We described in a previous post our experience about the different types of cloud models, and our view about how the main open-source Cloud Management Platforms (CMPs) are targeting their needs. Our aim was to demonstrate that we will see an open-source cloud space with several offerings focused on different environments and/or industries, due to the fact that no single CMP can be all things to all people. The four open-source CMPs will coexist and, in some cases, work together in a broad open cloud ecosystem.
This article tries to answer another quite common question in open-source cloud computing discussions and presentations… which CMP is the most open? Of course such analysis should go beyond just considering the openness of the code (which as far as we know is fully open-source in the four projects) and the development process to additionally address the perspectives of the consumers and the builders of the cloud infrastructure.
OpenStack | CloudStack | Eucalyptus | OpenNebula | |
---|---|---|---|---|
Source Code | Fully open-source, Apache v2.0 | Fully open-source, Apache v2.0 | Fully open-source, GPL v3.0 | Fully open-source, Apache v2.0 |
In this comparison we refer to the version of the software that is available for download directly from the respective project web sites. As in our previous post, we have tried to be as neutral as possible.
The Perspective of the Developer
What is “open” and how can we measure project openness under the perspective of a corporation interested in contributing to code development?. We would suggest to use the following measures:
- Development Model: Is the code developed over the Internet in view of the public?
- Developer Engagement: Is the development open to external contributions?
- Governance Model: How are the decisions about roadmap made?
OpenStack | CloudStack | Eucalyptus | OpenNebula | |
---|---|---|---|---|
Development Model | Public development | Public development | Public development | Public development |
Developer Engagement | Contributor license agreement | Contributor license agreement | Contributor license agreement | Contributor license agreement |
Governance Model | Foundation | Technical meritocracy | Benevolent dictator | Benevolent dictator |
The four CMPs are fully open-source software, accept contributions under similar license agreements, and are publicly developed over the Internet. However, there is a difference in their governance models. While OpenStack follows a foundation approach with a Board of Directors providing strategic oversight and CloudStack follows the Apache meritocracy rules, Eucalyptus and OpenNebula are managed by a single organization that focuses on the interest of the project and strategically leads it to ensure that it meets the needs of the users and the community. Benevolent dictator governance is the model followed by other successful projects like Android or Linux Kernel, and, in our view, it is the most effective way to focus on engineering quality, to be responsive to the users, and to ensure long term support.
The Perspective of the User
Let us now evaluate openness under the perspective of the user. In this case, we should consider both the perspective of the user of the cloud (consumer) and the perspective of the user of the technology (builder).
- From the perspective of the cloud consumer, “open cloud” is all about APIs and data formats. Common API’s give freedom to run anywhere, being this freedom supported or not by open source. This provides the ability for the user to compare cloud offerings, select the offer that best suits his needs, and change providers if he is unsatisfied with the service or finds a more competitive offering.
- From the perspective of the cloud builder, “open cloud” means that the community open-source software is enterprise-grade and commercially supported without having to install a vendor enhanced distribution (which would be much closer to an “open core model”). This is where technology buyers and users can evaluate openness for themselves.
From the perspective of the user, we would suggest to use the following measures:
- API Ecosystem: Is the software supporting a de-facto standard with a broad ecosystem?
- Production Readiness: Is the open-source software ready for enterprise use and commercially supported?
OpenStack | CloudStack | Eucalyptus | OpenNebula | |
---|---|---|---|---|
API Ecosystem | OpenStack API | Amazon API | Amazon API | Amazon API |
Production Readiness | No, only available through any of the several vendor specific “stacks” | Enterprise-ready and direct support from developers | Enterprise-ready and direct support from developers | Enterprise-ready and direct support from developers |
No much more to say about cloud API ecosystems, we do not want to start a new discussion about which of the cloud APIs is a de-facto standard and which ecosystem is bigger and growing faster (please see addendum 2). Production Readiness is a very interesting aspect which deserves a detailed discussion. Independently of whether the software is being used for development or for production purposes, it is understood that a corporation needs the open-source cloud management platform to be enterprise ready, which means to be stable, long-term commercially supported, and with a clear upgrade process.
From this perspective, it is clear that Eucalyptus and OpenNebula are more open. Both projects provide an enterprise-ready open-source cloud solution. Any organization can use the open-source distribution to build a production cloud, and receive best-effort support through a community mailing list. Additionally, any organization can purchase commercial support directly from the developers. The important aspect is that these projects do not deliver enterprise editions of their software, they commercially support the community software. In other words, the community versions of Eucalyptus and OpenNebula are not limited editions of enterprise versions. CloudStack could be also included in this group, given that Citrix CloudPlatform is basically an enterprise distribution that (as far as we know) does not provide extended features.
On the other side, any organization interested in using OpenStack, and requiring commercial support and enterprise maturity, is recommended (please see addendum 1) to deploy any of the several enterprise distributions that are being released by the vendors contributing to the project. These enterprise-grade distributions incorporate different versions of the OpenStack components with extended features, custom enhancements and integrations that may make difficult their compatibility and interoperability. Moreover many of them include proprietary components and exhibit significant differences in the implementation of critical underlying functionality. So the organization is finally using proprietary software based on OpenStack and is locked to that specific distribution given that the vendor only supports its own stack, not the community version, and there is no way to migrate to another vendor distribution.
Looking to the Future
We have not prepared this article to try to demonstrate that one of the CMPs is more open than the others. We have tried to show how the four open source projects have different cultures and drivers, and these differences are reflected in the different dimensions of openness. For example, the four CMPs implement different governance models because they are addressing different needs. While Eucalyptus and OpenNebula serve the needs of the users, CloudStack better serves the needs of the developers, and OpenStack serves the needs of the vendors, so they have a technology base and a marketing brand to build their own cloud stacks.
Which is the most important measure of openness in cloud computing? Do the cloud users really care about this? Users mainly want a solution that meets their functional needs, and are interested in open-source as a way to enhance flexibility, lower costs and avoid lock-in. However, in our experience, most of these benefits are only available when an open-source software can be used in production environments without the addition of proprietary components.
Addendum 1 (14:41 PDT, March 14, 2013): This is not a personal recommendation. This is a recommendation made by several of the companies involved in OpenStack that have released, or are planing to release in the short term, an enterprise-ready OpenStack distribution. According to their different announcements, these vendor specific distributions bring production-grade features like upgrade services, scalability, performance, or stability.
Addendum 2 (23:23 PDT, March 14, 2013): I forgot to include some words about the support of the four open-source cloud management stacks to existing de-jure standards addressing interoperability and portability issues surrounding cloud infrastructures. Although they do not have a broad ecosystem now, they will be critical in future cloud interoperability and portability. The OpenNebula main distribution provides an implementation of OGF OCCI and in its ecosystem there are implementations of DMTF CIMI and OVF, and SNIA CDMI, and OpenStack also offers an experimental implementation of OGF OCCI.
Oh bugger, I better just go buy VMware vCloud then eh? haha
You forgot to mention de jure standards and the role they play in getting locked into any of these stacks. From a customer point of view, even proprietary extensions to an implementation of a true standard are mitigated by the fact that the core functionality is interoperable between them.
Yes, you are fully right, but in my view as long as the interoperable core functionality is enough to run typical use cases. Thanks for your comment!
I may be missing the point, but it sounds like you’re implying that having a directly-affiliated service and support venture (so the project can make money off its users) makes free software more “open?” Taking your argument further, “…any organization interested in using [GNU/Linux], and requiring commercial support and enterprise maturity, is recommended to deploy any of the several enterprise distributions that are being released by the vendors contributing to the project.”
No, my point is that we can not call fully open-source software to a product that can not run in production environments without vendor extensions. Thanks for your comment!
I think I have to disagree with the “Production Readiness” line about OpenStack.
You claim that it isn’t production ready because “the open source software isn’t ready for enterprise use and commercially supported”. That is an interesting compound statement, and probably worth breaking down into two distinct questions.
1) Is the Open source software ready for enterprise use?
2) Is the open source software commercially supported?
The answer to 1) is componenet dependent within OpenStack. The releases are stable and ready for enterprise use. There are features added in Core that aren’t in a specific release yet, but that is the nature of the beast. Some components are older, and thus have progressed more, than others. But the releases are enterprise ready.
As for question 2) the answer is much more complicated. Can I get commercial support for my OpenStack implementation. The simple answer is yes, but that will depend on just what your implementation is. If you build it yourself from source then you might find it harder to get commercial support. I suspect that if I was to build ANY of these solutions from source, and made any changes while I did so that I wouldn’t be able to get commercial support. At least not without paying a premium. Equally, I am sure that I could find an organisation to support my custom OpenStack build if I was willing to pay them enough to make it worth their while.
So, the answer to your compound question is misleading. The real answer is “Yes it’s enterprise ready, but you can’t get COTS support for the official release unless you use a Vendor supported distribution.”
Adam
Firstly thanks for your comments. I now see that I should have included some references to support the comment “any organization interested in using OpenStack, and requiring commercial support and enterprise maturity, is recommended to deploy any of the several enterprise distributions that are being released by the vendors contributing to the project”. Please see that such recommendation is made by the vendors involved in OpenStack, and not by me:
– RedHat http://www.redhat.com/about/news/press-archive/2012/8/red-hat-announces-preview-version-of-enterprise-ready-openstack-distribution
– Rackspace http://www.rackspace.com/blog/private-cloud-open-reference-architectures-easily-deploy-run-an-enterprise-private-cloud/
– Piston http://www.pistoncloud.com/openstack-cloud-software/
– HP http://siliconangle.com/blog/2012/08/17/openstack-isnt-quite-enterprise-ready-says-hp-cloud-services-performance-test/
– SUSE https://www.suse.com/blogs/suse-and-dell-partner-for-enterprise-openstack-solutions/
…
Oh, and if this comment “No, my point is that we can not call fully open-source software to a product that can not run in production environments without vendor extensions.” is why you are claiming that is is not enterprise ready then I would be interested in knowing what vendor extensions I am running. I am running an Openstack cluster that uses Folsom, with no “vendor” extensions. I am running various third party pieces of software such as MySQL, Galera, haproxy… in order to provide redundancy to some of the infrastructure components that are not part of OpenStack itself. None of these are part of the OpenStack Cluster itself, and given that they already exist, reusing this work makes a lot more sense than implementing similar functionality within OpenStack.
Adam
As someone who has deployed and managed more of these systems than most people, I’m extremely disappointed in the misinformation here.
It’s very simple, actually. I have NEVER seen any stack, including OpenNebula that had *everything* necessary for a production deployment. Provisioning tools, monitoring, logging, resiliency and redundancy, and so on.
None of these systems are push a button and you can standup a production class cloud. It’s complete nonsense to think it would be otherwise and it’s disingenuous to imply that this is possible without a lot of hard work and integrating a LOT of other technology that isn’t in scope for any of these stacks.
Shame on OpenNebula for even heading down this route. I am deeply disappointed.
Randy,
I fully agree with you that most of different types of cloud deployments require much more than a cloud orchestrator, and this is the case for any of the existing cloud management platforms. Several “external” components are required in the cloud architecture, like hypervisors and tools for storages, monitoring, provisioning…. My point here is about the readiness of the cloud management platform to work in production as a component within those environments. I do not consider upgrade services, scalability, performance, stability or security as external components. These production-grade features should be part of the cloud manager and, as far as I understand from the web sites of several of the companies involved in OpenStack, these are features only provided by their vendor specific stacks. Are these companies going to contribute back these enhancements or any of the extensions they offer?. At least, in our case I can say that all enhancements will be open-source and contributed back to our project.
And to clarify, there is not misinformation here. I have just updated the post to clearly show that the recommendation to use vendor specific stack for the enterprise is made by the vendors and not by me. These announcements explicitly mention enterprise-grade features as the added value of their distributions.
And thanks for your comment!
Ignatio,
Your argument is logically backwards
OpenNebula says “here’s some source. Use it if you want, or buy support from us.” And as an OpenNebula customer, that’s my one and only choice as far as major commercial support offerings go.
For OpenStack, Red Hat says “here’s some source. Use it if you want, or buy support from us”. Cisco says “here’s some source. Use it if you want, or buy support from us”. Rack Space says “here’s some source. Use it if you want, or buy support from us.” And as an OpenStack customer, I get the ADDITIONAL OPENNESS (in comparison to OpenNebula) of being able to choose between those vendors.
Further, you misunderstand and mischaracterize what the press releases from the OpenStack vendors are saying. Look at Rack Space’s OpenStack. There’s nothing proprietary in it. Look at Red Hat’s OpenStack. There’s nothing proprietary in it. Look at Cisco’s OpenStack. There’s nothing proprietary in it.
All they’re saying is “if you want OpenStack in your enterprise, we’ll sell you the piece of mind of taking the various open bits and giving them to you in an already baked configuration that we’ve spent the time and effort to test and validate. If you want to do the baking yourself, we’ve published the recipe we use.” It’s no different than OpenNebula’s model. Just that with OpenStack I get much more choice (so if I like the way Rack Space’s cake tastes more than I like Cisco’s, I get the additional freedom and openness of choosing between the two).
As an independent “cloud consultant” I’ve deployed both OpenNebula and OpenStack. Both have strengths and weaknesses that can be fairly discussed. FUD such as yours, however, is unfair and inaccurate, and ultimately only casts OpenNebula in a bad light.
Dexter,
According to the different announcements most of these vendor distributions claim to have “unique” features for the enterprise, so you may move among different vendors but, as far as I understand, you can not keep those features. I agree that some of these vendor specific distributions are open (Cisco and RackSpace mainly) but other distributions (RH, CloudScaling, Piston…) are available only if you pay a subscription, so you can you use it as long as you buy support. In our case, you can contract or not our support, but you will always have access to the fully open-source version.
In any case, you are misunderstanding my post, I am not trying to judge the approach implemented by OpenStack and the business strategies of the companies involved there (which are very valid), I am only trying to compare the different open cloud projects and the software that can be downloaded from their sites according to their openness. I previously wrote another different article (https://opennebula.io/?p=4042) to describe the cloud model and philosophy implemented by the different CMPs.
Thanks for your comment,
eucalyptus community version is a limited version. please read
http://www.eucalyptus.com/eucalyptus-cloud/compare-options
It looks like the author’s career was in a company filled with commercial software. That is why he thinks those who go open-source look for commercial support when they are in trouble.
You see, open-source folks think differently. They start off with an open-source software for a project, then improve it on their own as the project gets out of greenfield status. They wouldn’t expect commercial support because they are geeks and think that they are better than the engineers of the commercial support provider (let me be clear, I said engineers). This is the reason why you have so much ‘fork versions’ of an original project.
Want some clear examples? Take a look at Facebook, Google, WikiPedia et. al. Aren’t they doing this?
Private clouds, esp. OpenStack clouds are for the insane.
http://cloudbruno.tumblr.com/post/67350876780/21-reasons-you-shouldnt-use-openstack-for-your-private
I don’t get what Meritocracy is. Is it a compromise between benevolent dictator and foundation? If not, is there any?
Linux does not follow the benevolent dictator model. It is run by a foundation. Android has the benevolent dictator model, though.
I guess benevolent dictatorship means better control. The management has better control to satisfy the needs of users. OpenStack doesn’t satisfy users due to proprietary derivatives and a vendor only supporting its own distribution. Benevolent dictator on the other hand means guidance by the original vendor. I suppose others can still make derivatives of OpenNebula.
In a benevolent dictator model, the original vendor has complete freedom to change license and has unlimited rights. Foundation on the other hand may not give the original vendor unlimited rights. For example Linus torvalds does not have the right to make a proprietary distribution of Linux or allow anyone to, because Linux is not only his. Linux is stuck in the same license.
OpenStack ecosystem in OpenStack, and Amazon in the other three… I think Amazon ecosystem is the de facto gold standard.
Is OpenQRM a benevolent dictator or a foundation? What about Cloud Foundry? I think the latter is a benevolent dictatorship (pivotal) but I’m not 100% sure.
Apache is the de facto standard license for cloud infrastructures and cloud platforms. Right?