Just a few weeks ago the Cloud Foundry Foundation announced the industry’s first PaaS certification program, designed to establish reliable application and portability across PaaS products in a multi-vendor, multi-cloud environment. The certification ensures that all certified products are using the same core Cloud Foundry software. This, in turn, ensures that developers and operations teams can deploy and manage their applications, regardless of the vendor or the cloud environment.

With the Foundation also announcing the first products to be certified — including CenturyLink’s AppFog, HPE Helion Cloud Foundry, Huawei FusionStage, IBM Bluemix, Pivotal Cloud Foundry, SAP HANA® Cloud Platform and Swisscom Application Cloud — Cloud Foundry has stepped up to answer growing demands for an industry standard for PaaS.

According to ESG Analyst Stephen Hendrick, “Companies often rely on Platform-as-a-Service (PaaS) offerings in order to quickly build new applications to meet their agile customers’ needs. Such broad standardization across vendors, combined with Cloud Foundry’s extensive portability across the public cloud delivers a tremendous amount of utility that is extremely appealing.”

By guaranteeing portability among certified products, Cloud Foundry, a Linux Foundation Collaborative Project, further differentiates its PaaS from other offerings in this growing and competitive market. Gartner research reports the PaaS market has crossed the $4 billion mark and Wikibon Research predicts it will grow to $68.3 billion by 2026.  

IDC also predicts that as we enter 2016, there will be an 11 percent shift of IT budget away from traditional in-house IT delivery, toward various versions of cloud computing as a new delivery model. By 2017, 35 percent of new applications will use cloud-based continuous delivery, enabled by faster DevOps life cycles to streamline the rollout of new features for faster business innovation. The new certification supports this rapid evolution by allowing developer and operations teams to easily transfer skills among products, improving productivity and lowering staffing costs.

We had a chance to talk to Cloud Foundry CEO Sam Ramji to understand how Cloud Foundry Certification ensures application and skill portability across any cloud service or on-premises software product that offers Cloud Foundry.

Q&A with Sam Ramji, CEO, Cloud Foundry

What’s driving the need for an industry-standard PaaS?

Sam Ramji:  I joined the Cloud Foundry Foundation on the 21st of January last year. Since that time, I’ve met with dozens of companies and hundreds of people. In those hundreds of conversations about the project, it became obvious that there is a consistent need for a standard, and that we could accomplish that with certification.

It comes back to three primary customer demands. Vendor independence: users want freedom to change clouds. Reliable delivery: serving apps from multiple clouds and multiple regions. An enterprise may be using Equinix, Azure, AWS and they need to run and easily update apps in all those places. Finally, Scaling their workforce: enterprises have a growing need for skilled developers and DevOps professionals. Standardization helps expand the supply of expertise.

That customers want standardization probably doesn’t come as a surprise. Historically standards have benefited users. When the U.S. established the Gold Standard Act in 1900, it became easier to do business. Standardizing light sockets unlocked innovation in light bulbs, standardizing 2×4 planks simplified construction, standardizing containers simplified shipping. Standardization tends to drive downward pressure on pricing but also usually drives market growth.

The surprising thing for a growing and lucrative area like cloud computing is that the suppliers of Cloud Foundry-based products agreed that  they wanted to standardize as well.  As an ecosystem, we have settled on a strong certification to guarantee technical consistency and portability, and a trademark that is only awarded to products and services that meet the standard.

How does Cloud Foundry PaaS Certification work?

Sam Ramji: The certification was designed to ensure that all  products that certify are using the upstream Cloud Foundry open source software. They have to snap to software released within a common time window so we can guarantee compatibility.

Certified products must re-certify annually. We award a new certification mark each year as well.  We’ve done this to address a two dimensional challenge: an open source project that ships new releases constantly, and a cloud computing environment that is evolving continually. For example, everybody will need compatibility with OCI and RunC. We don’t want the certification to get in the way of adopting RunC. When that code is in good shape, 2017 certification could require that, for example.

We’re managing for forward and backward compatibility; you should be able to cf-push any application through Cloud Foundry certified software or services. And finally, this is not an API-driven certification. We’re expecting the same code, the same behavior, the same trustworthiness. An API-driven standard allows swapping out code as you see fit.  APIs are useful but not a replacement for standardizing on common upstream code.

So an enterprise customer using a particular version of Cloud Foundry can develop and update applications easily across any certified supplier?  

Sam Ramji:  Yes. That is our purpose. This gives users the freedom to switch to another provider or use multiple providers concurrently. If you’re using certified Cloud Foundry, you can push apps to Pivotal Cloud Foundry, IBM Bluemix, HPE Helion Cloud Foundry, SAP HANA® Cloud Platform, CenturyLink’s AppFog, the Swisscom Application Cloud or Huawei’s FusionStage. And that’s just the start. We are expecting many others to certify, expanding the standard across an even broader ecosystem of Cloud Application Platforms and supporting services providers.

So if the standard neutralizes the platform, what leverage do service providers have to differentiate offerings and add their own functionality?

Sam Ramji: The open source project is focused on a functional core software platform.  It is an elastic runtime that enables auto-scaling of app logic across a datacenter. It does not include UI, integration to other software, management tools, professional services, hosting and operations, or storage and infrastructure services.

If you look at Pivotal Web Services, they ship as both software and as a cloud service, they’ve got management tools, data services, integration with Spring, and great user interfaces that complement Pivotal Cloud Foundry. IBM Bluemix differentiates with things like Watson and cognitive computing, and they have over 300 services in their service catalog. HPE is providing enterprises private and on-premises cloud options with Cloud Foundry and deployment on OpenStack. They have that differentiation plus a large existing software suite for development and management tooling.  SAP builds Cloud Foundry into their business application software platform, Hana Cloud Platform, and surrounds it with analytics services and data sourced from business processes and applications.  Swisscom and CenturyLink both provide scalable Cloud Foundry implementations hosted inside telecommunications-grade datacenters with high-speed networking and related enterprise capabilities.

Then you get into a new category of service providers: vertical industry clouds. GE, BNY Mellon, Huawei – these companies represent what to me is the next wave of cloud. We’re used to cloud being horizontal. GE has built Predix for Industrial IoT. Huawei has built a telecom cloud for small and midsize telcos around the world. BNY Mellon is building  Nexen – a financial services industry cloud for institutions to perform trading, management, and financial analytics. Those three examples of industry-specific clouds point at another wave of differentiation.

When you say to be certified you have to be running “core Cloud Foundry,” what exactly does that entail?

Sam Ramji: Unlike many industry certification programs, compliance is not just API-level compatibility with a documented API or reference implementation. Cloud Foundry Certified PaaS certification requires offerings to actually use the software released by the Foundation’s project teams through one of our coordinated releases.

The components of Cloud Foundry that are required for certification include the Cloud Controller (the heart of the platform’s control plane), Router (network traffic routing to and from deployed applications), UAA (our authentication and authorization service), and the Logging and Metrics pipeline components. In the 2016 certification, program requirements allow the use of either the DEA/Warden runtime architecture, the newer Diego/Garden based runtime, or the option to provide both runtime architectures. Last, all certified offerings must distribute the Cloud Foundry command line interface (CLI) tool.

All of these required components, including optional extensions like our foundation provided buildpacks, are packaged and tested via a coordinated release artifact known as “cf-release.” When certifying, organizations must indicate which cf-release they are basing their product or service on, so that we know that they are using both a fully-tested set of integrated components and that the release in use is recent enough to qualify for certification.

What’s next for certification in 2017?

Sam Ramji:  We don’t have the answer for that yet. We’ll be working with the community throughout the year and should have a set of requirements finalized by Q3 2016. I’m hearing a lot of demand for standardizing the services layer that Cloud Foundry apps depend on for managing state and messaging. The core Cloud Foundry project will continue to expand as well, based on user needs for advancements in security, networking and multitenancy.

As long as companies are working in the upstream project and building their product plans based on their contribution to the project, they will be part of next wave of certification planning by default.  My message to current and prospective certifying companies is this: work on the upstream, align with the users’ interests in advancing features while retaining portability, and you’ll be in good shape.

A 20 year veteran of the Silicon Valley and Seattle technology scenes, Sam Ramji brings a wealth of business, product and open source experience to his current role of CEO at Cloud Foundry Foundation. He led strategy for API powerhouse Apigee, designed and led Microsoft’s open source strategy and drove product strategy for BEA WebLogic Integration. He is the board secretary of Outercurve Foundation and a member of multiple industry advisory boards.