What’s needed to get us from current reality to a truly federated cloud world?
Thu 14 Aug 2014
Cloud computing has always had a lot of terminology and buzzwords associated with it. The ‘cloud of clouds’, ‘cloudbursting’ and so on, the list is as open ended as the cloud itself.
All of these terms have helped fuel the vision of cloud over the past five years as virtualisation technologies have evolved from their infancy to their current capabilities.
What is clear today is that that the way in which we consume the cloud has changed. We now demand a more global footprint, across multiple providers, facilities and operators. Since these technologies are largely still fairly young, they have not necessarily been widely developed as part of the core capabilities of cloud platforms.
Many services have sprung up to fill this gap, ranging from those offered by a cloud broker that abstracts the differences between various APIs and vendor implementations, to extensions of existing technologies to bridge between environments.
One recent innovation in the world of OpenStack is moving us from the promise of the hybrid cloud one step closer to its reality. Until now, OpenStack has proven to be a great, if young and occasionally feisty, cloud platform, and has emerged as what is very arguably the industry open source standard for cloud. It contains many services, from compute, storage, networking, databases and more which can be combined to form complex and automated infrastructure to support modern applications.
But if you wanted to combine resources from another OpenStack cloud, you needed to use a 3rd party application to federate the 2 environments. As of the Icehouse release, the identity service of OpenStack, called Keystone, now supports identity federation between 2 OpenStack clouds. What this means is that Keystone now supports single sign on – you log into your private OpenStack cloud, for example, and the ID service will create a token that will log you into a public OpenStack cloud that is configured to accept your token, even if you don’t have an account on that public cloud.
There is much more work to do, including developing clients to consume this federation capability, and extending other services to consume this federated identity token. But the basic framework is now in place.
Once a remote OpenStack environment has your identity, other services can now be configured to use this identity token to provide additional services, like creating a virtual instance based on an image you created in your local cloud, or a service catalogue providing information about which services are available to you both locally and on the remote cloud. In short, the vision of a federated, or hybrid cloud, is one step closer to reality!
Toby Owen, Head of Product Strategy, Rackspace