While Cloud Foundry offers many useful benefits and has a quickly growing ecosystem, it is the cloud neutrality that lies at the heart of this open-source project and foundation. This was the message underlying the Cloud Foundry Summit in Santa Clara this week, where enterprise users discussed just how they’re using this industrial-grade PaaS.

While few users at the show were actually moving their applications from cloud to cloud across compatible, certified deployments of Cloud Foundry, many attendees said (off the record) that their companies used Cloud Foundry because it allows them the option, just in case Amazon or Microsoft decide to abuse their cloud users.

But beyond that most basic of use cases, Cloud Foundry has many other things to suggest its use to enterprise software developers. Sam Ramji is the director of the Cloud Foundry Foundation, and he said that the project offers different benefits to different users.

(Related: Developers are adopting PaaS more and more)

“There are so many segments who want it for different reasons,” he said. “If you’re line of business, you could care less about multi-cloud; you care about velocity. ‘Can I get from an app a quarter to an app a week? Can you get me deployments on an apps-per-day basis?’ If you’re a CIO, or if you’re in IT management and in a cost control stance, multi-cloud matters.

“If you’re a developer, you don’t care about those benefits—you care about being able to spend more time writing code, and less time writing servers. The businessperson is saying, ‘How do I get more features?’ The developer is saying, ‘How can I do cool things with cool languages?’ ”

Bret Mogilefsky and Diego Lapiduz, both software developers at GSA group 18F, gave a talk detailing why Cloud Foundry is used in cloud.gov, a federal cloud service used to show off the potential of modern software development practices to government agencies.

In their talk, Lapiduz and Mogilefsky discussed the compliance challenges faced at 18F, and how their use of Cloud Foundry managed to meet those compliance requirements, despite much of it being completely unprecedented in the U.S. government.

Needless to say, the culture of cloud and software clashed a bit with the culture of big government. “Compliance said they wanted to audit our machines at any time, and we said we don’t know how many there are at any given time,” said Mogilefsky. “They kind of exploded. Then they said, ‘We need the SSH keys for every single machine,’ and we said, ‘Like hell you do.’ ”

18F’s compliance woes did not end there, said Mogilefsky. Even after finding common ground with compliance officers, he and Lapiduz pushed further to refine the process of making software comply with federal regulations.

“We took compliance documents, which are normally 200 to 1,000 pages, and we said, ‘We’re not going to write flat documentation. We want to treat it like code,’ ” said Mogilefsky. “We decomposed it and do it as YAML in GitHub. We’re decomposing documentation, we’re automating the publishing of that via Concourse.”

The 18F team spends most of its time consulting with other government organizations and demonstrating its agile capabilities. This tends to make those other organizations jealous, and pushes them to evolve their software practices. 18F then helps those groups manage the issues that arise when a government organization attempts to improve its software processes.

“We really want teams to have high confidence they’re going to succeed. We want auditors to have high confidence as well,” said Mogilefsky. “When they see what’s in our docs—we’re using behavior-driven development—as a human readable test, [they are excited]. We have stretches of BDD code to verify that what’s in the documentation is true. If anything falls out of true, we know. We also want the auditing process to accept this and just look for implementation of test, not check everything manually like they do now, which takes six months.”

Future packages
Cloud Foundry is only a part of why 18F is seeing success. Currently, the multi-cloud support of Cloud Foundry is enabling 18F to migrate from Amazon East/West to AWS GovCloud, something that the team said would be unthinkable without Cloud Foundry underneath.

But therein lies the future for Ramji and the Cloud Foundry Foundation. He sees a future where packaged enterprise applications and services are offered from vendors and open-source projects.

“An audacious goal is to have a unified marketplace, like Amazon does for Amazon services, so that everyone who’s building services by Cloud Foundry gets in,” he said. “This could be Twilio, for example. It’s a packaged service. You call it, you get it. If you’re a database or message queue vendor, you could have a packaged service that Cloud Foundry will know how to pull in, and you push a button to deploy.”

While this is a far-off dream, it is bolstered by the success of certified distributions of Cloud Foundry across cloud providers from Amazon, IBM, Microsoft and others. Ramji insisted that packaged services must be available first, with packaged applications later arising to take advantage of those services.

But Ramji sees Cloud Foundry as a unifier, capable of bringing this cohesion to enterprise cloud usage. As an example, he offered the fact that the Cloud Foundry Service Broker API is currently being seen as a de facto standard, and has been embraced by both Google’s Kubernetes, and Microsoft’s cloud projects.

Cloud Foundry Summit continues through today in Santa Clara.