Where Standards and Open Source Intersect: The Cloud

Implementing a cloud requires complex software, and standards help simplify cloud software design with specifications for interoperability.

atmosphere-building_clouds_smallImplementing a cloud requires complex software, and standards help simplify cloud software design with specifications for interoperability. Open source cloud platforms take a different approach, offering coded components supported by a community of developers. Open source software (OSS) code is public, unlike typical proprietary software that keeps code private. Usually, OSS projects are public community efforts, although software vendors sometimes develop open source code. OSS licenses vary considerably, but they generally include free access to the software in some form, but they may limit the ways that the code can be used. OSS projects are often among the first adopters of standards.

I wrote a lot about standards in my book, but not so much about OSS. The two are similar in some ways, but distinct. Like standards, open source projects are usually non-profit and supported by groups of vendors and individuals. At one time, OSS was controversial, condemned by some, praised by others. Now, it is generally accepted as a contributor to computing progress.

The big difference between OSS and standards is that open source projects produce code rather than specifications. Both help increase software interoperability, and both avoid needless variation and reinvention in implementations. For vendors, well-managed open source projects can replace internal development of software with OSS that is the cooperative effort of many vendors and individuals. As a result, the vendor can invest in development that differentiates them in the marketplace, rather than duplicate development of building blocks nearly identical to those appearing in nearly every product requires. This significantly increases the efficiency of new product development.

CloudStack is an important and influential collection of code for implementing IaaS clouds. It is an incubator project of the Apache Software Foundation (ASF) that provides many building blocks for cloud development. The project began in April 2012 and is still in the incubator stage with ASF. During incubation, the development community learns to follow ASF practices and proves their ability to meet ASF quality standards. It is the first step toward full acceptance by the ASF. CloudStack began with a donation of code from Citrix to the ASF, which Citrix had obtained when it acquired Cloud.com in 2011.

As a side note, the ASF came together from the National Center for Supercomputing Applications (NCSA) HTTPd server project. When the NCSA stopped work on HTTPd, the project continued as open source supported by the original developers. After a few years, the original developers moved on to other work and the code became an orphan. Users of the NCSA server then banded together into an informal network, exchanging advice and code patches. Eventually, this cooperative effort turned into the ASF and produced the Apache HTTP server that powers much of the Web. The Apache model for open source development is widely accepted and the ASF now manages many open source projects in addition to the Apache server.

Back to the topic at hand, the CloudStack software platform is independent of cloud ownership so it can implement private, community, public, or hybrid clouds. IaaS providers offer virtual infrastructure in a cloud to their consumers, unlike PaaS (Platform as a Service) and SaaS(Software as a Service) providers who offer software platforms and run applications.  A CloudStack IaaS cloud could also serve as an infrastructure base for building a PaaS or SaaS offering.

The CloudStack platform includes a user interface and a management API for managing virtual computers, networks, storage, and accounting. The developer’s guide describes the API as “loosely based on the REST architecture.” For the more technically-oriented readers out there, commands and their parameters are appended to the URI of an HTTP GET or POST. The user API is similar to the Distributed Management Task Force (DMTF) Cloud Infrastructure Management Interface (CIMI) covering approximately the same areas. Developers will notice that CIMI takes a more resource-oriented approach by giving each CIMI object (such as a virtual machine or a volume) its own URI. Open Cloud Computing Interface (OCCI) from Open Grid Forum (OGF) takes a similar resource-oriented approach.

The CloudStack community has discussed adding a CIMI interface to CloudStack. If this happens, CIMI will be an alternative to the native CloudStack user API. CloudStack has already established a precedent by implementing Amazon Web Services APIs to supplement their native API. Alternatively, users could use DeltaCloud, which I blogged about here. DeltaCloud is an adapter that will give CloudStack a CIMI interface. The diagram below illustrates the difference in the native cloud stack approach and the DeltaCloud approach.

Marv post visio diagram

                Figure 1 CloudStack v. CloudStack with DeltaCloud


If the CloudStack community chooses to move ahead with adding the CIMI interface, it would be an important indicator of the acceptance of the CIMI specification.

Since CloudStack has not yet incorporated CIMI, the only way to combine CIMI with CloudStack now is to use DeltaCloud. The early adopters will no doubt develop opinions. If CloudStack does directly incorporate CIMI as an alternative API, eliminating DeltaCloud will be one less module to manage, and possibly a slight performance improvement. My guess is that any performance improvement would be slight indeed, but removing code always raises that possibility. Performance will also depend on the quality of the code adding CIMI to CloudStack. Finally, retaining DeltaCloud’s range of APIs will promote flexibility, which is never bad.

The Other Stack

I can’t end this discussion of CloudStack without mentioning OpenStack. These two projects share similar goals and compete to a certain extent. Both are OSS. OpenStack began as a collaboration between NASA and Rackspace in 2010. OpenStack is not an ASF project, although it follows Apache development protocols and uses an Apache license. For developers, an important distinction is that OpenStack is written in Python rather than Java. There are differing opinions over which stack has the most vigorous support. I intend to write about OpenStack in a future blog. The lively controversy is a sign of the wide and committed support for cloud computing in both vendor and developer communities.  


Written by

Marvin Waschke

Marv Waschke is a senior principal architect at CA Technologies. He has represented CA Technologies…

Published in

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!

  • http://www.sheistocktips.com/ SHRISTOCKTIPS

    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website. http://goo.gl/sMgZ7n



  • king lear

    testing comment functionality, please do not publish this

  • http://www.rachelmacik.com Rachel Macik

    Love the personal pic :)

    • CAHighlight

      Thank you!

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.

  • http://www.linkedin.com/in/michelehudnall Michele Hudnall

    While the analysts were hyping DevOps, I posted the oversight of not including security as part of that discussion as you are highlighting here. Instead of just talking DevOps, it should be DOS (what’s old is new again :-) – DevOpsSec. As a previous AppDev person, it’s the app, who’s using it, why and where rather than the device and having the service available.

    As you rightly point, out Security should be baked into the solution.

    Nice Post and Timely!


    • CAHighlight

      Thank you for your feedback Michele. Agreed – security cannot be overlooked. Appreciate your input!

  • Mitesh

    I would love a printed copy

  • Lars Johansson

    I love the idea of BYOID! This makes me choose if I am almost anonymous (with my Hotmail Nicname) or official with identity from an official organisation. My Identity Provider will attach identity with right level of LoA according to the need of the Service provider.

    • CAHighlight

      Thank you for your comment. BYOID has tangible benefits for end users and relying parties but it also has to be weighed in the balance with potential risks and liability concerns. It will be interesting to see how BYOID plays out in the enterprise.