In a previous entry, I mentioned standardization for "cloud" computing. So I was happy to see the New York Times Bits technology blog run an article on the launch of OpenStack from Rackspace. As a customer, I always insist on a published specification, preferably governed by a standards body, in case I want to switch vendors or perhaps to continue development myself. As a developer, standards help me to meet my customer's purchasing criteria and provide an integration point. A standard provides me the opportunity to control my information and my use of technology. From a security standpoint, standards help when analyzing the attack surface of a product or implementation. The standards process is participative and can be influenced by parties with enough energy to insist on a particular change, including security features. Although they do not necessarily prevent vendor "lock-in" -- sometimes there is only a single vendor; there is the possibility for competitors to enter the market. Along with a standard, or even in the case where there is no dominant standard, an active open source solution is also desirable. The ability to view the code and have a built-in code escrow adds tangible value.
OpenStack builds upon the Nebula Cloud Computing Platform developed by NASA, which is an alternative to expensive data centers. Nebula features the Nova compute and storage application programming interfaces (APIs), that were created to rival the Amazon Web Services (AWS) EC2 and S3 APIs. Nova leverages the Redis key value store and the AMQP standard messaging protocol. Redis is an efficient, open source data store that occupies the niche made popular by Google's BigTable, which in turn has spawned several distributed key value store projects, collectively referred to as "NoSQL." NoSQL because they are non-relational data stores. The AMQP standard provides for for basic username/password authentication and course-grained access control. It is possible to secure communications over TLS/SSL, but set up and certificate management is currently left to the implementer, which in the case of OpenStack has been accomplished using OpenSSL. Note: AMQP over TLS/SSL ports have been assigned by the Internet Assigned Numbers Authority (IANA), a body that oversees Internet addresses and protocol assignments. There is also an AMQP proposal that addresses message signing, so the situation will improve. The important thing is visibility -- we can see what is happening and even participate. Based on my own analysis, I am satisfied so far with the architectural direction and concern for security exhibited by the OpenStack project.
Amazon has a good head start, but I look forward to the competition from Rackspace. The battle is shaping up with challenges from VMware, Google, and Microsoft. We all stand to benefit from great products and enhanced value. Consumers win when there is a choice and vendors create better products when they are competing. A solid open source offering gives us a choice and will be a catalyst for other vendors to create outstanding offerings of their own. They will have to in order to get my purchasing dollar! As if they are lying awake at night worrying about me. More importantly, they will have to create and maintain a compelling product to get the limited dollars of "the IT" department. And the government.
Posted
Jul 22 2010, 04:45 PM
by
Garve Hays