Public vs Private, Amazon Web Services EC2 compared to OpenStack®
How to choose a cloud platform and when to use both
The public vs private cloud debate is a path well trodden. While technologies and offerings abound, there is still confusion among organizations as to which platform is suited for their agile needs. One of the key benefits to a cloud platform is the ability to spin up compute, networking and storage quickly when users request these resources and similarly decommission when no longer required. Among public cloud providers, Amazon has a market share ahead of Google, Microsoft and others. Among private cloud providers, OpenStack® presents a viable alternative to Microsoft or VMware.
This article compares Amazon Web Services EC2 and OpenStack® as follows:
- What technical features do the two platforms provide?
- How do the business characteristics of the two platforms compare?
- How do the costs compare?
- How to decide which platform to use and how to use both
OpenStack® and Amazon Web Services (AWS) EC2 defined
From OpenStack.org “OpenStack software controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API. OpenStack works with popular enterprise and open source technologies making it ideal for heterogeneous infrastructure.”
From AWS “Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers..”
Technical comparison of OpenStack® and AWS EC2
The tables below name and briefly describe the feature in OpenStack® and AWS.
Compute
Why you need it?
To run an application you need a server with CPU, memory and storage, with or without pre-installed operating systems and applications.
OpenStack
|
AWS
| |
Definition
Compute is virtual machines/servers
|
Instance
|
Instance/VM
|
Sizes
How much memory and CPU and temporary (ephemeral) storage is assigned to the instances/VM.
|
Flavors: Variety of sizes: micro, small, medium, large etc.
|
Variety of sizes: micro, small, medium, large etc.
|
Operating systems offered
What operating systems does the cloud offer to end-users
|
Whatever operating systems the cloud administrators host on the OpenStack cloud. (Red Hat certifiesMicrosoft Windows, RHEL and SUSE)
| AMIs provided by the AWS marketplace. |
Templates/images
A base configuration of a virtual machine, from which other virtual machines can be created.
Catalogs of virtual machine images can be created from which users can select a virtual machine.
|
Glance
OpenStack administrators upload images and create catalogs for users.
Users can upload their own images.
|
(AMI) Amazon Machine Image
Users can upload their own images.
|
Networking
Why you need it?
To network virtual servers to each other. You also need to control who can access the server. You want to protect/firewall the server especially if it is exposed to the Internet.
OpenStack
|
AWS
| |
Definition
Networking provides connectivity for users to virtual machines. Connects virtual machines to one another and to external networks (the Internet).
|
Neutron
|
Networking
|
A private IP address internal only and non-routable to the Internet
|
Every virtual instance is automatically assigned a private IP address, typically using DHCP.
|
AWS allocates a private IP address for the instance using DHCP.
|
Public IP address
|
A floating IP is a public IP address, that you can dynamically add to a running virtual instance.
|
AWS public IP address is mapped to the primary private IP address.
|
Networking service
|
You can create networks and networking functions, eg. L3 forwarding, NAT, edge firewalls, and IPsec VPN.
|
Virtual routers or switches can be added if you use AWS VPC, a virtual public cloud.
|
Load Balance VM traffic
|
OpenStack LBaaS (Load Balancing as a Service) balances traffic from one network to application services.
|
ELB (Elastic Load Balancing)automatically distributes incoming application traffic across Amazon EC2 instances.
|
DNS.
Manage the DNS entries for your virtual servers and web applications.
|
The OpenStack DNS project (Designate) is in “incubation” and is not part of core OpenStack (as of the April 2015 Kilo release).
|
Route 53 – AWS’s DNS service.
|
SRIOV
A method of device virtualization that provides higher I/O performance and lower CPU utilization compared to traditional implementations.
|
Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Ethernet Bridging or they may be extended to an upstream physical switch (IEEE 802.1br).
|
AWS support enhanced networking capabilities using SR-IOV, provides higher packet per second (PPS) performance, lower inter-instance latencies, and very low network jitter.
|
Monitoring
Why you need it?
You get insight into usage patterns and utilization of the physical and virtual resources. You may want to account for individual usage and optionally bill users for their usage.
OpenStack
|
AWS
| |
Definition
Monitoring provides metering and usage of the cloud.
|
Ceilometer
|
Cloudwatch
|
System-wide metering and usage.
Option to bill users for their usage
|
To collect measurements of the utilization of the physical and virtual resources comprising deployed clouds.
Persist data for subsequent retrieval and analysis, and trigger actions when defined criteria are met.
|
Monitoring service for AWS cloud resources and the applications on AWS.
Collect and track metrics, collect and monitor log files, and set alarms.
|
Security
Why you need it?
You need the option of public key cryptography for SSH and password decryption. You want to firewall virtual machines to only allow certain traffic in (ingress) or out (egress).
OpenStack
|
AWS
| |
Definition
Control access to your virtual machines.
|
Keypairs, security groups.
|
Keypairs, security groups.
|
Key pairs
To login to your VM or instance, you must create a key pair.
Linux: used to SSH.
Windows: used to decrypt the Administrator password.
|
When you launch a virtual machine, you can inject a key pair, which provides SSH access to your instance.
|
To log in to your instance, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.
|
Assign and control access to VM instances.
A security group is a named collection of network access rules that limit the traffic that access an instance.
When you launch an instance, you can assign one or more security groups to it.
|
Supported
|
Supported
|
Identity
Why you need it?
You want to govern who can access your cloud. You can manage permissions to cloud resources. You may want to offer multi-factor authentication for stronger security.
OpenStack
|
AWS
| |
Definition
Authentication and authorization methods for controlling access to virtual servers, storage and other resources in the cloud.
Integrates with an external provider, example LDAP or AD.
|
Keystone
|
IAM Identity and Access Management
|
Storage
Why you need it?
Block storage
- Assign virtual drives/volumes to virtual servers to grow their storage capacity, beyond the boot volume.
- Snapshots and backups of virtual servers.
Object storage
- Store objects such as files, media, images
OpenStack
|
AWS
| |
Object storage
Store files: media, documents, images etc
|
Swift
|
S3 – Simple Storage Service
|
Block storage
Create virtual disk drives (volumes).
|
Cinder
|
EBS – Elastic Block Storage
|
Database
Why you need it?
Your cloud users can use a database service without installing and configuring their own database.
OpenStack
|
AWS
| |
Definition
|
Trove
|
RDS
|
Relational Database
|
MySQL, PostgresSQL
|
Users get an instance of MYSQL or Oracle 11g.
|
Non Relational Database
|
Cassandra, Couchbase, MongoDB
|
Amazon SimpleDB Users store data pairs into a simple database suitable for heavy read applications.
|
Orchestration
Why you need it?
This allows repeatable copies of an application to be made.
OpenStack
|
AWS
| |
Definition
Allows developers to store the requirements of a cloud application in a file or template that defines resources (virtual machines, networks, storage, security, templates, images etc) necessary for the application to run.
|
Heat
|
Cloud Formation
|
Big data / parallel processing
Why you need it?
The cloud can provide the infrastructure for you to perform large scale data processing.
OpenStack
|
AWS
| |
Definition
Allows you to perform large scale parallel processing of data, example Hadoop
|
Sahara
|
EMR – (Elastic Map Reduce)
|
Messaging
OpenStack
|
AWS
| |
Definition
The cloud can buffer and move data between applications and VMs/instances on a hosted queue.
|
(not released yet)
|
SQS – (Simple Queue Service)
|
Graphical User Interface (GUI) dashboard
Why you need it?
You can administer your cloud or users can self-serve their needs, from any compliant browser.
OpenStack
|
AWS
| |
Definition
Browser to manage or self serve needs for compute, networking and storage.
|
Horizon
|
Console
|
Command Line Interface (CLI)
Why you need it?
You can automate and script the administration and use/consumption of your cloud from the command line.
OpenStack
|
AWS
| |
Definition
The command line interface provides administrators with commands to provision and de-provision cloud resources (virtual machines, storage, networking)
|
Business level components
Multi-tenancy
Why you need it?
To segregate users by business unit, department or organization to meet legal requirements or to set quota on resources.
OpenStack
|
AWS
| |
Definition
A tenant is a group of users who share common access to infrastructure (the cloud platform) with other users. Users are segregated.
|
Project / tenant. Quota of compute resources can be defined for each project/tenant.
|
Segregation is achieved using AWS VPC (Virtual Private Cloud)
|
SLA (Service Level Agreement)
Why you need it?
To run mission critical applications with minimal downtime you need an SLA from your cloud provider.
OpenStack
|
AWS
| |
Definition
An SLA is a guarantee of availability of the cloud.
|
An SLA is negotiated between the provider of the OpenStack private cloud (internal IT department / managed service provider) and the business units who consume the private cloud.
|
SeeAWS SLA
|
Ownership and control of data
Why you need to know?
Users should know who can access data stored in the cloud. Legal regulations for industries such as healthcare, financial services, government etc stipulate who should have access to applications and data. Some users/countries fear that government security and spying agencies can gain access to public cloud data.
OpenStack
|
AWS
| |
Definition
When you store applications and data in the cloud who owns the data and who has access to it.
|
The users of the OpenStack cloud
|
The user owns the data. See AWS agreement (section 8)
|
Ecosystem
Why you need to know?
You may need help from consultants and community peers to use a private or public cloud. If you deploy a private OpenStack cloud, the community of software and hardware vendors that are certified with your OpenStack vendor give you the assurance that problems can be resolved. (see my prior post for a supported OpenStack deployment.)
OpenStack
|
AWS
| |
Definition
An ecosystem includes hardware vendors, software vendors, a community of peers (developers, users, administrators) and consultants to enable a cloud to run.
|
OpenStack’s ecosystem: hardware, software and service providers and end users.
OpenStack code which runs the cloud is open source for users to contribute.
|
Amazon’s ecosystem ofconsultants and ISVs assist users to use the AWS.
The AWS code which runs the cloud is closed source.
|
High availability
Why you need to know?
If a cloud offers high availability, then applications hosted on the cloud can fail over and users will experience less interruption of service.
OpenStack
|
AWS
| |
Definition
Regions and Availability Zones.
| Data and instances can be stored in different geographical regions for redundancy, latency or legal requirements. |
Amazon EC2 is hosted in multiple locations world-wide, composed of regions (a separate geographic area). Each region has multiple, isolated locations known as Availability Zones.
|
Cost
Why you need to know?
The cost of running servers and applications in a cloud can be operational (OPEX) or capital (CAPEX).
OpenStack
|
AWS
| |
Definition
The cost of using a cloud service.
|
Use a managed service offering
OR
Buy hardware to run an OpenStack cloud.
AND
Freely download OpenStack software and employ engineers to install, maintain, enhance, upgrade etc. This cost model can be difficult to estimate because of the cost of employees required to run the cloud. How many engineers do you need? How do you know when to hire more? How do you reduce the size of your workforce if the demand for your cloud decreases?
OR
License a distribution from a vendor. This involves an upfront license cost, annual support costs and a subsequent license renewal.
OR
Purchase a predictable subscription from Red Hat and receive support, maintenance, consulting, upgrades….
|
Billing by the minute/hour – potentially unpredictable costs as usage is billed as used.
|
So which do you use?
Since both cloud platforms provide some similar services, you should consider your needs. For instant and temporary needs, AWS and its on-demand pricing model could suffice. For longer term projects AWS lists examples, as doesOpenStack.
I believe it boils down to use cases. AWS lists use cases and Gartner recommends using OpenStack for:
- “DevOps-style software development. Developers can access the OpenStack API and work with infrastructure as code.”
- “For development/testing support. …scenario of a more traditional IaaS with a self-service portal for the developers and testing groups.
- “High-performance computing/grid computing is a potential use case for OpenStack because many of these environments are implemented with open-source components, and OpenStack is well-suited to support the flexible infrastructure provisioning required in these environments.”
- “Scale-out commodity infrastructure to support big data technologies such as Hadoop, Apache Spark and Apache Cassandra.”
- “line-of-business application hosting…..Focusing on the emerging cloud-native applications, rather than trying to chase legacy compatibility, is the scenario used by most IaaS private cloud implementers.”
Comments
Post a Comment