Nimbula is an Infrastructure as a Service (IaaS) software stack analogous in its target market and its business model to commercial software like vCloud. It sits alongside a number of open source software products like Eucalyptus, Cloud.com (Citrix) and OpenStac k(Rackspace et al.)    as well as the Amazon Web Service, and other hosted services.

Nimbula is a relatively-late entrant to the market, and is in some sense a second-attempt at IaaS, since it was developed by a lot of the original team that built AWS.  It is a venture-backed statrup with a significant funding base, and is quite early in its adoption curve.  There is a free version (limited to 40 cores) but this is not an Open Source product.

The Nimbula team have taken the approach of NOT adopting the Amazon AWS  APIs, because it would have restricted their ability to introduce an alternative (and in their view better) architecture, and would have reduced their product to a least common denominator. They point to a number of specific features resulting from this, the key one being an integrated approach to access control known as the Cloud Authorization System. The idea here is that a broad range of service  entities within one or more clouds are controlled through a common permisioning model (the actual implementation can be distributed in a redundant fashion, thereby ensuring availability in federated clouds).

Within this structure there is no pre-defined hierarchy of objects which means that access control can be configured flexibly to allow controlled tenant-to-tenant access as well as isolating tenants from each other.  It’s an interesting take on the problem of tenant isolation – turn it from a problem into an opportunity – if tenants happen to be located in the same cloud then there is a possibility that they might be related to each other in some way, so there is the opportunity to offer them controlled access to each others’ resources.

Nimbula are able to leverage the permisioning model to provide a distributed node-to-node and node-to-outside-world firewall/NAT facility in a way that doesn’t involve defining a multiplicity of point-to-point firewalls using IPTables etc.  they can also run fine-grained metering on top of the entity model, to allow various forms of chargeback for service providers.

The infrastructure is hypervisor-agnostic, with current implementation on KVM. It offers an NFS-based storage option with the option to define  tiered pricing structures based on the underlying storage implementation.

At this stage the product is being  targeted at both Enterprise and Service Provider customers with the referenceability in the Service Provider space.  It offers to Service Providers an all-in-one solution which works out of the box (whereas alternatives like OpenStack may require significant customization), at a price-point which is competitive (in comparison with the other commercial supported IaaS offerings).

In the presence of existing competition, it feels like the Cloud Authorization System is a good idea for defining a flexible meta-architecture, and once it is in place a lot of things become simpler for the IaaS vendor to implement.  However the OpenStack software development model (Bazaar rather than Cathedal) does have significant momentum and vast amounts of individual resource applied to it, so it remains to be seen if the architectural elegance of Nimbula ultimately turns into customer entusiasm for the features it facilitates and then into customer adoption.

 

 

Share this Article:

Share Button
Mike Norman (104 Posts)

Dr Mike Norman, is the Analyst at The Virtualization Practice for Open Source Cloud Computing. He covers PaaS, IaaS and associated services such as Database as a Service from an open source development and DevOps perspective. He has hands-on experience in many open source cloud technologies, and an extensive background in application lifecycle tooling; automated testing - functional, non-functional and security; digital business and latterly DevOps.

Connect with Mike Norman:


Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


6 × two =