Comparing IaaS 10k views and OpenNebula

I am glad to celebrate today more than 10 thousands views of my publication “Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti“. It’s an astonishing result and I can’t thank enough all my readers and fans that have shared it on Twitter and Facebook.
One of the frequently asked question was:

why not comparing to OpenNebula? What are the differences with it?

Comparing to something that I’ve heard but never tested sounded so unprofessional. So, to celebrate my 10 thousands visits, I decided to setup a full OpenNebula architecture.

OpenNebula Test

OpenNebula ScreenShot

The testing environment has two HP DL380, plus one DELL R210 as management node. Every machine is running on CentOS 6.5. I decided to make things slightly more complicated, by using GlusterFS as a distributed storage inside the compute node themselves, to leverage the internal disks of the nodes. These are the same nodes I used for testing Ganeti.

First of all, let me tell you that what I heard is confirmed: OpenNebula is a great project. It’s a “mini-OpenStack” that is able to handle a lot of requirements from those ISPs and private datacenters that wants to adopt a Cloud environment.

Comparing Iaas (including OpenNebula)

So, what is my opinion after this tests? It doesn’t change much after all …

OpenStack is becoming a buzzword: every vendor basically is jumping in and there is/was the need of clarify some details. OpenStack targets large installations, which means basically large ISPs or very large corporations with multiple datacenters.

VMware has the advantage that ESXi fits even a single server, but can scale up to 32 hosts. For those IT managers in need of certified software and support, and still have enough budget, VMware is a good solution for their enterprises.

OpenNebula has the same philosophy of OpenStack. It requires a lot less hardware than OpenStack, but still has the same approach of dynamic lifecycle of VMs.

One of the requirements, especially for the ISPs, is the migration from an existing virtualization or VPS solution. Here it comes the issue when embracing a cloud infrastructure, being OpenStack or OpenNebula: while cloud uses virtualization, the management of the virtual machine is very different.

In a cloud solution, the administrators needs to setup images (or templates) that will be the base for virtual machines. If you want to migrate an existing VM to the cloud, you need first to convert it into a template, then instantiate a virtual machine from the template.

While this could be easy enough for few virtual machine, when I’m dealing with extremely large service providers we could talk about thousands of images and VM (1&1 and Deutsche Telekom, just to name two). This is not a process that can be easily automated with a one-fits-all solution.

Ganeti has a different approach: while still being a virtualization solution, offers some flexibilities that are typical to cloud infrastructures, like fast deploy of virtual machines and private network for customers. That’s why Ganeti has been chosen for our SecureData.

The 2013 and New Year’s resolutions

It’s time to sit down and think about the past year. This 2013 was definitively one of the busiest of my career, I’ve never traveled so much, mostly across Telcos, ISPs and biggest companies of Germany, UK and Switzerland. But it was as well one of the worse year in security, especially when it comes to passwords.

Crackers were able to get Adobe encrypted passwords for approximately 38 million active users.  Evernote had a security breach with stolen information from the user base, forcing them to reset all passwords. And more than 2 million accounts have been compromised from popular sites such as Google, Yahoo, Twitter, Facebook and LinkedIn after malware captured login credentials from users worldwide. This just to mention some highlights of this year in the consumer space.

Just imagine what happened o could potentially happen in a corporate environment and how many trade secrets, inventions and personal confidential information are at risk. Passwords are definitively over and cannot be considered a secure method to protect information in a cloud world. That’s why I consider 2014 the year of Cloud IAM (Identity & Access Management).

What am I doing to help?

  • When involved in designing OpenStack architectures for Canonical, I am very conscious in implementing security as it should be. Most of the world’s biggest hosting and housing providers are having issues on misuse of their infrastructures. The biggest issue is that they cannot control and enforce security in their guests and Gigabits, or even Terabits, are wasted in botnet and coordinated attacks.
  • I am driving SecurePass to be able to handle groups and access policies for web-based applications, as well as in RADIUS and LDAP. Moreover, during 2014 we will release a beta of the public APIs with the same security and segregation of the existing protocols. Through APIs, customers and partners can build lot of new applications, provisioning and more.
  • IBM labs with my cooperation created a SecurePass plugin for WebSphere applications. With this partnership, I helped protecting two of the largest financial companies across Europe, helping them to reduce costs while increasing protection and confidence in their extranets and applications accessed by 3rd parties. Public reference will be published in 2014 by both IBM and GARL.
  • I am cooperating with Google’s engineering team to enhance Ganeti, Google’s virtualisation platform that is used to manage Google’s internal corporate network. GARL’s SecureData is the result of our co-operation, bringing the reliability of Ganeti with the protection to SecurePass to help companies reducing the costs of their VMware installations. SecureData is available on Debian, Ubuntu, CentOS and RedHat Enterprise Linux (RHEL). Early 2014 it will be installed in the Labs of a popular italian telco.
  • GARL traditionally offered Vulnerability Assessment and Penetration Tests. These audits usually targets banks and ISPs, but there’s specific cases in which even medium-sized companies should need a security audits (ex: healthcare, factories, …). GARL introduced EasyAudit in its offering an “audit package” in cooperation with ISGroup,  headed by  the well-known and respected Francesco Ongaro, that mixes security with affordability. Myself and Francesco were the auditors that acted on behalf of Symantec when the well-known firm used to deliver VA and Penetration Tests in Europe, so who better than us can deliver these services?
  • As always, I’m trying to write papers to help people understand how security and quality are important during a project. Most of the time it’s not a waste of time, it could take less than what you expect (or other company are trying to sell you), but on the long run you will save time, money and … headaches!

Let me thank you publicily my wife Maria, she’s sustaining me on my decisions and she understands the massive amount of travel I am doing. A big thank you goes to Donatella, my right-hand woman and my invaluable assistant, as well as all my staff at GARL.

Wish you and your families a joyful 2014.

Giuseppe Paternò

Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti

No matter if you are a lonely system administrator or the CTO of the largest carrier in the World, getting to know what’s out there is a jungle. Is VMware still the lead? I’ve heard about OpenStack, how mature is that? And what this “Ganeti” I’ve never heard of?

Well, here I am. Guess what, you’re not the only one asking these questions. I traveled most of Europe hearing world’s most famous enterprises, banks and telcos and also in contact with many vendors’ labs, from San Francisco to Munich.

In my publication “Comparing IaaS: VMware vs OpenStack vs Google’s Ganeti” I just wish to give a quick overview of the state-of-the-art in the IaaS and virtualization world. This is not a sales or marketing presentation: no vaporware, just pure and real experience from the field.

Special thanks to all my friends Google engineering (Michele, Guido and Helga), the OpenStack community manager Stefano Maffulli and all colleagues and former colleagues (rackers and HP 🙂 and all the guys from the Green Research and Technology Network (GRNET).

Enjoy the slides and stay tuned on my twitter channel on @gpaterno