One OpenStack to Rule Them All: Bare Metal to Clouds

At VMworld 2014, VMware announced its easy-to-install OpenStack distribution, VMware Integrated OpenStack. This got me thinking, as normally OpenStack refers not just to the OpenStack distribution but to a specific underlying hypervisor as well, usually KVM. However, we know that OpenStack works equally well on KVM, vSphere, Hyper-V, and Xen, as it is more of a cloud management layer than a hypervisor. We should probably never lose sight of that little aspect of OpenStack: it is not a hypervisor. As an open-source management stack, it is possible for it to manage cross-hypervisor with a few modifications to its components.

What Is OpenStack?

According to its website, “OpenStack Software delivers a massively scalable cloud operating system” via several components, as seen in Figure 1 (which comes direct from

Of interest here are the name changes: Compute manages virtual machine provisioning and configuration (Nova), Networking manages the network (Quantum), and Storage manages the storage used by the compute images (Cinder). There are also a bunch of dashboard tools. This is all that is needed to build a distribution. (To find out more about the software, visit But the most interesting item on the diagram is the label “Standard Hardware.”

OpenStack Standard Hardware

This is an intriguing concept, as currently, standard hardware often translates to a hypervisor within current OpenStack deployments. Actually, most if not all of the current distributions are built on hypervisors, not bare metal. Here are just a few of those distributions, but all use hypervisors:

  • Mirantis uses Fuel to provision and configure its pure-play OpenStack, which works on any hypervisor. Usually that hypervisor is KVM, but Mirantis also supports vSphere (as long as the integrations are built in or there are third-party plugins to make everything happen). This is a one-stop shop that removes the complexity of installing all the bits related to OpenStack.
  • Piston, on the other hand, has built a distribution that will install on any setup of bare-metal systems that are on its hardware compatibility list—KVM plus OpenStack with their highly available management suite. This distribution is specifically sold for DevOps.
  • VMware Integrated OpenStack (VIO), is an easy-to-install version of OpenStack that integrates into the underlying vSphere/vCenter, Virtual SAN, and NSX products.

Yet, when you look into the internals of OpenStack and these distributions in particular, you will see that they manage only one hypervisor at a time. Current thinking is that you need more than one OpenStack distribution for each hypervisor or even for bare-metal deployments. Yes, OpenStack can manage bare-metal deployments; however, this requires a fair amount of tweaking by hand, as a workload now becomes a physical machine instead of a virtual machine.

So, where is OpenStack heading?

Future Possibilities for OpenStack

OpenStack could continue down the path it is traveling and maintain its “one hypervisor:one OpenStack” approach, or it could become the core of something larger. We should be able to use one management tool for cross-hypervisor, bare-metal, and cloud boundaries. I would like to see OpenStack instances be federated, secure, and hypervisor-agnostic during run time. There are three concepts here:

  • Federation: OpenStack has the potential to cross cloud boundaries so that one federated instance can manage all workloads, regardless of the clouds in use. Perhaps this is the direction in which Platform9 is heading. This would require better integration between cloud layers and using underlying APIs. If you use VIO and HotLink Express, you would gain quite a bit of this functionality due to VIO’s integration with vCenter and HotLinks integration with vCenter.
  • Agnosticism: OpenStack can serve as the ultimate hypervisor-agnostic platform for building clouds. Why waste resources and money? If you have vSphere, Hyper-V, KVM, or Xen hypervisor instances already within your data center, it would be incredibly cool to manage them all via one system instead of four or more. With some modifications to Nova and Cinder, we could easily move workloads—eventually, perhaps even vMotion—between disparate hypervisors.
  • Security: OpenStack has long suffered from a lack of security integration. Yes, communication between each  component is secured, and there are multitenant dashboards. However, I would like to see deeper integrations that give me one place from which to manage all policies for all federated clouds and hypervisors. Or, frankly, just for one hypervisor. This is the goal of the project Congress.

It is possible today, for example, to join multiple hypervisors into one OpenStack instance by layering Nova onto each node of each type of hypervisor. However, we cannot yet migrate workloads between them easily. We will need improvements in Cinder and Quantum to translate from one hypervisor to another. We still need one security policy across all instances of OpenStack.

If we combine federation, security, and agnosticism, there will be One OpenStack to Rule Them All.

Posted in SDDC & Hybrid Cloud, SecurityTagged , , , , , , , ,