OpenDaylight Developer Spotlight: David Jorm

Submitted by opendaylight on February 24, 2015 - 12:00am

The OpenDaylight community is comprised of leading technologists from around the globe who are working together to transform networking with open source. This blog series highlights the developers, users and researchers collaborating within OpenDaylight to build an open, common platform for SDN and NFV.

David JormAbout David Jorm

David is a product security engineer based in Brisbane, Australia. He currently leads product security efforts for IIX, a software-defined interconnection company. David has been involved in the security industry for the last 15 years. During this time he has found high-impact and novel flaws in dozens of major Java components. He has worked for Red Hat's security team, led a Chinese startup that failed miserably, and wrote the core aviation meteorology system for the southern hemisphere. In his spare time he tries to stop his two Dachshunds from taking over the house.
                

What projects in OpenDaylight are you working on? Any new developments to share?

I'm currently primarily working on security efforts across all OpenDaylight projects. We've now got a strong security response team up and running and the next step is to implement a proactive secure engineering program. This program will aim to reduce the number of security issues in OpenDaylight releases and to aid end users with documentation around security configuration and best practices. If any students are interested in contributing to this effort, I'm proposing an OpenDaylight summer internship project: https://wiki.opendaylight.org/view/InternProjects:Main#Implement_a_secure_engineering_process_for_OpenDaylight.

What do you think is most important for the community to focus on for the next platform release called Lithium?

OpenDaylight is starting to stabilize with powerful new features added all the time. Currently, the documentation effort has not quite kept up with the pace of development. I think it is important for the project to focus on documenting the functionality that already exists and providing clear guides for deploying OpenDaylight across a variety of use cases.

What is the Proof of Concept (PoC) or use case that you hear most about for OpenDaylight?

Managing OpenFlow switches using the OpenDaylight controller seems to be the most common use case. The OpenFlow plugin is advanced and well-documented and I think that this is the use case that we'll primarily see as OpenDaylight is deployed into production in 2015.

Where do you see OpenDaylight in five years?

Over the next couple of years I see OpenDaylight being deployed into production to manage increasingly complex networks of OpenFlow switches. The next step will be connecting these networks to each other and to legacy (non-SDN) IP networks. This will involve the OpenDaylight controller managing layer 3 routing devices. The BGP/LS and PCEP project provides a great starting point for OpenDaylight to manage layer 3 networks and I see this expanding much further.

How would you describe OpenDaylight to a developer interested in joining the community?

I joined the OpenDaylight community by bootstrapping the security response team. Some open source projects can view reports of security issues as an affront or they can ignore them entirely. When I highlighted the pressing need for a security response team, I found the OpenDaylight community to be very supportive. Several existing OpenDaylight developers immediately helped me to get the security response team up and running and to adopt a documented process. I felt welcomed and appreciated. I've participated in several large open source communities and often there is some tension between developers who are employed by rival vendors. My experience in the OpenDaylight community has been free from vendor politics and I think this is a great feature of the community that we should strive to maintain.

What do you hear most from users as a key reason they want SDN?

Proprietary, hardware-based, equipment still powers most networks but the advantages of software-defined networking are coming to the fore. Many people are looking for an alternative that is cheaper, software-based, and gives them the freedom that comes with open source. In the late 1990s to early 2000s, there was a widespread trend to replace proprietary UNIX systems with Linux running on commodity hardware. I see that trend rapidly extending to networking equipment and many people are just waiting for SDN to stabilize and mature before adopting it.

What’s your favorite tech conference or event?

Kiwicon, a computer security conference in New Zealand. They combine deep technical content with a fun environment. Last year they brewed their own beer and in past years they've organized for a presenter to arrive on stage on a motorbike. They even let a stuffed toy walrus give a presentation (that's a long story!).