What is OpenStack?
OpenStack is an open-source cloud computing platform.
It’s a software framework that lets an enterprise virtualize parts of a physical datacenter (many racks of computers connected by a network, external storage devices, and other equipment) into an infrastructure-as-a-service (IaaS) ‘cloud’ – functionally, very much like VMware vCenter, or public cloud services like Amazon EC2.
Users of an OpenStack cloud can access a webUI, command-line interfaces (CLI), and/or software-controlled APIs to configure, launch, and manage virtual infrastructure (virtual machines, networks, storage, etc.), speeding up software development, application ops, and infrastructure operations, and (in principle) making very efficient use of underlying hardware. Depending on implementation, they may also be able to use their OpenStack cloud to conveniently launch developer environments, hosted container runtimes, and/or Kubernetes clusters that ride on top of OpenStack virtualized infrastructure.
Administrators of an OpenStack cloud can control access and user permissions to prevent misuse; apportion resources to users, groups, and tenant organizations to manage utilization; and provide a host of automation and other services that help developers and IT operators move faster: like “database-as-a-service” (think Amazon RDS), application catalog, and/or Kubernetes.
Organizations that run an OpenStack cloud can build out and scale their private cloud quickly and manage utilization and costs efficiently. Because the cloud is fully private, they can maintain complete control over where and how data is stored and moved around, and manage other aspects of security and compliance in rigorous ways that are hard-to-impossible (and/or more expensive) in shared public cloud environments.
As with any private cloud, the main potential downside of OpenStack is that organizations adopting it need to purchase and house infrastructure, and build and run the cloud themselves. But recent advances in technology and partnering now make this much easier: in fact, it’s possible to have a private OpenStack cloud on your premises, and use it pretty much like public cloud – i.e., “as a service.”
FREE EBOOK
From Virtualization to Containerization
A Guide for VMware Admins and Other Smart People
What are Some OpenStack Benefits?
Most OpenStack users are looking to create a private cloud that gives them the same kind of convenient functionality as a public cloud, but in a private computing environment. There are many reasons why organizations might need or prefer a private cloud over a public one. These include:
Privacy (obviously) - A private cloud lets you maintain absolute control over access (i.e., who can requisition services from and/or run applications on your cloud, what users are permitted to do and see), and over data (i.e., how it’s accessed, transported, stored, and encrypted) which may be required for regulatory compliance and corporate governance.
Efficiency and performance - In a private cloud, you can control pretty much everything about how the cloud and applications are configured, and how they run. So you can tune things to deliver a good (and dynamic) balance of performance vs. resource utilization.
Flexibility - OpenStack runs on a very wide range of compute hardware and integrates well with many different kinds of networking, storage, and other equipment. So you can build very powerful clouds for high performance computing (e.g., rack computers with lots of CPUs and GPUs, such as are required for machine learning, video and game streaming, scientific computing, and other tasks), or very affordable clouds that use cheap, generic compute and storage hardware.
Cost - While it’s true that private clouds come with an up-front cost in hardware and datacenter environment preparation and maintenance, the net cost of building and operating one is quite predictable. As many early public cloud adopters have discovered, the costs of using public clouds are not so predictable, often much higher than expected, and tend to exceed private cloud costs over time for many use cases. For this reason, an increasing number are ‘repatriating’ parts of their IT operations to private clouds from public clouds.
Most users are seeking these basic benefits in a context that delivers:
An Open-Source platform: OpenStack is open-source, which means that its source code is available to the public and can be freely used, modified, and distributed. The voluntary contributions of thousands of individual developers and many organizations mean that OpenStack evolves quickly: security issues get patched, bugs get fixed, and new features and capabilities appear frequently – and go through an orderly process of community evaluation before full release. So users can innovate as rapidly as they feel comfortable, and get lots of (free) help from fellow users. Open source also means the software itself provides some freedom from lock-in. For example, OpenStack can run on a wide range of Linux operating systems, so users aren’t locked into a particular distribution (and its licensing and support plan).
Most users don’t deploy OpenStack directly from its “upstream” sources, however. Instead, just as with Linux (where you don’t typically build your own Linux but rather use a distribution from Canonical or Red Hat or another organization) they use a distribution of OpenStack, assembled and configured by a vendor, who can then provide support and other services. Distributions of OpenStack frequently include hardening for security, deployment tooling, and other add-ons. One thing to watch for in selecting a distribution is how much lock-in (if any) the distribution maker puts back into the recipe: for example, when you get OpenStack from an OS maker, does licensing that OS become a requirement?
Scalability: OpenStack is designed to be highly scalable, meaning that it can grow and adapt as the needs of your organization change. And because it’s open source, costs for the software itself are low, so you can use OpenStack to build very big clouds with lower TCO than proprietary solutions and much lower costs over time than you would pay to use the same resources in a public cloud environment.
High Availability (HA) and reliability: OpenStack is designed to be highly available and reliable. It has features for preventing outages to its control plane (e.g., due to failure of a single server or even multiple servers), as well as ways of automating recovery of applications when worker nodes fail. The most modern OpenStack distributions enhance this further by deploying the OpenStack control plane in containers, on a Kubernetes substrate. Deployed this way, individual control plane elements can scale horizontally at need across multiple servers to keep availability high, even when burdened by requests or managing large traffic flows. The containerized control plane is also much easier and faster to update than conventional component deployments.
Multi-tenancy: OpenStack has sophisticated internal guardrails that let administrators subdivide cloud access and apportion resource quotas to them. You can divide a single OpenStack to serve multiple tenants: each sees the OpenStack as if it were their own cloud. A tenant can have its own roles (administrators, users, etc.) and can be further divvied up into organizations and projects. Any organization can use these features to create separate virtual environments for different purposes, allocate resources with precision, and meet resource quota guarantees to ensure that things perform well, while still efficiently sharing the same underlying hardware. This constellation of features also helps explain why OpenStack is a preferred solution for building public clouds and hosting SaaS services that support many customers with strict security and compliance requirements.
Application Programming Interfaces (APIs): OpenStack provides command-line interfaces (CLIs) and APIs that let developers write scripts and stand-alone programs to automate cloud operations. Most popular programming languages are supported via a Software Development Kit (SDK) and libraries that can be installed and imported to provide your favorite language with a wide vocabulary of OpenStack commands: configuring and launching virtual machines, defining virtual networks, etc. Most popular automation tools (e.g., Ansible) also have OpenStack plugins (sometimes called ‘providers’) that let you easily use these tools as well. If your organization uses multiple cloud environments (e.g., OpenStack, VMware, AWS, etc.) you’ll typically be able to use most of the same automation with all these target clouds.
Who Uses OpenStack?
As previously noted, most organizations leverage OpenStack to create cost-effective, highly scalable private clouds in single or multiple locations. Beyond private enterprise datacenters, OpenStack is also used for building:
Public clouds: OpenStack is popular with public cloud providers such as Rackspace, OVH, and DreamHost, who offer cloud services to customers on a pay-per-use basis. These providers use OpenStack to provision virtual machines, storage, and networking resources, and to manage their cloud infrastructure.
Hybrid clouds: OpenStack is well-suited for combining with public clouds to create extended IT environments. OpenStack provides the necessary tools to manage resources across different clouds, as well as to migrate workloads between public and private clouds.
Research and scientific computing clouds: OpenStack evolved out of original work by NASA, RackSpace, and early adoption by organizations like CERN, and has many users in universities and research institutions. It’s found frequently in scientific computing environments, where it manages compute and storage resources for large-scale simulations, data analysis, and other scientific applications. OpenStack's ability to scale and customize to specific needs makes it ideal for these demanding use cases.
Telecom and service provider clouds and edge clouds: Telecom, SaaS, and other kinds of service providers often pick OpenStack for building out large scale and/or multi-location clouds to host their services. At the lowest level, OpenStack can provide efficient interfaces with specialized hardware (e.g., efficient network cards and their support software frameworks, GPUs for stream processing, etc.) to accommodate high-performance processing of large volumes of data. And OpenStack can be configured to use very high-performance virtual networking. So OpenStack is frequently targeted by network equipment makers who create Virtualized Network Functions (e.g., software-based routers, transcoders, security edge devices, 5G network base station managers, etc.) that run on OpenStack virtual machines and connect to OpenStack virtual networks. At a higher level, makers of Management and Orchestration (MANO) systems also leverage OpenStack to orchestrate these VNFs, bringing services to customers quickly and providing them flexibly (e.g., on edge clouds close to customer premises). OpenStack is also often used to host Kubernetes and other container orchestration frameworks, which are in turn used to host Containerized Network Functions (CNFs).
Government and public sector clouds: Government, military, police, and other public sector organizations adopt OpenStack to create private cloud infrastructure for their applications and services. Open source solutions are prized by the public sector for transparency, security, flexibility, and cost efficiency. Public sector organizations also frequently require the control private clouds provide.
OpenStack Architecture
OpenStack comprises a group of interoperating components. The main components of OpenStack are:
Horizon (Dashboard): Horizon is a web-based graphical user interface (GUI) for OpenStack. It provides an intuitive way to administer OpenStack itself (i.e., at the level of tenants, organizations, projects, etc.) and manage OpenStack resources, such as instances, volumes, and networks, without having to use a command-line interface. See https://docs.openstack.org/horizon/latest/ for more.
Nova (Compute): Nova lets users create, launch, and manage virtual machines – or in OpenStack parlance, "instances." It supports multiple hypervisors, including KVM and Xen, and is designed to be highly scalable, providing the ability to create thousands of virtual machines. See https://docs.openstack.org/nova/latest/ for more.
Cinder (Block Storage): Cinder lets you create and manage storage volumes (virtualized disk drives) and snapshots (files that can be used to repopulate a virtual storage volume). It supports a wide range of storage backends, including physical spinning disks and SSDs on servers, network-attached storage (NAS) devices, and storage area networks (SANs). See https://docs.openstack.org/cinder/latest/ for more.
Neutron (Networking): Neutron lets you build virtual networks with virtual devices (e.g., gateways, routers), define virtual network cards, and attach these to virtual machines. Neutron emulates all the most important physical networking technologies and standards, including virtual local area networks (VLANs) and overlay networks. See https://docs.openstack.org/neutron/latest/ for more.
Keystone (Identity): Keystone provides authentication and authorization services, letting operators manage user and entity identities. It integrates with external identity providers like LDAP, Active Directory, and OAuth, simplifying provisioning of enterprise clouds. Keystone is designed to be highly secure (of course) and can support complex and fine-grained identity and access management requirements, like those required for implementing Zero Trust. See https://docs.openstack.org/keystone/latest/ for more.
Glance (Images): Glance manages image files – binary blobs that represent the contents of a virtual hard disk with a bootable OS on it, representing all this in a way independent of some configuration details. You can create an image file of a working virtual machine – for example, a development environment for software engineers – then use that image to launch new development environments on demand, possibly with different allocations of virtual compute cores, RAM memory, and/or storage device type/size. Most enterprise OpenStack operators provide developers a range of permitted VM images – e.g., a particular version of the organization’s preferred Linux, preconfigured and hardened in particular ways to comply with organizational requirements. Glance supports a wide range of popular cloud image formats, including ISO, QCOW2, and VMDK. See https://docs.openstack.org/glance/latest/ for more.
Other OpenStack components: In addition to these core components, the OpenStack community has initiated (in some cases, longstanding) projects to build, maintain, and improve dozens of add-on services like DNS-as-a-Service, Database-as-a-Service, and Dependency Management. These components work together with OpenStack core bits, letting you create rich cloud environments that are easy for developers to use and easy for organizations to administer. You can find more information on the overall OpenStack architecture at the official OpenStack website: https://www.openstack.org/software/
Each OpenStack component typically has its own CLI and API – and these follow common patterns, so they’re relatively easy to use from the command line or your own automation code.
OpenStack Training and Certification
OpenStack offers a comprehensive training and certification program for developers and IT professionals. The program includes various courses that cover OpenStack's fundamentals, architecture, deployment, and management.
You can also take certification exams that validate your OpenStack proficiency so current and future prospective employers can have more confidence in your skills.Certification exams are available for different roles, such as OpenStack Administrator, OpenStack Developer, and OpenStack Architect.
OpenStack certification is recognized globally and demonstrates your expertise in OpenStack. It can be an excellent way to enhance an IT professional's career prospects and improve an organization's OpenStack adoption and management.
OpenStack vs. AWS
OpenStack and AWS are frequently compared. The two solutions evolved to some degree in parallel with one another (i.e., people who built OpenStack were familiar with AWS, and vice-versa). AWS is the best-known of public clouds, and for a long time was the largest – it’s certainly on the short list for organizations looking to create a hybrid cloud, combining private cloud cost efficiency with public cloud scale-on-demand. And in the current epoch, organizations pulling away from public cloud due to difficulty predicting and controlling costs are often looking at OpenStack as a private cloud solution.
Similarities and Differences between OpenStack and AWS
Comprehensive: OpenStack and AWS both provide a comprehensive set of services and features for deploying and managing applications in the cloud. Both platforms support the creation of virtual machines, storage, networking, and other cloud services. Both support hybrid cloud configurations, and both provide CLIs and APIs for automation.
Open source vs. proprietary: OpenStack is an open-source platform, while AWS is a proprietary platform. This means that OpenStack is freely available and can be customized and extended as needed, and vendor lock-in isn't generally an issue.
Lock-in factors: AWS provides a truly-vast library of ancillary services to solve different enterprise computing challenges. These are convenient, but also very sticky: as many AWS users have discovered, using a wide range of AWS features can make it cost-prohibitive to move away from AWS in the future. In most cases (e.g., Kubernetes, container hosting, serverless computing, database-as-a-service, etc.) analogous capabilities can be provisioned on OpenStack natively, or using open source third party solutions, with much less risk of lock-in.
Scalable: Both OpenStack and AWS are scalable, enabling users to easily increase or decrease the amount of resources they use as their needs change. AWS is, of course, much bigger, so you can potentially scale on AWS very quickly without worrying about running out of underlying hardware resources.
In practice, however, this AWS (or more properly, public cloud) benefit is seldom leveraged except for certain kinds of applications (e.g., graphic multiuser games like FortNite) whose traffic demands grow (or shrink) astronomically in short periods of time. For the average enterprise running many applications, traffic and utilization tends to be stable and predictable, so that scaling decisions (which, for private clouds, require buying and housing new hardware and extending the cloud framework to utilize this new capacity) can be made and implemented at a more measured pace. In short, on-demand, infinite scalability is seldom a deal-breaker in the real world.
Cost: OpenStack's open-source nature and ability to run on commodity hardware can be more cost-effective than AWS, especially for large-scale deployments, but its primary advantage is in its predictability; you always know what your private cloud is costing you, whereas public cloud costs can explode quickly.
OpenStack vs. VMware
OpenStack and VMware are frequently compared because they represent the two most popular approaches to enterprise private cloud available to buyers today. In the current era, many organizations see OpenStack as a possible alternative to VMware (long favored by large enterprises) because of rising costs and uncertainty about support in the aftermath of VMware’s acquisition by Broadcom.
Similarities and Differences between OpenStack and VMware
Comprehensive: OpenStack and VMware both provide comprehensive services and features for deploying and managing applications in the cloud. At present, they are approximately at feature parity with one another.
Open source vs. proprietary - the problem of lock-in: VMware is a proprietary platform, meaning you can’t change or extend it to suit specific needs. It’s designed to run only on certified hardware, and with a limited range of supported host operating systems, adding to cost.
Licensing: VMware licensing is complex, and as you extend a VMware stack upwards (e.g., to add Kubernetes in the VMware flavor, which is called Tanzu) licensing costs mount up. Most OpenStack solutions have simpler licensing schemes and OpenStack providers focus on support for revenue.
OpenStack and Kubernetes
For a long time, OpenStack and Kubernetes were considered "competitors" because both were used to create cloud computing environments, but that's no longer the case. Things have settled out: OpenStack is frequently used to host Kubernetes, and Kubernetes can be used to host containerized versions of OpenStack.
In general, however, the major difference between OpenStack and Kubernetes is that OpenStack is generally used to host virtualized applications that work best in virtual machines, and Kubernetes is generally used to host containerized applications.
That said, this is a little bit of a generalization. OpenStack can host containers (e.g., using the OpenStack project Magnum), and Kubernetes can host virtual machines (with kubevirt.io or other solutions). It's just not what they're meant to do. One exception is when you have a containerized OpenStack such as Mirantis OpenStack on Kubernetes, in which you get the best of both worlds – including the “full sandwich” of Kubernetes (on bare metal) running MOSK, which is then used to run Kubernetes clusters on OpenStack virtual machines.
OpenStack Complexity
OpenStack's key features make it a highly versatile and customizable cloud computing platform that can meet the needs of a wide range of organizations and use cases, but OpenStack (like any cloud platform) does have some limitations. Most notably:
Complexity and steep learning curve: OpenStack is complicated – building, securing, and maintaining an OpenStack cloud requires significant technical expertise. This can mean a steep learning curve for platform engineers and administrators, and may require adding headcount and getting training. OpenStack’s complexity can be offset, however, by working with a dependable vendor who can provide both product and support on an ongoing basis.
Potential for vendor lock-in: Though the core of OpenStack is open source, potential for various kinds of lock-in still exists. As noted above, some distributions of OpenStack are effectively locked to a particular Linux distribution. It’s also possible to get locked into integrations between OpenStack and various kinds of proprietary hardware (e.g., storage, networking), making change or migration more complicated and expensive. The most user-friendly (and lock-in unfriendly) OpenStack distributions can be described as “batteries included but not required.” That is, the distributions run on basically any hardware and a range of popular Linux distros, and come complete with reliable open-source-based solutions for storage and networking that make use of generic, ‘converged’ hardware, available at competitive prices from many sources.
Conclusion
OpenStack is a powerful open-source cloud computing platform that offers a wide range of features and benefits to its users. It provides scalability, flexibility, high availability, and security, making it suitable for various use cases, from public cloud providers to government and public sector organizations. OpenStack's architecture and components work together to provide a complete cloud infrastructure that can be customized and extended to meet specific needs.
Its broad ecosystem provides resources and lets users collaborate with the community to drive its development and improvement.
Looking to the future, OpenStack is poised to continue its growth and expansion as a leading open-source cloud computing platform. Improvements in areas such as containerization, edge computing, and machine learning will enable OpenStack to address new use cases and provide even greater value.