The space program is not entirely about space, and never was. It’s about learning about how to solve problems. First, you change your perspective about what those problems are. From a new angle, the most insurmountable challenges can seem resolvable.
The next generation of cloud computing resources can be traced back to NASA, and not very long ago. Faced with the onus of either evolving for much greater cost efficiency or shutting down, NASA’s Ames Research Center came up with a way to fit a cloud computing nucleus full of fairly ordinary blade servers into a simple shipping container. From Project Nebula, created with considerable help from RackSpace, came the concept of a radically scalable cloud infrastructure, which we now know as OpenStack.
Free software, as anyone in open source project management will tell you, does not sell itself. Today, some of the key architects of Nebula, with the blessings of their former NASA colleagues, are launching the first commercial venture around a complete cloud-oriented operating system based on OpenStack. The new venture is called Piston Cloud, and as with Nebula, its architects intend to change people’s perspectives about what cloud infrastructure can be, in order to solve once unsolvable dilemmas from a new vantage point.
“When we launched OpenStack, it was really exciting to be pushing forward a technology that was built to address both public and private cloud environments,” Piston Cloud CEO Joshua McKenty tells RWW. “If you look at the parallel in networking with having both local area networks, private networks, and the broader Internet, all of which are connected on the same TCP/IP and Ethernet stack, that’s what we’re driving for with the cloud environment: to have sets of private clouds and sets of public clouds that can be interconnected and interoperate.”
Reducing setup to near-zero
McKenty was one of Nebula’s technical architects, working in concert with RackSpace. His experience with open source projects dates back to his time as a lead developer to Netscape version 8. He’s now a member of OpenStack’s governance body, where he found himself astounded by the unanticipated growth of the contributor community. “[It] ended up two orders of magnitude larger than any of us had expected,” he says.
But that interest was lopsided, he explains, biased somewhat toward the public side, where the prospects for concentrating on issues like scale and multi-tenancy seemed greater. Enterprise stuff – security, regulatory compliance, integration with existing infrastructure – aren’t the types of topics you throw parties around.
That led McKenty to think this way: The topics that generate contributor interest are the things that make a great open source community. But the topics that generate apathy the stuff folks would prefer to shift to other groups’ shoulders – might make a great commercial opportunity. You can make money from doing stuff on other folks’ behalf – stuff they don’t want to do.
From this inspiration came the underlying design philosophy for the Piston Cloud Enterprise OS (PentOS). Using lessons learned from NASA Nebula, including, “Folks don’t care about what they don’t care about,” McKenty’s team decided that instead of minimalistic setup, PentOS should aim for near-zero setup. And instead of a lightweight management interface, PentOS should try a radical new concept: no new interface whatsoever. Piston Cloud calls this null-tier architecture.
“Here’s the thesis: Let’s take the complexity away from the hardware and automate that complexity inside the software,” says McKenty. “We don’t even want administrators configuring that hardware at all. We don’t want them logging into it, we don’t want them installing operating systems, nothing.
Nothing new, literally
“What we did is package PentOS into something we call the CloudKey. It’s a USB stick,” he continues. “Take the USB stick, plug it into the laptop, edit a single configuration file (PENTOS.COM), and then unplug it, plug it into your top-of-rack switch, turn the switch on, and walk away. What happens is, the PentOS software in the switch detects all the hardware that’s plugged into it using IPMI interfaces. It provisions operating systems onto those servers, installs OpenStack, configures all of the required services, and then it performs master election to make sure that every required service is running somewhere, but that it can dynamically be moved to any other physical node.”
Enterprises already have centralized, LDAP-based authentication and role-based access control, usually by way of either Microsoft Active Directory or Sun Identity Management. So why, McKenty asks, should there be a new dashboard from yet another OS to handle these same tasks? With AD, it should simply be a matter of ensuring the organizational unit (OU) of the AD server is specified in that CloudKey config file. Logging, monitoring, intrusion detection – all of these tasks can and should also be handled, Piston Cloud believes, without the introduction of even more management tools.
“We don’t want to build new dashboards, because nobody in enterprise IT has time to learn how to use them,” says the CEO. “They have full-time jobs, and now you’re adding new capabilities, new software, new hardware to their data center. Don’t add new interfaces. People just don’t have time to be retrained. Life is too short.”
Scalability that’s scalable
Rather than having to scale clouds larger by the rack, PentOS accepts cloud deployments that scale up (or down) by the server. “Your capacity planning and management is now a much tighter curve to your actual usage, which saves you a ton of money,” says Piston Cloud’s Joshua McKenty.
Oftentimes scaling servers up requires scaling software up as well. The reason for this is usually less architectural than commercial: Software companies need to sell licenses. But in a cloud deployment, the conventional platform leverage, where you have to license one tool to enable another tool to manage an existing platform or enable a necessary service, quickly becomes unsustainable.
“You want to have as little as possible in your base operating system. Every time you add a new package, you’ve added a new potential security vulnerability,” he remarks. “You’ve got another port open somewhere in there, several hundred thousand lines of code that are vulnerable to shell exploits. So we strip that operating system down, and we built one from the bottom up containing only the pieces required to run OpenStack, and that’s it. That operating system is also as locked down and as patched as possible, because it doesn’t really need to support an administrator doing anything on that physical hardware. The administration is done elsewhere through integration with [existing] tools.”
One of the benefits of working with government projects for any period of time is that you learn how to cope with auditing, reporting, and compliance. McKenty realized that the same auditing and inventory processes being used by servers for compliance with federal standards like NIST 800-53, could be used in commercial scenarios for improving security.
Thus PentOS becomes the first commercial implementation of the Cloud Security Alliance’s CloudAudit specification. “It’s been complicated to perform such an audit on top of a cloud environment,” explains McKenty, “because, as soon as you virtualize your workloads and your resources, you have this extra level of abstraction. ‘Where is that server, anyway? Where is it right now, and where was it on Tuesday?’ CloudAudit addresses a lot of that.
“You shouldn’t ever have to understand what’s going on inside the architecture,” declares McKenty, encapsulating his new company’s basic philosophy. “You shouldn’t even have to know what host a virtual machine is running on top of in order to migrate it.”
If the space program gives us one great new universe to explore in 2012, it may ironically be the open cloud.