This document compares the architectures, installation processes, administration tools, security features, and high availability capabilities of CloudStack, Eucalyptus, and OpenStack. CloudStack has a monolithic controller architecture and the easiest installation process. Eucalyptus closely mimics AWS but has a more difficult multi-component installation. OpenStack is the most fragmented with many interdependent pieces and a challenging installation. All three provide basic security through VLANs and firewalls, with Eucalyptus and OpenStack adding additional authentication. High availability varies by platform, with CloudStack using a load-balanced controller, Eucalyptus relying on component failover, and OpenStack's Swift storage using replication across its ring topology.
CloudStack vs OpenStack vs Eucalyptus IaaS Private Cloud Comparison
1. CloudStack vs OpenStack vs
Eucalyptus
IaaS Private Cloud Brief Comparison
Daniel Kranowski
Business Algorithms, LLC
http://www.bizalgo.com
October 1, 2012
11. CloudStack high availability
Hypervisor Hypervisor
CloudStack
#1 dom0 dom0
mysql VM VM
#1
VM VM
CloudStack VM VM
#2 VM VM
VM VM
mysql
VM VM
#2
CloudStack VM VM
#3 VM VM
Secondary Primary
storage storage
12. CloudStack high availability
CloudStack
#1 Load balanced
mysql
#1
multi-node
CloudStack
Management Server
#2
mysql
#2 Replicated database
CloudStack for disaster recovery
#3
13. CloudStack
Monolithic controller. Datacenter
Architecture
model, not object storage.
Installation Fewest parts to install. RPM needed.
Administration Good web UI; a belated script CLI
Security Baseline vlan/firewall vm protection
High Availability Load-balanced multi-node controller
14.
15. Cloud
Cloud Controller Walrus
(CLC)
Cluster Storage
Cluster Controller Controller
(Availability Zone)
(CC) (SC)
VM VM VM VM VM VM
Nodes
Node Node Node
Controller Controller Controller
22. Eucalyptus high availability
Failover, NOT load balancing
Eight controller machines at cloud/cluster level
Storage redundancy relies on SAN vendor
Arbitrators monitor connectivity
to CLC, Walrus, CC
23. Eucalyptus
Architecture Five main components. AWS clone
Installation Nice RPM/DEB, still medium effort
Administration Strong CLI compatible with EC2 API
Security Baseline + component registration
Primary/secondary component
High Availability
failover
24.
25. OpenStack services
horizon
hypervisor swift-account
nova-api
VM swift-container
rabbit-mq nova-compute
VM
swift-object
nova-volume VM
VM swift-proxy
nova-network
rdbms VM
nova-scheduler glance-control
VM
glance-registry
keystone: identity, token, catalog, policy
26. OpenStack installation
Build physical network, storage nodes, hypervisors SWIFT STORAGE setup
KEYSTONE setup Do the following for each storage node.
Install swift account, container, object
Install keystone, reconfigure from sqlite to mysql Make XFS filesystem on each disk partition
Manually create keystone database, init the service Configure rsync
Define tenants, users, roles; run keystone-init.py Configure swift account, container, object servers
Define swift filter in keystone.conf Start storage services
Populate keystone service catalog from database
Verify keystone with openssl SWIFT PROXY setup
GLANCE setup Install swift proxy
Create SSL certificate
Install glance, reconfigure from sqlite to mysql Configure memcached to listen on proxy local ip address
Manually create glance database Configure keystone admin token
Configure glance-api-paste.ini, glance-registry.conf Create proxy server conf
Populate glance database, restart services Run swift ring builder for account, container, object
Verify glance by uploading a test image rings
Enumerate storage devices on each ring
NOVA setup Verify and rebalance the rings
Start proxy services
Install nova and dependencies
Manually create nova database HORIZON setup
Configure hypervisor, database, keystone in nova.conf
Populate nova database, restart services Install apache and horizon dashboard
Create nova network bridge interface for guest vms Manually create horizon database
Configure openrc file with CLI credentials Populate horizon database
Download real vm image, upload to glance registry Restart services
Define security group, keypair, start an instance
27.
28. OpenStack administration
euca2ools work here!
euca-run-instances ami-123456 --instance-count 1
--instance-type m1.small --key mykey --group grp1
OpenStack CLI
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova secgroup-create grp1 "my security group"
nova secgroup-add-rule grp1 tcp 22 22 192.168.1.1/0
nova boot --flavor 2 --image f4addd24-4e8a-46bb-
b15d-fae2591f1a35 --key_name mykey
--security_group grp1 i-123456
29. Keystone security
(3) service request with token
client service
(6) authorized service response
(1) authenticate (2) token (4) check token (5) authorize
keystone
30. which services offer HA?
horizon
hypervisor swift-account
nova-api
VM swift-container
rabbit-mq nova-compute
VM
swift-object
nova-volume VM
VM swift-proxy
nova-network
rdbms VM
nova-scheduler glance-control
VM
glance-registry
keystone: identity, token, catalog, policy
31. which services offer HA?
swift-account
rabbit-mq swift-container
swift-object
nova-network
rdbms "The Ring": disk replication
(not redundant service pids)
Run one per hypervisor
(i.e. you manage HA yourself)
32. Swift: The Ring (HA)
disk disk
partition partition Z
partition partition O
partition partition N
partition partition E
object 12345 disk disk
partition partition Z
Three replicas of partition partition O
each object. partition partition N
partition partition E
33. OpenStack
Architecture Fragmented into lots of pieces
Installation Difficult: many choices, not enough
automation
Administration Web UI, euca2ools, native CLI.
Security Baseline + Keystone
High Availability Swift Ring, otherwise manual effort
35. CloudStack Eucalyptus OpenStack
Architecture Monolithic 5 part, AWS Fragments
Installation Medium Medium Difficult
Administration UI, EC2 CLI EC2 CLI Multi CLI
Security Baseline Registered Keystone
High Availability LB multi 2x failover Swift only
36. CloudStack vs OpenStack vs
Eucalyptus
IaaS Private Cloud Brief Comparison
Daniel Kranowski
Business Algorithms, LLC
http://www.bizalgo.com
October 1, 2012
37. This has been the brief version of a longer presentation on IaaS.
For extra analysis regarding IaaS infrastructure, security, code,
system compatibility and more, please contact Daniel Kranowski.