Eucalyptus and VMware

We briefly discussed Eucalyptus in Chapter 2 and Eucalyptus Enterprise Edition in Chapter 4. Users of VMware may appreciate the additional fea- tures that Eucalyptus Enterprise Edition provides, including:

Run your Amazon Machine Image (AMI) instances on your VMware-based hypervisors on your own private cloud

Seamlessly manage environments with multiple hypervisors (Xen, KVM,vSphere, ESX™ and ESXi™) under one manage- ment console

Test, develop, and deploy on your private Eucalyptus EE cloud and smoothly transition to a public cloud or vice-versa, without any modifications

Quickly and easily build hybrid clouds with your existing environ- ment and other public clouds

Leverage the ecosystem built around AWS (RightScale™, Cohe- siveFT™, Zmanda™ and rPath™ are among the vendors that deliver solutions for Amazon AWS that in-turn work seamlessly with Eucalyptus using VMware.)

11. Adapted from www.cloudtweaks.com/2010/05/vmware-to-collaborate-with-google-on-cloud- computing/.

12. http://www.eweek.com/c/a/Cloud-Computing/Google-Shows-Enterprise-Focus-with-App- Engine-VMware-Plans-810075/.

Recent VM Acquisitions

Beside acquiring SpringSource, which we discussed above, VMware has made several other acquisitions in 2010:

Zimbra, a hosted e-mail service, acquired from Yahoo. The New

York Times called it “the icing on the PaaS.”13

Parts of EMC’s Ionix IT management business, including solu- tions aimed at delivering improved management and deployment of servers and applications in a virtualized data center. This deal gives VMware some tools to measure and automate the provision- ing and management of virtualized machines. Since a platform can have hundreds of thousands of VMs, automation is essential. VMware is acquiring from EMC, its parent, all technology and intellectual property of FastScale, Application Discovery Manager, Server Configuration Manager, and Service Manager and will maintain engineering, marketing, sales, and support operations in the United States, Europe, Israel, India, and Australia. (As part of the agreement, EMC will retain the Ionix brand and have full reseller rights to continue to offer customers the products acquired by VMware.) VMware says that this “new capability will provide a holistic view of configuration compliance of complete IT services from underlying physical assets to applications. VMware plans to further optimize the acquired products for dynamic, VMware vSphere-based cloud infrastructure, to deliver unparalleled visibil- ity, control and simplicity of enterprise IT management.”14

Rabbit MQ, an open-source messaging protocol acquired by VMware’s SpringSource subsidiary. This acquisition “enables VMware to provide a messaging platform that is flexible enough to live on company servers, a platform or a private or public cloud computing environments”15 according to The New York Times. RabbitMQ is a successful and well-regarded technology that forms the backbone for many cloud messaging systems environments, providing a multi-protocol, completely open, portable messaging system. The code was created by Open Source vendors Cohesive

13. http://www.nytimes.com/external/gigaom/2010/06/11/11gigaom-what-should-one-make-of- vmwares-shopping-spree-45138.html.

14. http://www.vmware.com/company/news/releases/emc-ionix.html.

15. http://www.nytimes.com/external/gigaom/2010/06/11/11gigaom-what-should-one-make-of- vmwares-shopping-spree-45138.html.

FT16 and LShift17 based on the relatively young AMQP open stan- dard18 for messaging middleware, an industry effort backed by major banks, Cisco, and a handful of smaller companies. As hard- ware is virtualized, translating some of the network equipment like load balancers into software allows services running on the virtual- ized hardware to better scale.

Gemstone, which “provides a distributed data caching technology

to help analyze and crunch data across a number of servers or in the cloud——something VMware can use to make sure its PaaS can handle data without bogging down”19 according to The New York Times.

EngineYard? Maybe. As we go to press, EngineYard (the Ruby on

Rails provider, discussed in Chapter 11)20 ) was also in talks to be acquired by VMware. EngineYard already works closely with VMware, because VMware provides its underlying software and is a strategic investor in Terremark, which hosts EngineYard’s enter- prise-class PaaS.

7.14 OpenStack

Rackspace and NASA, along with leaders Citrix, Dell, NTT Data, Right- Scale,and others, have joined together to create OpenStack.org.

The goal of OpenStack is to allow any organization to create and offer cloud computing capabilities using open source software running on standard hardware. OpenStack Compute is software for automati- cally creating and managing large groups of virtual private servers. OpenStack Storage is software for creating redundant, scalable object storage using clusters of commodity servers to store terabytes or even petabytes of data”21

The OpenStack project builds on efforts already underway by both Rackspace and the space agency. Rackspace had been developing its own

16. http://www.cohesiveft.com/. 17. http://www.lshift.net/. 18. http://www.amqp.org/confluence/display/AMQP/About+AMQP. 19. http://www.nytimes.com/external/gigaom/2010/06/11/11gigaom-what-should-one-make-of- vmwares-shopping-spree-45138.html. 20. http://dealbook.blogs.nytimes.com/2010/06/14/vmware-said-to-be-in-talks-to-acquire-engine- yard/. 21. www.openstack.org.

cloud storage technology, while NASA, by way of its Nebula project, was building out a distributed compute fabric. Nebula is an open source cloud computing project and service developed to provide an alternative to the costly construction of additional data centers whenever NASA scientist or engineers require additional data processing. Nebula also provides a simpli- fied avenue for NASA scientists and researchers to share large, complex datasets with external partners and the public.

All of the code for OpenStack is freely available under the Apache 2.0 license. Anyone can run it, build on it, or submit changes back to the project.

The combined OpenStack effort will challenge Amazon’s cloud and S3 services; it will also provide a useful option for open source users.

OpenStack is another step towards high-speed interclouding. Though it hasn’t happened yet, I believe that Amazon, Google, and VMware will all eventually support it.

Summary

Virtualization is a concept dating back to the 1960s for dynamically map- ping virtual addresses to real addresses, allowing multiple virtual machines to share the resources of a single physical machine. This software is called a hypervisor. Xen, KVM, and QEMU are the leading open source hypervi- sors. Citrix is the leading commercial version of Xen, and mostly sells virtu- alized desktops. A custom variant of Xen is also used by Amazon’s AWS. Microsoft has its own patented approach in Microsoft Azure.

VMware is the best-selling commercial virtualization software. It has been used together with Citrix CPS to improve performance. VMware has made a host of acquisitions, and aims to become what the NY Times calls “the concierge of the cloud.”22

Interesting partnerships among VMware, Google, Salesforce.com, Eucalyptus, and Amazon will help grow the entire industry and prevent lock-in to a single vendor. Developments in standardization and intercloud- ing (discussed in Chapter 4) will also allow for a great increase in the use of virtualization techniques.

22. http://www.nytimes.com/external/gigaom/2010/06/11/11gigaom-what-should-one-make-of- vmwares-shopping-spree-45138.html.

171

Chapter 8

Securing the Cloud: Reliability,

Availability, and Security

Cloud computing is about gracefully losing control while main- taining accountability even if the operational responsibility falls upon one or more third parties. Cloud Security Alliance

Overview

In this chapter, we consider the issues that have caused the most ink to be spilled: reliability, availability, and security (RAS). Anyone relying on com- puting resources in general and cloud computing in particular has these three concerns:

Reliability—How often is service available, and how often it fails. Reliability is often covered by a service level agreement.

Availability—Are the resources I need available when I want them? How long does provisioning take new resources take? Can the ser- vice scale up and down quickly as my needs change?

Security—Can those with approved access to data see only the data they are entitled to see, and no other data?

In this chapter, we review the standards that have been developed to independently audit whether a vendor’s security standards are up to par.