; full collaboration between all team members around
the globe 24x7; and extensive reporting
capabilities.
n Kovair: Kovair provides a complete integrated ALM solution on top of a Webbased central repository. The configurability of Kovair ALM allows users to
collaborate with the level of functionality
and information they need, using features
like a task-based automated workflow
engine, end-to-end traceability, easy collaboration, and support for both agile and
waterfall methodologies.
n Seapine: Seapines integrated ALM

suite enables product development and
IT organizations to ensure the consistent
release of high-quality products, while providing traceability, reporting and compliance. Featuring TestTrack for requirements, issue, and test management;
Surround SCM for configuration management; and QA Wizard Pro for automated
functional testing and load testing, Seapines tools provide a single source of truth
for project development artifacts, statuses
and quality to reduce risks inherent in
complex product development.
n Microsoft: Visual Studio Online (VSO),

Microsofts cloud-hosted ALM service,
offers Git repositories; agile planning; build
automation for Windows, Linux and Mac
OS; cloud load testing; DevOps features like
Continuous Deployment to Windows, Linux
and Microsoft Azure; application analytics;
and integration with third-party ALM tools.
n Serena Software: Serena provides

secure, collaborative and process-based
ALM solutions. Dimensions RM improves
the definition, management and reuse of
requirements; Dimensions CM simplifies
collaborative parallel development; and
Deployment Automation enables deployment pipeline automation.
n Orasi: Orasi is a leading provider of

software, support, training, and consulting
services using market-leading test-management, test automation, performance
intelligence, test data-management and
coverage, Continuous Delivery/Integration, and mobile testing technologies.
Orasi helps customers reduce the cost
and risk of software failures by focusing
on a complete software quality life cycle.
n Sparx Systems: Sparx Systems Enterprise Architect provides full life-cycle

modeling for real-time and embedded
development, software and systems engineering, and business and IT systems.
Enterprise Architect is a team-based
modeling environment that helps organizations analyze, design and construct reliable, well-understood systems.
n Polarion: Polarion ALM is a unifying collaboration and management platform for

software and multi-system development
projects. Providing end-to-end traceability
and transparency from requirements to
design to production, Polarions flexible
architecture and licensing model enables
companies to deploy what they need, onpremise or in the cloud.
n Rommana: Rommana ALM is a fully
integrated set of tools and methodologies
that provides full traceability among
requirements, scenarios, test cases, issue
n TechExcel: TechExcel DevSuite is

specifically designed to manage both
agile and traditional projects, as well as
streamline requirements, development
and QA processes. The fully definable
user interface allows complete workflow
and UI customization based on project
complexity and the needs of cross-functional teams. DevSuite also features builtin multi-site support for distributed
teams, two-way integration with MS Word,
and third-party integrations using RESTful APIs. DevSuites dynamic, real-time
reporting and analytics also enable faster
issue detection and resolution. z
SDT315 page 51,52,54,55_Layout 1 6/17/15 4:47 PM Page 51
www.sdtimes.com
July 2015
SD Times
pen-source software is becoming the backbone of the software

development industry, helping
to spur innovation, reduce time
to market and lower costs.
According to Jim Zemlin, executive
director of the Linux Foundation, almost
every device or piece of software we use
today contains some open-source code.
There are hundreds and thousands
of products and services that we all
depend on every day that contain a vast
amount of open-source software, he
said. Whether it is every single
Android device out there, whether it is
an Apple iPhone, a Windows product,
you name it, there are lots of opensource software in there.
It is no longer a matter of whether
an organization should take advantage
of open-source software; its also a matter of understanding, handling and
managing all the open-source software
coming in.
Just because open source is easy to
grab off the Internet and it is so easy to
integrate into your product, it is no
excuse for not making sure it is secure,
said Dave McLoughlin, director of
open-source auditing at Rogue Wave.
What to consider
Understanding what licenses are in play

and what liabilities you may be dealing
with are crucial to avoid legal trouble
Open source has become more popular

over the past few years because of its
ability to get organizations to market
faster. According to Mahshad Koohgoli,
CEO of Protecode, it is hard to survive
in todays software development world
without the use of open source.
Each software would not be possible without open source, without code
reuse, he said. No organization can
possibly create these highly functional,
complex software on their own. Open
source is the only way.
But just because people use the term
free and open source doesnt necessarily
mean that the software is free. The
free in free and open-source software
refers to the free software movement,
from which open source has sprung,
said the Open Source Initiatives (OSI)
board of directors. Free here means
freedom, not price. Think of it as the
freedom to... or liberty.
51
52
SD Times
July 2015
www.sdtimes.com
The freedoms of free and opensource software include the ability to

run the program; the ability to read,
study and modify the code; the ability
to make and redistribute copies; and
the ability to distribute copies of modified versions, according to the OSI.
But the freedoms and benefits that
open source enables, such as a lower
total cost of ownership, higher quality
and faster innovation, can also pose a
risk to your company.
Open source can be a veritable candy store of resources for developers,
and also provide time and resource-saving shortcuts for organizations integrating and developing code. But its not a
panacea, said Bill Weinberg, senior
director of open-source strategy at
Black Duck.
For instance, if an organization
doesnt comply with the license associated with a particular chunk of opensource code, it risks being sued. If it
doesnt check the code it is using, it could
potentially damage its services and systems. And if the organization doesnt
dont know where the code came from in
the first place, then it may not be aware
of any incompatibility issues or any obligations that the license requires.
These risks can cause organizations
to shy away from using open-source
software, but if they know what they are
dealing with, open-source doesnt have
to be an intimidating space. According
Rogue Waves McLoughlin, there are
three areas that organizations sometimes forget to consider: compliance,
security and support.
Open-source software comes with
licenses that users are expected to comply with. If an organization doesnt
comply, then it can open itself up to
legal liability, according to McLoughlin.
Also, there are certain types of licenses
that may back users into a corner, such
as the GNU license that in some
instances requires users to release their
modified work under it and provide the
Types of open-source licenses

There are thousands and thousands of open-source licenses. The Open Source
Initiative recognizes approximately 60 of them, but that leaves about 2,000
self-styled and completely original open-source licenses, according to Black
Ducks Weinberg.
These licenses can fall into two basic categories: permissive and
restrictive.
Permissive licenses are ones that require minimal obligations
from a company, such as attribution requirements, according to
Mahshad Koohgoli, CEO of Protecode. For instance, all you have
to do is make sure your product that uses the open-source code
is shipped with a notice that says [the] product uses this opensource software, he said. The attribution comes in different
forms, and they have to maintain the code or include the original lines of attribution on the top their software.
Then there are restrictive licenses, typically called copyleft
licenses, which generally allow you to use software for any purpose (but with
various types of restrictiveness). The idea of restrictive licenses is to put a set of
terms that restrict how the open-source code is distributed so that users cant put it
under any set of terms they want, according to Dave McLoughlin, director of opensource auditing at Rogue Wave. Some licenses very specifically say you can use
this code, it is free, you can modify it, you can use it any way you want, you can
put it in a commercial product, etc. But you cant change the license, and any
work that you create with this product, diverted work, any modifications that
you made to it, have to be under this original license, he said. The idea is to
keep open-source software open source so that it isnt closed-sourced by a
commercial vendor in the future, he explained.
The most common licenses include the GNU General Public License,
MIT License, and Apache License.
Some of the less common (but more interesting) licenses include
Beerwarewhich allows a user to use the software how they like,
but if they ever come across the author, they are recommended to
buy them a beer; Do What the F*** you want Public License (WTFPL)which means basically what it says; and the VoidSpace
licensewhich states the author is not responsible for damages
Christina Mulligan
that may occur. z
source code.
But the point of a license isnt
necessarily to threaten an organization
into compliance, according to Black
Ducks Weinberg. Open-source licenses
are meant to protect someones unique
property rights, and also guarantee the
free and unencumbered distribution of
the source code. The originators of free
and open-source software were trying to
ensure that their works would be available to other users and communities
and downstream inheritors without the
code being sucked up by a proprietary
interest and never being made
available, he said.
Proprietary licenses, for
example, can limit a users permission to use the software, and
they can sometimes contractually take

away the rights users would have under
copyright law, according to the OSIs
board of directors.
As the open-source community saw
with major events like Heartbleed,
open-source code can open your software to security vulnerabilities. Being
aware of the security aspects are essential, and organizations need to be aware
of any known security issues, according
to McLoughlin. Hopefully you are
doing some type of static code analysis,
some type of analysis of your code so
that you understand if it opens you up
to any security vulnerabilities, and then
you have to track that code on an ongoing basis as new vulnerabilities are
54
SD Times
July 2015
www.sdtimes.com
found in the future, he said.

And then there is the question of
support. Normally when you purchase a
commercial product, the organization
you buy it from provides some level of
support, or you can purchase a support
contract, according to McLoughlin.
With open source, the question is
where that support will come from.
Organizations need to look at opensource code and understand whether or
not they are going to be responsible for
managing, fixing and supporting it
internally; if they should outsource support to a third-party; or if the author of
the code will be updating the code.
Open-source policies
Developers who scour the Internet
looking for open-source software
shouldnt have to consider things like
security, support and compliance every
time they want to look for a piece of
code. Organizations should have open-
Tools by themselves cannot ensure

compliance, but they can aid
organizations in understanding how they
are using open source.
Bill Weinberg, Black Duck
source policies in place that answer

those questions.
An open-source policy captures the
considerations around adoption of
open-source software (OSS) in an
organization. The policy ensures that
the benefits of OSS are maximized,
while OSS adoption risks at legal, operational and business levels are managed, said Protecodes Koohgoli.
Each open-source policy should be
tailored to an organizations culture and
objectives, but there are some key factors they should consider incorporating.
The key is not to approach compliance with the aim of What can I get
away with, but rather How can I meet

the expectations of the developers who
gave me this software, said the OSI
board of directors.
According to Black Ducks Weinberg, open-source policies should
include what licenses are permitted or
blacklisted, the context of how a license
is used (for instance GPL is okay for
Linux kernel code, but not applications), who is going to take ownership
of particular OSS components, and
under which licenses will the company
publish its own open-source code.
In
addition,
Rogue
Waves
McLoughlin said that policies should
Linuxs self-assessment open-source compliance checklist

Linuxs executive director Jim Zemlin recommended organizations take a self-assessment checklist to understand whether or not
they are in compliance. We recommend that
there be a set of processes for reviewing the
code youre using, making sure you understand what all of it is and what requirements
for each of the different components are,
and then being able to make the process of
complying very simple, he said.
According to Linux, the checklist should
include:
Linuxs Jim Zemlin
n Discover and disclosure: identifying emphasizes training in
open-source licenses
using open source.
n Review and approval: evaluating how the
open-source software will be used and distributed
n Obligation satisfaction: complying to the open-source license
requirements
n Community contributions: how the organization is going to
review and approval contributions internally and externally
n Policy: encouraging the use of open-source software and protecting business needs
n Adequate compliance staffing: having the appropriate skills
and resources necessary to comply
n Adaption of business processes: how open-source compliance
is going to fit into other business practices
n Training: the company has been trained and understands how
to comply
n Compliance-process management: establishing, maintaining
and enhancing an open-source compliance policy

n OSS inventory/recordkeeping: tracking open-source content
and compliance
n Automation/tool support: how tools are going to help the
organization comply
n Verification: assuring that the company and employees are
able to adequately meet OSS requirements
n Process adherence audits: determining if the organization is
on the right track with its compliance program.
According to Zemlin, it really isnt any harder to comply with
open-source licenses than it is to comply with a proprietary
license. We think with just a little bit of training, organizations
will be confident to use open-source software and will get the
benefit of billions of dollars worth of software and innovation
that comes with it, he said.
But according to Bill Weinberg, senior director of opensource strategy at Black Duck, compliance would be easy if it
was just one piece of code and one license. We know organizations that are using thousands upon thousands of open-source
software components, and in that case compliance and governance can be quite complex, he said.
Weinberg added that the terms found in licenses can be confusing, and even if an organization thinks it understands the
terms, its lawyers might have a different opinion or disposition, so
compliance shouldnt be left to any one part of the company. He
recommended organizations adopt a cross-disciplinary purview
and an open-source licensing board made up of engineering management, legal management and upper management. z
Christina Mulligan
www.sdtimes.com
talk about how the organization is going

to acquire open-source software, how
the code is going to be tracked, how the
organization is going to support opensource software and the community,
and how the open-source software is
going to be checked for compliance.
After building a policy, organizations
also need to figure out how they are
going to enforce it. According to
Koohgoli, an open-source review board
is often put in place by those responsible for getting input from the software
life-cycle teams, making sure software
satisfies the license requirements
before it is released, and educating
their developers on the policies.
Tools to help you comply

When given a choice to code or worry
about compliance, developers will
choose to code, according to Black
Ducks Weinberg. Having to manually
ensure compliance can be a daunting
task and potentially take several hours
every week. Tools can help automate
the process of compliance, but its
important to keep in mind that they
cant guarantee compliance.
Tools [by] themselves cannot ensure
compliance, but they can aid organizations in understanding how they are
using open source (and other software),
and what the organizations need to do to
remain in compliance with open-source
licenses, said the OSI board of directors.
A good set of scanning tools is important to help organizations understand
exactly how much open-source code
they are using in their product and if the
code contains any licenses that are
incompatible with one another. If you
have an organization that 100% tracks
everything that comes into their organization, they still miss open source and
open-source licenses because fundamentally open source uses open source,
said Rogue Waves McLoughlin.
Scanning tools can also help users
understand what version the code is at
and what license is enforced for that
code so that they can tie it into their
policies and products for compliance,
according to Weinberg.
Then, you need some way to track
the open-source code, according to
July 2015
SD Times
The Software Package Data Exchange

The Linux Foundation created the Software Package Data Exchange (SPDX) specification to provide a bill of materials about license information and components included
in open-source code.
Our philosophy here is we want to make the sharing of software not only in the
development process, but in the consumption and redistribution of that software as
simple and plain as possible, said Linuxs executive director Jim Zemlin.
The SPDX was designed to provide organizations a way to see how open-source software relates to other open-source code, what versions of software were used in opensource code, the license and version of that license the software belongs to, and if there
are any vulnerabilities that need to be addressed. Zemlin said the specification is still in
a mid-adoption phase, but as more open-source software is used throughout almost
every aspect of IT, it will become the standard way for sharing open-source data.
SPDX has great potential to act as a common interchange format for licensing
information on open-source software, said the OSI board of directors. It is still a
work in progress, with the latest version of the specification just released [in May].
The SPDX specification process operates similar to an open-source community.
Developers, distributors and providers can contribute SPDX files for their open-source
Christina Mulligan
projects. z
McLoughlin. Tools can provide inventory tracking of open source to manage the
approval process. If you are letting your
developers just bring open source into
your products, and you are not tracking
them, then you are not putting a process
in place that lets you know if there are
known vulnerabilities that could affect
you from the beginning, he said.
In addition, static code analysis
tools can help find bugs and ensure
code quality.
Lastly, the Linux Foundation recommends a linguistic review tool that can
look for any comments about the

source code or future products.
Even if you are not that concerned
about your own code, you should be
concerned about any code that you
acquire, said McLoughlin. There is
practically no software company thats
acquired technology
Read this story on
that doesnt want to
sdtimes.com
know and have a comprehensive list of open
source and licenses in
the technology that
they are acquiring. z
A breakdown of the typical software portfolio

Protecode recently released an infographic highlighting the
importance of understanding the open-source content in a code
portfolio. According to Mahshad Koohgoli, CEO of Protecode,
many organizations worry about accidentally including copyleft
licenses in their codefor instance the GNU Public License (GPL).
Inclusion of GPL code in a company portfolio can force the
company to open their entire codebase to the public, which
could be commercially undesirable, he said.
According to the infographic, which was made up of consolidated findings from an audit of more than a million software
Protecodes Koohgoli files belonging to more than a hundred technology companies,
warns of using GPL
GPL code exists in almost all the portfolios.
code accidentally.
The infographic also stressed the importance of providing
header information in proprietary files, which a majority of
small portfolios dont include.
Many organizations do not include their own copyright information on their software, making the task of determining [their] own IP against third-party and OSS content more difficult, Koohgoli said.
In addition, Protecode found that open-source software containing security vulChristina Mulligan
nerabilities were found in most portfolios. z
55
Learn whats new in

SharePoint and Office 365!
SharePoint in the Cloud?

On Premises? Or Both?
Come to SPTechCon Boston 2015 and learn about the
differences between Office 365, cloud-hosted SharePoint,
on-premises SharePoint, and hybrid solutions.
August 24-27, 2015
BOSTON
Over 70 classes
taught by expert speakers!
This was a great conference that addresses all levels,
roles and abilities. Great variety of classes, great
presenters, and I learned many practical things that
I can take back and start implementing next week.
Kathy Mincey, Collaboration Specialist, FHI 360
Looking for SharePoint 2013 training?

Check out these targeted classes!
Custom SharePoint 2013 Workflows that Use the SharePoint 2013
REST API
SharePoint 2013 Farm Architecture and Visual Studio for Admin
Creating a Branded Site in SharePoint 2013
SharePoint's New Swiss Army Knife: The Content Search Web Part
Moving to Office 365?

Here are some targeted classes for YOU!
Baby-Stepping Into the Cloud with Hybrid Workloads

Demystifying Office 365 Administration
Document Management and Records Management for Office 365
Office 365 Search in the Cloud
REGISTER NOW!
A BZ Media Event
SPTechCon is a trademark of BZ Media LLC. SharePoint is a registered trademark of Microsoft.
www.sptechcon.com
www.sdtimes.com
July 2015
SD Times
Guest View
BY GRAYSON YEARGIN
Encryption export controls explained

A
s global trading explodes, U.S. software companies are expanding their sales and product
development internationally. Whether its a small
company beginning to sell internationally or a
sophisticated company looking to outsource product
development, one issue often overlooked or misunderstood is how encryption functionally can impact,
and in some cases restrict, international activities.
Export issues can arise when selling to customers
outside the United States, or when customers
request information relating to the export control
status of products. They can also appear during due
diligence when a software company is the target of
an acquisition. We routinely hear misconceptions
about U.S. encryption export controls, and here are
six of those misconceptions:
1. Our products do not contain or use
encryption. Almost all software products contain
encryption of some sort. Software may be controlled
for encryption, even if the encryption is actually performed by the operating system, an external library,
a third-party product, or a cryptographic processor.
Further, if a product includes encryption functionality, even if that functionality is not used, the U.S. government evaluates the product based on the included encryption functionality. Such functionality may
be there simply for copyright protection, in which
case the product may not be subject to export controls. Encryption also may be present due to thirdparty licensing requirements, which could cause the
product to be subject to export controls.
2. The government doesnt care about this
type of product. The governments interest isnt
limited to the main purpose of the product; it also is
interested in the products components, libraries and
capabilities. Commercial software is subject to
export controls based on its classification under the
Export Administration Regulations (EAR). To assess
the applicable controls, one must determine the classification of the softwares functional characteristics
and its encryption functionality.
3. I got this product from a major software
developer, and they must have already done
everything to make sure its okay to export it.
This misconception suffers from two flaws. First, it is
important to confirm with a supplier whether the
company has evaluated the export control status of
its product and, if so, whether all regulatory require-
ments have been satisfied. Second, even if the U.S.

government previously reviewed and classified an
encryption software product, additional regulatory
requirements may apply if the encryption functionality or other technical characteristics are altered
when incorporated into another software product.
4. We only utilize foreign-made encryption
products. The U.S. export controls apply not
only to U.S.-origin products, but also foreign-made
products that come into the United States. Accordingly, if a U.S. software company procures a foreign-made encryption product, and incorporates it
into its own product, it is possible that the final
product would be subject to export controls.
5. We registered with the U.S. government,
so were okay. Even companies that have classified their encryption products under the EAR can
make mistakes in connection with exporting their
products. For example, software
companies often mistakenly
believe that obtaining an encryption registration number allows
them to export their products
around the world without restriction.
However,
additional
requirements, such as submitting
classification requests prior to exporting, periodic
reporting of exports, and restrictions on eligible
customers also may apply to those products.
6. We classified our products a while ago, so
were good. This statement has two problems.
First, software products regularly undergo updates.
When updates alter encryption functionality, the
export control status of the product should be reevaluated. Second, in June 2010, the U.S. encryption
export control regulations underwent a substantial
overhaul. Software companies that evaluated the
export control status of their products prior to June
2010 should consider re-evaluating those products
under the amended regulations.
U.S. software companies engaging in international sales or development should evaluate the export
control status of their products. This often requires
reviewing the applicable regulations and determining whether the products are subject to export controls. Once that review is completed, a company
must assess the nature and extent of any applicable
requirements and ensure compliance with them. z
Grayson Yeargin, a
partner in the
Washington office of
law firm Jones Day, was
assisted by associate
Chase Kaniecki.
One issue often overlooked is

how encryption can impact,
and in some cases restrict,
international acitivites.
Read this story on

sdtimes.com
57
58
SD Times
July 2015
www.sdtimes.com
Code Watch
BY LARRY OBRIEN
What made Java win?

Larry O'Brien is a
software developer who
lives on the Big Island
of Hawaii.
avas emergence 20 years ago was the last time

a programming language enamored the
industry. It was not the first time: It had been the
rhythm of the programming community to anoint a
new it mainstream programming language every
seven years or so. While that pattern has clearly
been disrupted, I believe that it is more than possible that another language will sweep into popularity in the coming years.
There were several things that set Java apart. First
was a syntax that seemed, initially, to be close to C++.
C++ at the time was greatly in demand, but many
programmers found it challenging to master. By
1995, lip service to the object-oriented paradigm was
established in most teams, but many developers
struggled with C++, whose flexibility was a twoedged sword: You could program C++ in so many
ways that it was difficult to know which was the correct object-oriented approach.
The syntax of Java led many
programmers to embrace it as a
simpler C++: There was the
thought that you could prototype
an application in Java and then
port it to C++, but you could also
take your C++ codebase and port it to Java to run on
Unix, Windows or the Macintosh.
The familiar syntax led many programmers to
think that not only would their software projects be
potentially portable to Java, but also that they
themselves would become portableimproving
their resums with minimal investment.
I think Javas single-best design decision was
Almost everything is an object. Developers divided their world neatly into compiled versus interpreted languages, and the common wisdom was that
interpreted languages were crippled in their performance. The prejudice against interpreted languages could often be bolstered with a simplistic
benchmark, and the conversation rarely went further. But Java, with its stack-based primitive types,
was resistant to such easy dismissals, and its use of a
virtual machine shifted the conversation from a neat
Compiled is fast, interpreted is slow narrative into
a more nuanced discussion of the state of the art.
Finally, one cannot talk about Javas rise without
talking about the World Wide Web. In 1995, the
Web was where, perhaps, the Internet of Things is
JavaScript is, today, a

programming language that
every developer must master.
Read this story on

sdtimes.com
today: Companies might have some awareness that it

would have some impact, but it was primarily something that geeks enthused about at 9600 baud or less
on CompuServe forums and Usenet newsgroups.
Though it was not clear what the Web might
become, the one thing that was widely agreed upon
was that developers needed more than basic HTML.
While Java had originally targeted embedded systems on consumer devices, Sun capitalized on the
explosion of interest in Netscapes browser and
announced that Java would be integrated in Navigator. Many developers took this to mean the browser was going to become a universal window (or window frame), that HTMLs text-readable tree was
going to be generalized into a common data representation (imagine a hybrid JSON-DOM concept),
and that developers would be able to enhance or
override the evaluation of the DOM.
Yeah, so that didnt happen. Instead, we got the
travesty that was the browser plug-in model, about
which the less said the better.
Instead of plug-ins, Web apps today are the
realm of JavaScript, which is also celebrating its
20th birthday. Originally called Mocha and then
LiveScript, by the end of 1995 Java so dominated
the conversation that it was rebranded JavaScript
despite having absolutely no connection to the
work of James Gosling and his team.
JavaScript is, today, a programming language
that every developer must master. Not only is it at
the core of every browser-based app, Node.js has
gained a substantial server-side share of it as well.
But while I think JavaScript is important, I think its
a poor foundation for enterprise development. Of
course, Java has flaws too, and its success was aided
by contingency, misperception and lucky timing.
But it seems to me that if anything can restart the
cycle of programming language dominance, its the
manycore era. Admittedly, distributed cloud computing and post-PC mobile forms have diminished
the primacy of desktop performance, but I believe
this is only delaying an inevitable demand for a new
concurrency model for mainstream development.
I think the most appealing language is likely to be
a hybrid object-functional language, but that may be
based more on advocacy than analysis. What do you
think? What language can you imagine writing a retrospective on in 2035? z
www.sdtimes.com
July 2015
SD Times
Analyst View
BY JOHN R. RYMER
Your digital business cornerstone

H
aving been the first to move on advanced

digital customer experiences, consumerbrand companies like GE, Home Depot, Lowes,
Coca-Cola, and Under Armour/MapMyRun
learned that the platforms for their modern digital
apps are as crucial to their success as investments
in capital, supply chain, labor, and product management. Yet, in the age of the customer, these
brands are struggling when trying to answer one
crucial question: Whats our digital platform?
The recent explosion of digital customer experiences is raising the bar on customer operationsand
shifting how brands think about application platforms. The customer experience must now span not
only digital touchpoints, but also apps and services in
corporate data centers, from commerce providers,
social networks, and in connected devices. Why? To
reach customers wherever and whenever opportunities arise with personal, contextualized interactions
(all supported by customer operations processes).
Failing to do so will leave customers disappointed,
demotivated and disconnected.
A modern fitness experience with the MapMyRun app shows how UnderArmour bridges
services in consumer, commerce, corporate and
connected devices to provide an engaging, immediate and personal experience for one customer.
Consumer and connected: The MapMyRun
app tracks Bill throughout his run, serving as a virtual
coach. It uses sensor and GPS data from the phone
to give him up-to-the-second feedback on his pace,
distance, duration, caloric burn, route and speed.
Corporate: MapMyRun can connect to Bills
social network of runners, finding that his friend
Susie is running at a pace he aspires to match. By
tapping corporate customer records, MapMyRun
connects their runs, placing Susie, virtually, on
Bills run through Live Tracking.
Commerce: MapMyRuns partner Under
Armours tracking database notifies Bill that he just
hit 300 miles on his running shoes, so its time to get
a new pair. The app then offers to take Bills order on
the spot, rather than visit the UnderArmour website.
The rich, unified experience MapMyRun offers
Bill is what brands should aspire to deliver to their
customers. But as they attempt to tackle customer
scenarios that cross all four domains, brands should
expect to encounter a new set of boundaries.
One platform to bridge all domains does not

exist and is an impossible dream in application
development because each domain employs its own
application platforms, protocols, data models, trust
expectations, methods, talents, and business ownership. Instead, developers will need to employ three
categories of interconnection services to achieve
this goal, creating one platform to rule them all.
Experience platform services: These services assume customers will use different channels as
appropriate, creating a need for the visual experience and application behavior to be both consistent and responsive across devices.
Insight platform services: These services calculate the customers context and situation, relying
on analytics services that are fast enough to recognize situations and opportunities based on realtime data from sensors.
Application
platforms:
These platforms run app services,
help weave independent services
into cohesive customer experiences through API management
and orchestration, and provide
key application support functions,
including identity and permissions coordination.
John R. Rymer is a
Vice President and
Principal Analyst at
Forrester Research.
Beyond digital touchpoints,

the customer experience
must span apps and services
in corporate data centers
Answering the crucial question

When attempting to define the best platform for
modern digital apps, brands will look to vendors
for solutionsand find great variations. Two vendors (Microsoft and Google) deliver on all four
domains and interconnection services. Other vendors have gaps in their product portfolios. For
example, IBM, SAP and Oracle are strongest in the
corporate domain but are weak in the consumer
and commerce domains, while Apple and Amazon
are strongest in the consumer and commerce
domains but are weak in the corporate domain.
Understanding the capabilities of each vendor to
deliver on the consumer, commercial, corporate and
connected domainsparticularly those that interconnect domainswill determine who ultimately
wins in delivering the digital app platform of the
future. Brands should start specifying their needs
now in order to find the strategic vendor that will
help them serve customers in todays digital world. z
Read this story on

sdtimes.com
61
62
SD Times
July 2015
www.sdtimes.com
Industry Watch
BY DAVID RUBINSTEIN
Apps are the key to BPM

David Rubinstein is
editor-in-chief of SD Times.
eres a statement I never thought Id hear:

In the past, [Business Process Management] has been too much focused on process.
But thats exactly how Miguel Valdes Faura, CEO
and cofounder of Bonitasoft, views the market today:
less talk about process and more about applications.
After all, it is applications that use these business
processes, and if the apps arent engaging, it will be
difficult to get folks to use them.
There are three components to applications:
business logic, the user interface, and business data.
Todays applications are being built in a faster, more
efficient way. But, Valdes Faura noted, Its hard to
maintain [an app] and make
changes as quickly as business
would like. Lets say you want to
change the process, or add a
menu to the UI, or change the
business data model, or simply
add a field to a form. All of this
affects the application. An app is
more than a process; its the data model and the UI.
But certain business processes do different
things. Some are back-end, like human resources
or business administration. Those processes do not
need to be changed often. Other processes,
though, are connected to customer-facing applications, which introduces new challenges.
For back-office operations, the focus remains
on cost optimization and resource and asset utilization, explained Comindwares Maria Kozlova.
For customer-facing business processes, such as
lead management, customer request management,
customer trouble ticketing and such, the priority is
on a consistent customer experience, eliminating
data loss or data duplications, enabling multi-channel operations and availability on mobile devices.
Part of the dynamic, Kozlova said, is in application
development. Back-office operations are normally
well defined and do not require constant change.
The virtue is stability, compliance and control. In
contrast, front-office processes are the core of the
competitive advantage. This is where businesses
fight over every inch to survive. Such processes are
very dynamic and require extremely high flexibility
and configurability of the supporting systems.
Bonitasoft is actually targeting developers with
its newest release, Bonita BPM 7, which was made
Creating ironclad business

processes can doom
businesses into being locked
in to them.
Read this story on

sdtimes.com
public on June 18. The company is exposing its

BPM services as REST services, and it is embracing the new generation of developers with the
JavaScript library Angular.
These developers already get HTML, JavaScript
and REST. We want to make it easier for them to
create process-driven applications, said Valdes Faura. The new platform has a tool to build the process,
which business analysts would use, and a tool for
developers to build the user interface. The platform
provides visibility across the whole process, he said.
A drag-and-drop interface makes it easy to create
processes in the applications, but the platform also
gives developers a way to expand their applications
by adding their own components, Valdes Faura said.
Comindwares Kozlova agreed that The more
that can be outsourced to business users for them
to configure, run and change, the better. The
renowned gap between business and IT is a significant showstopper for many businesses.
The company believes that the work items
underlying processes, projects and cases are the
same: tasks, documents and discussions. So, Kozlova
said, whether your priority is forecasting project
completion dates or costs, or routing multiple documents along a loosely defined task flow as in case
management, or mandating a fixed sequence of
actions for the sake of process visibility and control,
the atomic work items are the same. Having them
managed and tracked in separate systemswhile
they are an integral part of every work management
scenario in almost any mid-sized to large business
is disruptive and counter-productive, she said.
Comindwares platform is a fully integrated
work-management solution that covers projects,
processes and cases, and adds social collaboration
that enables quick business application building by
business users.
So, creating ironclad business processes behind
todays applications can doom businesses to being
locked in to those processes and make them miss
opportunities. As businesses realize they are digital
companies that need to respond quickly to changes
in their markets, they need a new approach to creating their projects and processes. Platforms such
as those discussed here can provide the agility that
allows the business to keep pace with the speed of
development and change. z
Build Experiences
for Your Users with Enterprise-level
Developer Tools and Solutions
Spread
Versatile Spreadsheet
Data and UI Components
spread.grapecity.com
Xuni
Cross-Platform Native
Mobile UI Controls
Wijmo
goxuni.com
A New Generation of
JavaScript Controls
wijmo.com
ComponentOne Studio
.NET Controls for Serious
Application Development
componentone.com
ActiveReports
Reporting Platform for
Essential Business Needs
activereports.grapecity.com
The GrapeCity family of products provides developers,

designers, and architects the ultimate collection of
easy-to-use tools for building sleek, high-performing, feature
complete applications. With over 25 years of experience, we
understand your needs and have developed a comprehensive
line of products that includes innovative UI controls,
cross-platform data visualization controls, enterprise-level
reporting, analysis, and spreadsheet controls for Windows,
web, and mobile platforms.
2015 GrapeCity, inc. All rights reserved. All other product and brand names are trademarks and/or
registered trademarks of their respective holders.
Learn more and receive

free 30-day trials at
tools.grapecity.com
September 9-10-11, 2015 Rio, Las Vegas
CLASS LISTING
>
>
>
>
>
page 2
>
>
page 7
page 3
page 4
page 5
page 6
page 8
Special Events
Keynotes
Classes: Drone TechCon
Classes: Drone Flyer
Classes: Drone Business
and Precision Agriculture
Industry Panels
Registration Information
Meet with 80+ exhibitors!

Register Today!
www.InterDrone.com
A BZ Media Event
Special Events!
Over 80
Exhibiting Companies!
Award Categories:
Natural Wonders
Cityscapes
Action Sports
Acrobatics
Storytelling
Reel
Best Overall
PLUS!
Page 2
Keynotes
Who Should Attend?

UAV Designers
UAV Engineers
Unmanned Systems
Engineers
Software Architects
Drone Builders
Avionics Engineers
Grand Keynote
Chris
Anderson
CEO of 3D Robotics,
Founder of DIY Drones
What
industries will
be represented?
Agriculture
Security
UAV Pilots
UAS Tactical Simulator

Programmers
Software Engineers
Drone Distributors
HAZMAT Inspection
Design Engineers
System Architects
Action Sports
Unmanned Systems
UAV Systems
Mechanical Engineers Operators
Software Developers Business Development
Managers
Drone Operators
UAV Systems
Project Managers
Specialists
UAV Aviation
Software Engineers
Border Patrol
Climate Monitoring
Keynote
Romeo
Durscher
DJI
Live Broadcast with

ABC Good Morning
America in Vietnam
Meteorology
Construction and Building
Inspection
Motion Pictures and
Cintematography
Newsgathering and Reporting
Surveying and Terrain Mapping
Search and Rescue
Package Deliveries
Propulsion Engineers
Advertising
UAV Program Managers
Keynote
Hardware Engineers
Drone Dealers
Drone Wranglers
Flight Control
Engineers
Robotics Engineers
Embedded
Developers
UAS Operators
Drone Flyers
Product Designers
Aerial
Cinematographers
DroneCode
Programmers
Flight Test Engineers
Daniel
McKinnon
Enterprise Products
at 3D Robotics.
From DIY to the

Enterprise:
The 3D Robotics Story
Damage Assessment
Telecom and Airborne WiFi
Athletic Practice Recording
Pipeline, RR, Bridge and
Infrastructure Inspection
Real Estate, Golf Course, and Resort Marketing
Wildlife Migration and
Preservation
Traffic Monitoring and Flow Analysis
...and more!
Page 3
is Three Technical Conferences!
For Builders
For Flyers and Buyers
More than 35 classes,

tutorials and panels for
hardware and embedded
engineers, designers and
software developers building
commercial drones and the
software that controls them.
More than 35 tutorials and

classes on drone operations,
flying tips and tricks, range,
navigation, payloads, stability,
avoiding crashes, power,
environmental considerations,
which drone is for you, and more!
For Business Owners,

Entrepreneurs & Dealers
Classes will focus on running a drone
business, the latest FAA requirements
and restrictions, supporting and
educating drone buyers, marketing
drone services, and where the next
hot opportunities are likely to be!
Check out these Drone TechCon Classes:
Read full descriptions

online
Build Your Own Flying Drone
Embedded Computer Vision for Safer, Faster Drones
Drone-Captured Crowd Analytics Through Deep

Learning-Based Facial Emotion Recognition
From Flying a Drone to Creating 2D and 3D:

How to Process Images with Pix4Dmapper
Configuration and Tuning Tips with OpenPilot
A Patent Marathon: 50 Drone Patents
Drone-Based 3D Mapping: The Major Data Revolution

Happening Now
Advanced Power System selection and Maximizing

Efficiency in Multirotors
Intro to Electric Power Systems

Overview of Engine Propulsion for
Small UASs
Building Big Data Solutions for Drone
Data: The New Age of Aerial Information
The Dronecode Project - Commercial Drones and
Open Source Autopilots
Why Zero Latency is Essential to UAV HD Live Video
Broadcast
Building a Thought-Controlled Drone
Controlling Autonomous Multicopters Using Mission
Planner
Flying in Wind: State Estimation and Control for Small
Drones, Parts I and II
Mastering the OpenPilot Ground Control Station (GCS)
Applications of Rotation Matrices and Matrix-Vector
Algebra in Autopilots
DroneKit: The Application Platform and

Toolkit for Drones
Indices for Precision Agriculture
The Future of Search and Rescue Utilizing
UAV Technology
Achieving Autonomy through Embedded Vision
Getting Beyond Its Cool Integrating Drone-Derived
Data into Enterprise Workflow"
Turn Rate Fly-by-Wire Control of Fixed-Wing Aircraft
Human Factors Engineering for Drone Systems
Vision Systems for Autonomous and
Operator-Controlled Drones
Fuzzy Logic Control Systems for Fixed-Wing Drones
Protecting Drone Technology with Patents
Satisfying the Spectrum Needs of Small UAVs
Real-Time Requirements for Medium-Haul UAVs
Putting Drones to Work: Meeting the Needs of

Enterprises
Drone Therapy: Convincing Your Drone Not

To Commit Suicide
Small Drone Flight Operations
Selection and Integration of Parachutes Into UAVs
Page 4
Check out these Drone Flyer Classes:

First-Person View (FPV) Flying 101
Multi Rotors and Camera Stabilization On Set
Configuration and Tuning Tips with OpenPilot
Drone-Based 3D Mapping: The Major Data
Revolution Happening Now
Intro to Electric Power Systems
Obtaining Section 333 Exemptions
and Overview of State Law Developments
Overview of Engine Propulsion for Small UASs
Why Zero Latency is Essential to UAV HD Live
Video Broadcast
Zen and the Art of Multirotor Maintenance
Agricultural Use of Drones
Controlling Autonomous Multicopters Using Mission
Planner
Staying Safe at Any Size: Identifying Risks to Your
Small UAS Operation and How to Mitigate Them
Indoor UAS Inspections
Mastering the OpenPilot Ground Control Station
(GCS)
The Legal Requirements for the Commercial Use
of UAS Technology: An International Perspective
Dronalism" is More Than Pretty Photos"
Putting Drones to Work: Meeting the Needs

of Enterprises
Small Drone Flight Operations
Better Cinematic Results from Aerial Video
From Flying a Drone to Creating 2D and
3D: How to Process Images with
Pix4Dmapper
How to Legally Fly Unmanned Aircraft
State Drone Privacy Laws: What Are They
and How Likely are You to Break One?
The Future of Search and Rescue Utilizing UAV
Technology
Drone Laws: Intended and Unintended
Circumstances
Safe and Efficient UAV Operations
Developing Pilot Operating Handbook, Flight
Operation Manuals, and Implementing a
Safety Management System
Surviving the Zombie Apocalypse: Leveraging
Drones for Disaster Response
Using Drones for Live Broadcast
Small UAS Safety Considerations in the Chemical
and Hazardous Environments
UAV/Drone Aerial Panoramas
Selection and Integration of Parachutes Into UAVs
Drones and Insurance: The Cost of Ownership
Read full descriptions online at www.InterDrone.com
Page 5
Read online about these Drone Business Classes:

2015 Year of Drone - Changing Publics Perception of
Drones
Getting Your UAS Off the Ground - Legal Consideration
in Forming UAS Companies and Raising Capital
How to Legally Fly Unmanned Aircraft

A Patent Marathon: 50 Drone Patents
State Drone Privacy Laws: What Are They and How
Likely are You to Break One?
Obtaining Section 333 Exemptions and Overview of

State Law Developments
The Future of Search and Rescue Utilizing UAV

Technology
Starting an Aerial Photography

Business
Drone Laws: Intended and Unintended

Circumstances
Building Big Data Solutions for

Drone Data: The New Age of Aerial
Information
Drones and the Law - Whats on the Horizon
Building a Successful Business Utilizing Drone
Technology
The Legal Requirements for the Commercial Use of UAS
Technology: An International Perspective
Drones and Insurance: The Cost of Ownership
Everything You Need to Know About Venture Funding
Putting Drones to Work: Meeting the Needs of Enterprises
Finding and Landing International Customers
Getting Beyond "Its Cool" - Integrating

Drone-Derived Data into Enterprise Workflow
Open for Business: Path to Safe, Legal, and Insured
Commercial Drone Operations, Part I
Protecting Drone Technology with Patents
Satisfying the Spectrum Needs of Small UAVs
From Government to Commercial UAVs: Pitfalls and
Lessons Learned
Open for Business: Path to Safe, Legal and Insured
Commercial Drone Operations, Part II
Drones that Produce Wind Energy will Become a Trillion
Dollar Business
Somebodys Watching You: How to Comply with
U.S. Export Controls on Unmanned Systems
Special Prcision Agriculture Track!

Methodologies and techniques for getting the most out of
your field. Learn about the future of precision agriculture
and what you can put to work for your farm today!

From Flying a Drone to Creating 2D and 3D: How to Process Images
with Pix4Dmapper
Indices for Precision Agriculture
Little Drones and Big Data
Drone Opportunities for Precision Agricultural
Making Sense of It All: Feeling out Drone Sensor Technology
Page 6
PLUS!
Industry Panels!
Wednesday, Sept 9th
Friday, Sept 11th
9:00am - 10:00am
The Defense Industry Goes Commercial
8:45am - 9:45am
Mapping the World - Innovation in LiDar and 3D Mapping
10:15am - 11:15am
Insuring Your Drone Business: What You Need to Know
10:00am - 11:00am
Dronalism: Charting the Course for Newsgathering
with Drones
11:30am - 12:30pm
Leading VCs Discuss Next Wave of Drone Innovation
Under the Hood: Next Generation Chips and

Manufacturing
2:15pm - 3:15pm
FAA Regulations: The Latest Outlook
3:30pm - 4:30pm
Little Drones and Big Data
Trends in Aerial Cinematography
Thursday, Sept 10th

9:15am - 10:15am
Saving Lives: Firefighting and Search
and Rescue Tactics
11:30am - 12:30pm
Opportunities for Law Enforcement,
Surveillance and Security
Ways to Fund Your Drone Business
Panelists: Matthew Bieschke
11:30am - 12:30pm
Making Sense of It All: Feeling out Drone Sensor
Technology
Retail Distribution of Commercial Drones
1:30pm - 2:30pm
Integrating Commercial Drones Into our
National Airspace
3:00pm - 4:00pm
Drone Opportunities for Precision Agricultural
Infrastructure Insights: Drone Innovation in Structural
Inspection
2:45pm - 3:45pm
Drones are Good: How UAVS are Saving the World
Soaring Photos: The Future of Flying Camera
Read full descriptions and

panelists bios online
Page 7
Pricing & Registration Information

Register By
3-Day All-Access
Conference Pass
Exhibit Hall, Hangar
and Film Festival
July 24
August 21
Full Price
$695
$745
$795
Save $100
Save $50
$75
$75
Save $50
Save $50
$125
Registration Inclusions
3-Day All-Access Pass Includes:
Admission to both conferences; sessions & classes on September 9-10-11
Admission to all keynotes and panels
Admission to Exhibit Hall on September 10 & 11
Admission to all special events, including the Networking Reception
and Film Festival Reception
Coffee breaks and lunch where indicated
Exhibit Hall PLUS Film Festival Reception Pass Includes:
Admission to the InterDrone Film Festival Reception on September 9
Admission to Hangar September 9
Admission to Exhibit Hall on September 10 & 11
Admission to Networking Reception on September 10
Admission to all Keynotes
Special Rate at Rio Las Vegas

$85/Night*!
Hurry! Rooms will sell out!
Go to
www.InterDrone.com
for more details
Special Discounts
You may combine one of these special
discounts with the Early Registration
pricing to save even more!
GROUP
Group discounts will be given automatically if you register three or more people at once. You can also contact
Camille Barron at cbarron@bzmedia.com to receive the
$100/person discount if your group is unable to register
at the same time. Contact her also for special discounts
for groups of 10 or more.
EDUCATIONAL INSTITUTIONS
Personnel employed by or attending educational
institutions can get a $100 discount off the
Three-Day Pass price by using the code EDU.
USER GROUPS
Contact Stacy Burris, burris@bzmedia.com to see if
your group is eligible for a discount.
NON-PROFIT ORGANIZATIONS
Personnel employed by non-profit organizations can get
a $100 discount off the Three-Day Pass price by using
the code NONPROFIT.
GOVERNMENT EMPLOYEES
Government, Federal, State and Local Government
employees can receive an additional $100 off the
Three-Day Pass price. Enter the code GOV in the
discount code field.
STUDENTS
Students receive a flat rate of $395 for a Three-Day
Pass. Please e-mail registration@bzmedia.com with a
copy of your student identification in order to get the rate.
A BZ Media Event
Page 8

SD Times 315

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SD Times 315

Uploaded by

Copyright:

Available Formats

SDT315 Cover Tip_Layout 1 6/8/15 2:13 PM Page 1

SDT315 Cover Tip_Layout 1 6/8/15 2:06 PM Page 2

SDT315 cover_Layout 1 6/19/15 2:40 PM Page 1

Google goes end-to-end with

JULY 2015 ISSUE NO. 315 $9.95 www.sdtimes.com

SDT315 Full Page Ads_Layout 1 6/18/15 2:30 PM Page 2

Verify Global Contacts

Enrich Your Data

Get the Dupes Out

Clean it Your Way

Free Trials Available!

SDT315 Full Page Ads_Layout 1 6/18/15 2:17 PM Page 3

(with dual y axes,

Large Surface Chart

Negative Volume Index (NVI)

(terrain surface data with millions off data points)

Layered Graph Layout

(with reflective value axis)

(with embeded numeric display)

Business Organization Diagram

Barycenter Graph Layout

SDT315 Full Page Ads_Layout 1 6/18/15 2:17 PM Page 4

SDT315 page 5_Layout 1 6/19/15 2:47 PM Page 5

ISSUE 315 JULY 2015

FROM THE EDITORS

SD Times on the Web

SOA lives in microservices and containers

When did open-source software get so scary?

Google I/O 2015 focuses on Internet of Things

Facebook goes with React Native for

Inside the redesigned Ansible 2.0

MongoDB creates BI connector, new tools

DJI unveils development platform for drones

Oculus intros consumer headset

Couchbase Server 4.0 gets N1QL

Are brainwaves the replacement to passwords?

MapR 5.0 enables Hadoop in real time

Researchers can count on WiFi

dtSearch adds support for encrypted PDFs

ALM techniques can help keep

GUEST VIEW by Grayson Yeargin

CODE WATCH by Larry OBrien

ANALYST VIEW by John R. Rymer

INDUSTRY WATCH by David Rubinstein

Navigating through an open-source world

SDT315 page 6,7_Layout 1 6/18/15 1:41 PM Page 6

The Drones are coming...

InterDrone is Three Awesome Conferences:

For Flyers and Buyers

More than 35 classes,

More than 35 tutorials and

For Business Owners,

SDT315 page 6,7_Layout 1 6/18/15 1:41 PM Page 7

SDT315 page 8_Layout 1 6/19/15 2:47 PM Page 8

The dtSearch product line includes

ADVERTISING TRAFFIC Mara Leonardi

The Smart Choice for Text

PUBLISHER David Lyman

Visit www.dtSearch.com for

PUBLISHING DIRECTOR Ted Bahr

SDT315 Full Page Ads_Layout 1 6/18/15 2:17 PM Page 9

Award Winning Modeling & Design Tools

Collaborative modeling & design environment