Feeds

OpenStack is overstretched

Too many targets

SANS - Survey on application security programs

Opinion I'm back again at my daily job after a week travelling between San Francisco and Silicon Valley. It's clear that the hot topics there are cloud and flash storage; in fact the first meeting I had last week in Silicon Valley was with OpenStack.

cloudopenstack130x86

OpenStack is an open source project launched a couple of years ago by Rackspace, one of the world's biggest hosting providers. Its mission to realise a "Cloud Operating System": in other words, a platform capable to implement and manage public, private or hybrid cloud infrastructures.

Cloud Operating System

The meaning of "operating system" is very simple: the idea is to deliver a platform to monitor, control and orchestrate resources and to allocate more of them when necessary. A secondary target is to provide a complete API set alongside administration and user-level management tools.

The whole, at the time of writing, presents itself as a rough, but sophisticated, open source set of scripts (written in Python). The scripts are freely downloadable here.

The potential end-users of OpenStack are internet / cloud providers as well as enterprises looking for a way to implement cloud infrastructures.

Many projects

Product development is frenetic - new releases are coming out frequently and the number of new features for each new release are impressive. The roadmap is also remarkable and the final goals are very ambitious.

They seem too ambitious to me. And, in the same way I have seen with hundreds of similar open source projects, there is a real risk of losing focus by bringing out a lot of good ideas together with bad, or horrible, implementations.

Scott Sanchez, Rackspace business development director, talked a lot about the people involved in the project. He mentioned about 150 core developers and 138 vendors, but when he came to the actual numbers I discovered that only one third of these companies are really contributing to the code in some way. The numbers could be seen as high but they are necessary to sustain the community's numerous sub-projects which create a dispersion of resources.

The fact that they offer a solution to give support for everything is risky; it could even become a big drawback. One clear example comes from hypervisor support: OpenStack supports practically all hypervisors you can find on the market, from open source ones (Xen and KVM) to the commercials ones (Hyper-v and VMware), but for some of them it supports only the switch on/off functionality ...

Different interests

As you can easily find in these cases, many supporting companies have very different, often conflicting, goals. You can find another example here about the fact that some of these companies have alternative solutions to the ones proposed by the project, as in the case of storage solutions vendors and the Swift project to build a storage platform. The storage vendor isn't here to deliver know-how for free but, on the contrary, wants to be present at the preparation of APIs to be sure that its solutions will be used with, or as an alternative to, the open source option.

Not for everyone

OpenStack is a framework: the foundation to build a public or private cloud. It isn't an off-the-shelf product and you need consultants and developers to carry out a working infrastructure. Many times, you'll need (not always free) third party integration tools.

Furthermore, new releases come out very frequently and sometimes they are incompatible with the old ones. The practical risk is that if you apply some improvements/personalisation to the code, and these are not accepted by the community, it will be very difficult to maintain your installation updated with the latest code improvements and aligned with the newest features!

And last but not least, it's rather simple to find an OpenStack consultant in the San Francisco area but I'm sure that the quantity and the cost of consultants here in Europe isn't comparable.

Bottom line

OpenStack is suddenly becoming an important player in the cloud computing market but, at the same time, I can't figure out how a medium-sized company (the companies mentioned on the slides were names like NASA and Disney) could think of adopting it.

From my day-to-day experience in the field, for enterprises and small/medium-sized providers it's much easier to implement more commercial products with a clear and specific support service. ®

Enrico Signoretti is the CEO of Cinetica, a small consultancy firm in Italy, which offers services to medium/large companies in finance, manufacturing, and outsourcing). The company has partnerships with Oracle, Dell, VMware, Compellent and NetApp. You can follow him on Twitter at twitter.com/esignoretti.

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
IBM rides nightmarish hardware landscape on OpenPOWER Consortium raft
Google mulls 'third-generation of warehouse-scale computing' on Big Blue's open chips
It's GOOD to get RAIN on your upgrade parade: Crucial M550 1TB SSD
Performance tweaks and power savings – what's not to like?
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.