A few weeks ago one of my SCR co-authors asked if Open Source Matters to cloud security. For me, the bigger question was whether open source mattered at all. Despite the fact that most cloud providers make extensive use of open source technologies, Amazon, Google, GoGrid and Rackspace have one thing in common with Microsoft – their core provisioning, networking, storage and management components are essentially a black box for the users. Until now.
Today Rackspace, NASA and 25 other companies announced a new effort called OpenStack that provides a set of open source components for building an infrastructure cloud. If OpenStack can fulfill on it’s promise, the effect on cloud computing and by extension to cloud security will be profound.
To be fair, this isn’t as much of show of strength of Rackspace cloud technology as it is a chance to win the game by changing the rules on the field. Until now, IaaS providers competed on the strength of their ability to rapidly advance their software capabilities. By commoditizing the software behind infrastructure clouds and pulling in a sizeable development community Rackspace may be able to force Amazon to compete on their own terms – the strength of being a service provider. This is the “softer side of Sears” that AWS has historically lacked in both it’s service and it’s company culture and an area where Rackspace excels.
My personal interest in the OpenStack was whether it would finally provide the opportunity to built security directly into the cloud fabric. Most cloud providers (especially Amazon) do not focus on building security capabilities until they are forced to do so by their customers and are notoriously hesitant to partner with security companies, because they require rather deep access to network and software components. As an open source ecosystem, the Open Stack allows developers interested in adding security capabilities to have equal access to the cloud platform like never before.
There are few technical details available on the project site, but the agenda notes from the recently held design summit provide some interesting details for those interested in cloud security:
- OpenStack is not the software that runs the Rackspace Cloud today, but a new project built by combining the NASA’s Nova and Rackspace Ozone projects that each has been building as a next-gen architecture for their infrastructure clouds.
- While the storage component of OpenStack is available now (with support for AoE, iSCSI, pNFS under consideration), the compute code should be available closer to end of the year.
- OpenStack should have more mature networking capabilities than currently available with RS CloudServers today, including VLANs and VPN support, courtesy of Nova.
- More advanced networking and security functions may come from Open vSwitch, which appears to be under consideration.
- CloudAudit capable API is also under consideration, which may be the first known implementation for this recently submitted IETF draft.
- Access API may accommodate for an IT Security group for dealing with compromised guests.
- OpenStack will provide audit logs of “who did what to cloud resources”, which would be a welcome change from the way most providers operate today.
There are a lot of open questions about the OpenStack. Does 1+1=2 when you merge the NASA Nova and Rackspace Ozone projects into a single code base? How will companies like Citix actually contribute to this project and will ever find a way to monetize XEN within public cloud providers? Will this effort actually take off?
I expect OpenStack to not only be successful, but have real impact on the way cloud computing evolves, if for no other reason than it allows Infrastructure-as-a-Service providers to actually focus on service. If you’re having doubts, consider this: even more significant than participation from infrastructure companies like Citrix and Intel is participation of a number of service providers – and Rackspace competitors – such as Peer1, SoftLayer, IOMart and others. This, more than any other fact gives the OpenStack legitimacy and suggests that OpenStack could be a major event in evolution of cloud computing and by extension, cloud security.