Infrastructure as a Service is a provisioning model in which organisations outsource the hardware required for projects and operations. As shown in figure 8, this hardware includes servers, storage, and networking while the organisation controls the OS, middleware, runtime, data, and applications.
The equipment remains the property of the service provider and they are tasked with the running, maintain and storage it. Pay rates for services like these are typically a usage based model.
Below is a selection of IaaS solutions that are under review for possible use with the OPENi project:
16.1.1 CloudSpaces
CloudSpaces [46] is an on-going research project which was mentioned in D2.2 with a focus on looking at open APIs and flexible information sharing among personal clouds. CloudSpaces will be comprised of 3 main components CloudSpaces Share, CloudSpaces Storage, and CloudSpaces Services.
CloudSpaces Share will focus upon the interoperability and any privacy issues for the system. Within its API it overcomes the risks associated with proprietary lock-in as well as ensures the privacy of shared data between personal clouds.
CloudSpaces Storage is a means of allowing users to take control over their information and provide them with the choices of where to store their information and how applications and other users can access this information. CloudSpaces Storage will manage the data and scaling of the different storage resources.
CloudSpaces Services will provide a high level infrastructure for third-party applications. CloudSpaces personal cloud model will include data management services, data application interfaces and a persistence service with differing levels of consistency and synchronisation in order to cater for each application’s needs [47].
While physical host management can be carried out via a CLI, Eucalyptus provides a web GUI for the management of admin tasks and the virtual machine environment. This web interface caters for a multitude of processes such as the management and resource provisioning of VM instances, the creation and management of instance images, user management, security features, and networking management as well as resource tagging to aid organisation. Eucalyptus have added a “Magic Search Bar” to their user GUI which allows users to efficiently find and filter elements on any page within the GUI.
The latest version of Eucalyptus (v3.3) features additional new AWS features such as the support for auto scaling, elastic load balancing and Amazons CloudWatch feature. The addition of these features allows the system to be configured in such a way that it can automatically increase or decrease resources to keep performance within acceptable levels and simultaneously distribute incoming traffic to multiple instances to increase fault tolerance for the system. CloudWatch allows the system to be automatically monitored, statistics to be collected and alerts to be set to ensure admins know if there is an issue with the system.
Eucalyptus allows for the configuration of security and user groups as well as catering for the need to manage these user accounts. This user management aspect allows administrators to create, delete and edit user accounts and groups. The user groups in Eucalyptus are a means to manage user permission on a large scale with changes to a group affecting all users within it. Security groups allow for finer control over the flow of information in the system and can be used to both isolate groups of machines from one another and mitigate any possible access related security risks. All these actions can be carried out via the CLI or the administrator console GUI supplied by Eucalyptus.
With its high interoperability with AWS Eucalyptus also fully supports hybrid clouds using a combination of Eucalyptus private clouds and Amazon public clouds. Using the auto scaling and load balancing features Eucalyptus can expand into Amazon public cloud space when and if needed to, as stated earlier, keep the system performing at its full potential even under heavy load.
16.1.3 mOSAIC
mOSAIC [49], as described in D2.2, is a research project aimed at developing an open source API and platform to allow the designing and development of multi cloud based systems. This multi-cloud API used by mOSAIC will also facilitate greater competition between cloud providers.
mOSAIC is designed so that a user will be able to supply their service requirements to mOSAIC and using its multi-agent brokering mechanism it will then search for an appropriate supplier for those requirements. If a single provider does not fully satisfy the requirements mOSAIC will then use a combination of providers to meet the requirements of the system. This will allow cloud developers to discover the cloud services tailored for their projects.
16.1.4 Nimbus
Nimbus [50] is an open source toolkit focused on providing cloud services to the scientific community with its 3 main goals. The goals are to enable the building of private and community clouds, make the clouds usable for users and to make it easy for developers to extend, experiment, and customise their clouds. Interoperability is key for developers to extend and experiment with technologies. Nimbus offers compatibility with Amazons EC2 and supports hypervisors such as Xen and KVM.
Nimbus’ underlying physical hardware can be managed via CLI and the VMs are managed using the cloud client CLI supplied by Nimbus. Through this CLI VMs can be viewed, created, deleted, and edited using the cloud client or the supported EC2 commands. User and security management can be configured via this CLI with easy to use commands.
Nimbus allows for easy user creation, editing and deletion from the CLI with a full array of details being returned upon the creation of a user. User groups are used as a means to control how different types of users can interact with the system and users can be selectively granted access to details about the VMM that certain VMs are running upon. A web interface comes bundled with Nimbus, it is however disabled by default. Using this web interface new users can be sent a URL which will allow them to configure their account using the GUI instead of a CLI.
Nimbus has experimental support for multi-cloud deployment whereby multiple nimbus clouds can be connected and combined however currently integration with EC2 is not available if using multi-cloud.
While a single instance of a nimbus cloud can be integrated with existing clouds by utilising the support for Amazon EC2 as well as the Xen and KVM hypervisors.
16.1.5 OpenNebula
OpenNebula [51] is an open source project for managing virtualized data centres and private clouds.
It is compatible with Amazons EC2 and EBS APIs and supports many of the most popular hypervisors such as Xen, KVM and ESXi.
OpenNebula provides administrators and users alike with both a CLI and their Sunstone web GUI. The Sunstone GUI provides an easier means of managing cloud resources and the system as a whole. It allows for the creation, editing and deletion of VMs, includes a management system for VM images, a view for managing the virtual networks within the system and user management features.
OpenNebula implements both group and role based user security. These features coupled with support for LDAP services allow for greater control over user access to key resources in the system.
Key VMs in the system can be isolated from others using OpenNebula Zones which itself can be further compartmentalized into Virtual Data Centres if needed. OpenNebula Zones includes its own web GUI with functionality equal to that of the CLI.
OpenNebula uses its interoperability with Amazon to provide hybrid-cloud support, stating that its hybrid-cloud deployment process is completely transparent to infrastructure users. OpenNebula’s support for cloud bursting and expansion into other clouds enables it to be a highly scalable system and allows it to remain fully functional under tremendous louds.
16.1.6 OpenStack
OpenStack [15], as described in deliverable 2.2, is a collection of open source components used to deliver public and private clouds. OpenStack’s interoperability with multiple hypervisors, such as Xen, KVM and VMWare ESXi, and other cloud providers, like Amazon EC2 and S3, have made it a popular solution for cloud platforms.
OpenStack provides access to the underlying hardware with the use of the OpenStack APIs. This coupled with the ability to use a command line interface for the management of the physical hosts allows for finer control of the system as a whole.
Managing the virtual machines in the system can be done several ways. OpenStack has a web
“Dashboard” GUI that can be used to manage all the main aspects of the system including but not limited to VM instance and image management, VM provisioning, user management and other security features. The OpenStack API can also be used to manage these aspects of the system as well using the Amazon EC2 API as OpenStack has implemented the system so that it can support the EC2 API.
The key security features are the ability to create security groups, user groups and the user management system. The security groups allow for the finer control over the flow of information in the system and can be used to isolate groups of machines from one another and mitigate any possible security risks that would be present in a system where all machines had access to one another. OpenStack implements a role based access control system (RBAC) which allows users to be assigned a role and the permissions specified in that role, on top of that OpenStack also implements a
user grouping system in the form of projects. Users can be granted access to a project and will only have access to machines associated with that “project”
While OpenStack does not officially have documentation about a hybrid cloud implementation there are several large cloud providers and scientific institutions that are working on or have implemented a hybrid cloud using OpenStack. One such example is CERN Openlab and Rackspace have developed a Hybrid cloud using OpenStack.