2015 - what it leadership needs to know about openstack · what it leadership needs to know about...
TRANSCRIPT
What IT Leadership Needs to Know About OpenStack © 2015 Zefflin Systems All Rights Reserved
White Paper
Zefflin Systems LLC
What IT Leadership Needs to Know About
OpenStack
© 2015 Zefflin Systems All Rights Reserved
What IT Leadership Needs to Know About OpenStack
Table of Contents 1. Introduction ............................................................................................................................. 1
2. Business Case ........................................................................................................................... 1
3. Governance, and Why This is Important ................................................................................. 3
4. OpenStack Distributions: What Are They and Why Does it Matter? ..................................... 4
5. Open Source Software Licensing Models & Agreements ........................................................ 4
6. Risks in Adopting OpenStack and How to Mitigate Them ...................................................... 6
3. About Zefflin ............................................................................................................................ 8
P a g e | 1 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
1. Introduction
As more and more companies decide to commit resources to
OpenStack, many are going into it with false assumptions or
without properly educating themselves. OpenStack shows
tremendous promise to streamline IT, reduce cost and improve
speed/quality of service. There are many aspects of planning,
purchasing, implementing and running OpenStack, however, that
differ significantly from enterprise software.
2. Business Case
When you've decided that OpenStack is worth a look from a technological, functional and organizational
perspective, there are a number of costs/benefits to consider. Some of these must be qualitatively
assessed. Others can be specifically quantified.
P a g e | 2 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
Research has been published regarding costs and benefits of adopting OpenStack, but each organization
is different. There are many variables involved and it is highly dependent upon several factors, including
workloads to be run, existing infrastructure, resource availability and many others. It is clear, however,
that increasing numbers of companies from small to larger enterprises are finding that the benefits out-
weigh the costs.
P a g e | 3 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
3. Governance, and Why This is Important
In the world of enterprise software, product
management and all the processes associated
with it are well understood. Enterprise
software companies constantly evaluate market
conditions and develop a product roadmap that
includes development of future functionality
and product direction.
With open source software, the rules are
different. For some open source software, the
product management function is still contained
inside a single software company. For
OpenStack (also in the case of Linux), the
product management function lies with the OpenStack Foundation, an independent non-profit
organization which has its own by-laws, procedures and governance. Its board members are also
elected by the community, which minimizes dominance by any single vendor. This changes the dynamic
completely because market requirements have a different path by which they become product
functionality. Any developer can submit a code change for consideration. Companies can employ (at
their own cost) any number of developers, thereby vying for influence by sheer number of heads.
Enterprise software companies like VMWare, HP, IBM and others are embracing OpenStack, but they
also have significant software license revenue that is complementary and/or competitive with
OpenStack. This is not a bad thing, but is an important nuance to understand for anyone considering a
long term commitment to OpenStack, because some product features may have genuine market pull,
while others may be influenced by enterprise software. There are advantages to this also. For example,
VMWare Integrated OpenStack (VIO) has strong integration to vSphere, vCloud Director and the entire
VCloud Automation suite (recently renamed to vRealize Suite). HP Helion OpenStack, has strong
integration to their cloud automation suite, including Cloud Service Automation (CSA) and Operations
Orchestration (OO) products.
The code development and management process is also a major consideration for any software user. In
the enterprise software world, the entire development process is owned by a single vendor from code,
build, test and QA to packaging and distribution. It is assumed that any enterprise software company
has safe-guards and processes that ensure code quality and security. With OpenStack, the development
community is very large. For the latest release (Kilo), some 1,500 developers put their weight behind
Kilo, merging over 19,500 patches and dispatching with nearly 14,000 tickets, all in a 6 month period.
The coding, QA and security processes have to be automated and very disciplined in order to enable this
volume and size of developer community. The OpenStack community has adopted modern DevOps and
automation practices. Code checks covering code quality and security are more stringent than most
P a g e | 4 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
software companies have internally. This is by necessity and is a very good thing for the user base,
because the structure applied represents a lower risk for users.
4. OpenStack Distributions: What Are They and Why Does it Matter?
OpenStack is following a similar path as Linux did in its path to mainstream adoption. Companies have
signed up to take the vanilla version ("Trunk"), integrate their own IP, then provide QA, packaging and
installation utilities, and offer support contracts. There are at least 15 companies that have entered the
market in this area, including HP, IBM, VMWare, Red Hat, Canonical, Mirantis, Piston and others. Each
company has a different approach to how they deliver OpenStack to market. Some have architected it
in a way that is easy to install and upgrade. Piston, for example, has developed a powerful IP layer that
enables OpenStack to run on commodity hardware, significantly reducing the cost of infrastructure
required to deploy. Each company incorporates their own IP, QA process and packaging, resulting in
different software from distributor to distributor. For these reasons, it is best to develop your
infrastructure roadmap and cloud strategy before picking a distributor.
5. Open Source Software Licensing Models & Agreements
Open source software has different models associated with it. It is important to understand the
different models and licensing agreements because it will give you insight into how many different
aspects of the the solution lifecycle, such as:
• Degree of vendor lock in
• Product management and how much input you will have
• Availability of skills in the market place for that software
P a g e | 5 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
Models
Open core - Base functionality is open source, but additional features are license based. Vendor will sell
support contracts for open source portion and license/support for additional functionality
Open source - All code is completely open and available. Vendor will sell support contracts only.
OpenStack follows this model, but there is a rich vendor ecosystem of technology companies that add
additional complimentary solutions, such as cloud management, software defined networking (SDN),
virtualization and much more. Some of those are open source, others are proprietary.
Agreements and Terms
All open source software is released to public domain under specific terms, in most cases referencing an
existing open source license model. There are specific differences and it is important to be aware of
which model is being used, in order to minimize IP infringement risks and avoid unjustified charges.
Read your open source license agreement carefully!
Here are some of the common licenses. Note that OpenStack is distributed under the Apache 2.0
license.
P a g e | 6 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
6. Risks in Adopting OpenStack and How to Mitigate Them
As with any new technology, there are risks associated with OpenStack adoption. These can be
significantly mitigated if they are known up front and thought through before beginning.
1. Security - this topic is top of mind for almost every IT leader. There are two main areas to consider
separately with respect to OpenStack: coding/development, and operational. Coding and development
addresses some of the code checks and QA processes that both the OpenStack community and the
distributors must adhere to in order to ensure that no malicious code is inserted into the core
P a g e | 7 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
OpenStack code set. With 1500 developers to keep track of, this is no small feat. Automation software
and tightened procedures have greatly reduced the risk associated with the code, but questions should
be asked of any distributor as to how they address this issue. On the operational side, a lot of work has
been put in by the OpenStack development community over the last year to ensure that the security is
ready for the enterprise. This includes incorporation of identity management functionality of the
Keystone project. There is a separate committee in the OpenStack Foundation dedicated to security for
applications and data.
2. IP Infringement - This issue is
often ignored or not given the
priority it deserves in the OpenStack
world. The risk is represented by
the exposure that would come from
a developer claiming that his/her
proprietary code somehow made it
into the OpenStack base code,
causing OpenStack to infringe on
their IP rights.
This is an actual real scenario, and
has happened. The Symantec case
demonstrates how real this scenario
is. If the claimant so chose, they could file suit against the entire OpenStack supply chain, starting with
the foundation, working through to the distributor, reseller and finally the end customer. If the claimant
wins in court, an injunction could be granted, forcing users to cease using the software. The latter
scenario is unlikely but should be factored into a risk analysis before adopting OpenStack. One key step
that all end customers can take to minimize the exposure, is ask your distributor for indemnification for
3rd party IP infringement. If a distributor provides indemnity, it shields the end user from liability and
cost of legal defense, which is definitely worth it! As of the writing of this newsletter, HP is the only
distributor that has publicly come forward and offered unlimited indemnity to customers for this. Other
distributors offer limited protection, some no protection. It is up to you as a customer and user to insist
on it.
3. Implementation - OpenStack is no different from an implementation perspective than any other
new technology. Implementation time, effort and cost is highly dependent upon how different business
requirements are from the out-of-box system, how many integration points there are, level of expertise,
and size/stability of scope. The best approach is to start small, implementing a limited scope, and
building from there. Internal training of personnel is highly recommended and you may look to outside
consulting companies for assistance in getting started. Outside help can not only help you set strategy
and direction, but accelerate learning of internal resources and cut implementation time and risk. Use a
P a g e | 8 © 2015 Zefflin Systems All Rights Reserved What IT Leadership Needs to Know About OpenStack
phased approach and build complexity with each subsequent phase. For example, you can start phase 1
with compute (Nova) and block/object storage (Cinder/Swift), which would provide you with
provisioning and virtualization of OS and storage for apps running in your existing environment. Phase 2
might add networking (Neutron) and expansion of image storage (Glance).
There are tremendous gains to be had from
adopting OpenStack as part of a full private
cloud strategy. Each IT organization is unique
and you should approach it with your business
requirements, constraints and current
architecture in mind. Understanding of
OpenStack, its ecosystem and open source
software is essential, however.
As big as the advantages can be, it is critical to
understand that OpenStack, as an open source
component of your operation, represents a
different way of doing things than other proprietary enterprise software you might be used to. Those
who grasp the differences and leverage them to their advantage will be successful with OpenStack.
3. About Zefflin
Zefflin is focused exclusively on Data Center Automation and Cloud
Management solutions implementation and integration. As a world-class,
agile, center of excellence, our aim is to work with best of breed software, combined with the industry's
best technical consulting and integration talent. We provide consulting services in data center strategy,
DevOps Transformation, DevOps automation, OpenStack consulting and software implementation. We
cut through the hype, identifying which tools can be implemented and integrated to effectively
automate application development and IT operations. We offer high quality, cost effective solutions
addressing the automation of the entire lifecycle of complex computing environments, from
request/catalog management, automated provisioning (OS, application, database, storage, network), to
policy governance and compliance. Our vision is to bring to market consulting/software solutions that
enable the lights-out data center. This will allow our customers to implement fully automated private,
public and hybrid cloud systems, delivering low cost, high quality services to their customers while
minimizing personnel cost. Our current software resale and implementation portfolio includes Scalr and
CloudForms for cloud management and Cloudify for cloud orchestration, as well as support for all major
OpenStack distributions. www.zefflin.com