Public vs Private, Amazon compared to OpenStack

Public vs Private, Amazon Web Services EC2 compared to OpenStack®

How to choose a cloud platform and when to use both

The public vs private cloud debate is a path well trodden. While technologies and offerings abound, there is still confusion among organizations as to which platform is suited for their agile needs. One of the key benefits to a cloud platform is the ability to spin up compute, networking and storage quickly when users request these resources and similarly decommission when no longer required. Among public cloud providers, Amazon has a market share ahead of Google, Microsoft and others. Among private cloud providers, OpenStack® presents a viable alternative to Microsoft or VMware.

This article compares Amazon Web Services EC2 and OpenStack® as follows:

  • What technical features do the two platforms provide?
  • How do the business characteristics of the two platforms compare?
  • How do the costs compare?
  • How to decide which platform to use and how to use both

OpenStack® and Amazon Web Services (AWS) EC2 defined

From  OpenStack.org “OpenStack software controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API. OpenStack works with popular enterprise and open source technologies making it ideal for heterogeneous infrastructure.”

From AWS “Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers..”

Technical comparison of OpenStack® and AWS EC2

The tables below name and briefly describe the feature in OpenStack® and AWS. 

Compute

 Why you need it?

To run an application you need a server with CPU, memory and storage, with or without pre-installed operating systems and applications.

OpenStack

AWS

Definition

Compute is virtual machines/servers

Instance

Instance/VM

Sizes

How much memory and CPU and temporary (ephemeral) storage is assigned to the instances/VM.

Flavors: Variety of sizes: micro, small, medium, large etc.

Variety of sizes: micro, small, medium, large etc.

Operating systems offered

What operating systems does the cloud offer to end-users

Whatever operating systems the cloud administrators host on the OpenStack cloud. (Red Hat certifies Microsoft Windows, RHEL and SUSE)

AMIs provided by the AWS marketplace.

Templates/images

A base configuration of a virtual machine, from which other virtual machines can be created.

Catalogs of virtual machine images can be created from which users can select a virtual machine.

Glance 

OpenStack administrators upload images and create catalogs for users.

Users can upload their own images.

(AMI) Amazon Machine Image

AWS provides an online marketplace of pre-defined images.

Users can upload their own images.

Networking

 Why you need it?

To network virtual servers to each otherYou also need to control who can access the server. You want to protect/firewall the server especially if it is exposed to the Internet.

OpenStack

AWS

Definition

Networking provides connectivity for users to virtual machines. Connects virtual machines to one another and to external networks (the Internet).  

Neutron

Networking

A private IP address internal only and non-routable to the Internet

Every virtual instance is automatically assigned a private IP address, typically using DHCP.

AWS allocates a private IP address for the instance using DHCP.

Public IP address

A floating IP is a public IP address, that you can dynamically add to a running virtual instance.

AWS public IP address is mapped to the primary private IP address.

Networking service

You can create networks and networking functions, eg. L3 forwarding, NAT, edge firewalls, and IPsec VPN.

Virtual routers or switches can be added if you use AWS VPC, a virtual public cloud.

Load Balance VM traffic

OpenStack LBaaS (Load Balancing as a Service) balances traffic from one network to application services.

ELB (Elastic Load Balancing) automatically distributes incoming application traffic across Amazon EC2 instances.

DNS.

Manage the DNS entries for your virtual servers and web applications.

The OpenStack DNS project (Designate) is in “incubation” and is not part of core OpenStack (as of the April 2015 Kilo release).

Route 53 –  AWS’s DNS service.

SRIOV

A method of device virtualization that provides higher I/O performance and lower CPU utilization compared to traditional implementations.

Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Ethernet Bridging or they may be extended to an upstream physical switch (IEEE 802.1br).

AWS support enhanced networking capabilities using SR-IOV, provides higher packet per second (PPS) performance, lower inter-instance latencies, and very low network jitter.

Monitoring

Why you need it?

You get insight into usage patterns and utilization of the physical and virtual resources. You may want to account for individual usage and optionally bill users for their usage.

OpenStack

AWS

Definition

Monitoring provides metering and usage of the cloud.  

Ceilometer

Cloudwatch

System-wide metering and usage.

Option to bill users for their usage

To collect measurements of the utilization of the physical and virtual resources comprising deployed clouds.

Persist data for subsequent retrieval and analysis, and trigger actions when defined criteria are met.

Monitoring service for AWS cloud resources and the applications  on AWS.

Collect and track metrics, collect and monitor log files, and set alarms.

Security

Why you need it?

You need the  option of public key cryptography for SSH and password decryption. You want to firewall virtual machines to only allow certain traffic in (ingress) or out (egress).

OpenStack

AWS

Definition

Control access to your virtual machines.  

Keypairs, security groups.

Keypairs, security groups.

Key pairs

To login to your VM or instance, you must create a key pair.

Linux: used to SSH.

Windows: used to decrypt the Administrator password.

When you launch a virtual machine, you can inject a key pair, which provides SSH access to your instance.

To log in to your instance, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.

Assign and control access to VM instances.

A security group is a named collection of network access rules that limit the traffic that access an instance.

When you launch an instance, you can assign one or more security groups to it.

Supported

Supported

Identity

 Why you need it?

You want to govern who can access your cloud. You can manage permissions to cloud resources. You may want to offer multi-factor authentication for stronger security.

OpenStack

AWS

Definition

Authentication and authorization methods for controlling access to virtual servers, storage and other resources in the cloud.  

Integrates with an external provider, example LDAP or AD.

Keystone  

IAM Identity and Access Management

 Storage

 Why you need it?

 Block storage

  • Assign virtual drives/volumes to virtual servers to grow their storage capacity, beyond the boot volume.
  • Snapshots and backups of virtual servers.

 Object storage 

  • Store objects such as files, media, images

OpenStack

AWS

Object storage

Store files: media, documents, images etc

Swift

S3Simple Storage Service

Block storage

Create virtual disk drives (volumes). 

Cinder

EBSElastic Block Storage

Database

Why you need it?

Your cloud users can use a database service without installing and configuring their own database.

OpenStack

AWS

Definition

Trove

RDS

Relational Database

MySQL, PostgresSQL

Users get an instance of MYSQL or Oracle 11g.

Non Relational Database

Cassandra, Couchbase, MongoDB

Amazon SimpleDB Users store data pairs into a simple database suitable for heavy read applications.

 Orchestration

 Why you need it?

This allows repeatable copies of an application to be made.

OpenStack

AWS

Definition

Allows developers to store the requirements of a cloud application in a file or template that defines resources (virtual machines, networks, storage, security, templates, images etc) necessary for the application to run.

Heat

Cloud Formation

 Big data / parallel processing

 Why you need it?

The cloud can provide the infrastructure for you to perform large scale data processing.

OpenStack

AWS

Definition

Allows you to perform large scale parallel processing of data, example Hadoop

Sahara

EMR (Elastic Map Reduce)

Messaging

OpenStack

AWS

Definition

The cloud can buffer and move data between applications and VMs/instances on a hosted queue.

Zaqar 

(not released yet)

SQS – (Simple Queue Service)

Graphical User Interface (GUI) dashboard

 Why you need it?

You can administer your cloud or users can self-serve their needs, from any compliant browser.

OpenStack

AWS

Definition

Browser to manage or self serve needs for compute, networking and storage.

Horizon

Console

Command Line Interface (CLI)

Why you need it?

You can automate and script the administration and use/consumption of your cloud from the command line.

OpenStack

AWS

Definition

The command line interface provides administrators with commands to provision and de-provision cloud resources (virtual machines, storage, networking)

Supported

Supported

Business level components

Multi-tenancy

Why you need it?

To segregate users by business unit, department or organization to meet legal requirements or to set quota on resources.

OpenStack

AWS

Definition

A tenant is a group of users who share common access to infrastructure (the cloud platform) with other users. Users are segregated. 

Project / tenant. Quota of compute resources can be defined for each project/tenant.

Segregation is achieved using AWS VPC (Virtual Private Cloud)

SLA (Service Level Agreement)

Why you need it?

To run mission critical applications with minimal downtime you need an SLA from your cloud provider.

OpenStack

AWS

Definition

An SLA is a guarantee of availability of the cloud.

An SLA is negotiated between the provider of the OpenStack private cloud (internal IT department / managed service provider) and the business units who consume the private cloud.

See AWS SLA

Ownership and control of data

 Why you need to know?

Users should know who can access data stored in the cloud. Legal regulations for industries such as healthcare, financial services, government etc stipulate who should have access to applications and data. Some users/countries fear that government security and spying agencies can gain access to public cloud data.

OpenStack

AWS

Definition

When you store applications and data in the cloud who owns the data and who has access to it.

The  users of the OpenStack cloud

The user owns the data. See AWS agreement (section 8)

 Ecosystem

 Why you need to know?

You may need help from consultants and community peers to use a private or public cloud. If you deploy a private OpenStack cloud, the community of software and hardware vendors that are certified with your OpenStack vendor give you the assurance that problems can be resolved. (see my prior post for a supported OpenStack deployment.)

OpenStack

AWS

Definition

An ecosystem includes hardware vendors, software vendors, a community of peers (developers, users, administrators) and consultants to enable a cloud to run.

OpenStack’s ecosystem: hardware, software and service providers and end users.

OpenStack code which runs the cloud is open source for users to contribute.

Amazon’s ecosystem of consultants and ISVs assist users to use the AWS.

The AWS code which runs the cloud is closed source.

High availability

 Why you need to know?

If a cloud offers high availability, then applications hosted on the cloud can fail over and users will experience less interruption of service.

OpenStack

AWS

Definition

Regions and Availability Zones.

Data and instances can be stored in different geographical regions for redundancy, latency or legal requirements.
 Amazon EC2 is hosted in multiple locations world-wide, composed of regions (a separate geographic area). Each region has multiple, isolated locations known as Availability Zones.

Cost

Why you need to know?

The cost of running servers and applications in a cloud can be operational (OPEX) or capital (CAPEX).

OpenStack

AWS

Definition

The cost of using a cloud service.

Use a managed service offering

OR

Buy hardware to run an OpenStack cloud.

AND

Freely download OpenStack software and employ engineers to install, maintain, enhance, upgrade etc. This cost model can be difficult to estimate because of the cost of employees required to run the cloud. How many engineers do you need? How do you know when to hire more? How do you reduce the size of your workforce if the demand for your cloud decreases?

OR

License a distribution from a vendor. This involves an upfront license cost, annual support costs and a subsequent license renewal.

OR

Purchase a predictable subscription from Red Hat and receive support, maintenance, consulting, upgrades….

Billing by the minute/hour – potentially unpredictable costs as usage is billed as used.

Pre-purchase blocks of usage at other rates:reserved instance or spot pricing.

So which do you use?

Since both cloud platforms provide some similar services, you should consider your needs. For instant and temporary needs, AWS and its on-demand pricing model could suffice. For longer term projects AWS lists examples, as does OpenStack.

I believe it boils down to use cases. AWS lists use cases and Gartner recommends using OpenStack for:

  • DevOps-style software development. Developers can access the OpenStack API and work with infrastructure as code.”
  • For development/testing support. …scenario of a more traditional IaaS with a self-service portal for the developers and testing groups.
  • High-performance computing/grid computing is a potential use case for OpenStack because many of these environments are implemented with open-source components, and OpenStack is well-suited to support the flexible infrastructure provisioning required in these environments.”
  • Scale-out commodity infrastructure to support big data technologies such as Hadoop, Apache Spark and Apache Cassandra.”
  • “line-of-business application hosting…..Focusing on the emerging cloud-native applications, rather than trying to chase legacy compatibility, is the scenario used by most IaaS private cloud implementers.”

How to use AWS and OpenStack?

A hybrid cloud is a combination of an on-premise private cloud and a public cloud. A cloud management platform provides tools to administer both cloud environments. Red Hat offers an Open Hybrid Cloud, “A single-subscription offering that lets you build and manage an open, private Infrastructure-as-a-Service (IaaS) cloud and ease your way into a highly scalable, public-cloud-like infrastructure based on OpenStack®.”