IaaS and PaaS: From Software to Service and Back

We’ve come to think of Infrastructure-as-a-Service and Platform-as-a-Service as, well, services. Pay for IaaS, and a vendor makes servers available in the cloud. Think Amazon’s AWS. Pay for PaaS, and a vendor makes available a grid of application servers. Think Google’s GAE. Service implies the consumption of resources without concern for implementation. In service oriented architecture (SOA), for example, developers maximize decoupling by exposing functionality and exchanging messages through interoperable, industry-standard end points, which hide from clients the details of platform-specific implementations. In the cloud, the idea has been to request functionality and leave the rest to the cloud vendor. Other than the cloud vendor, who should care about the code that makes it all work?

As it turns out, quite a few people care. All the blogging and tweeting of late about OpenStack and Cloud Foundry suggest that the code does matter, that maybe we do not want a black-box cloud, that openness matters on many levels. These open-source projects around IaaS and PaaS respectively represent a shift in the direction of cloud computing, championing new forms of openness.

  • Open as in extensible. OpenStack makes the cloud safe for all hypervisors. Cloud Foundry makes it safe for all application platforms and programming languages. Each of these platforms includes an extensibility framework that creates a fair playing field for all.
  • Open as in multiple support options. If your cloud breaks, what went wrong? Who can diagnose? Who can fix it? Are you completely dependent on the vendor’s explanation of events or is there transparency? These projects both enable multiple support options by making the code available for anybody to run, to debug, and to replicate problems.
  • Open as in protection against vendor lock in.  If the same cloud software can run on-premise as well as in the data centers of multiple competing vendors, customers gain the ability to migrate from vendor to vendor or take applications in-house without costly modifications.
  • Open as in source code. By itself, open source may not mean much for many enterprise customers, but it does promote the other levels of openness, which together mean a great deal. And with contributions from a broad community including key industry players such as Rackspace and VMware, these projects may well attain the open source goal of better, more reliable code.

Through the examples of OpenStack and Cloud Foundry, we can see that IaaS and PaaS now form two layers in the software stack. Looking at the stack from the perspective of a single physical machine, the OpenStack IaaS layer (colored in green below) lies just above the host operating system. The Compute Worker, taking instructions from a Cloud Controller, manages guest virtual machines on the server through hypervisor drivers. The Cloud Controller also manages the network addresses of the virtual machines, directing traffic to the appropriate instance and organizing instances into virtual networks. Of course, the Cloud Controller can manage virtual machines on many servers to form an IaaS cloud. (In addition, OpenStack provides an Imaging Service for managing images of virtual machines and Object Storage for managing massively scalable storage capacity.)

The Cloud Foundry PaaS layer (colored in orange) operates within the virtual machines managed by the IaaS layer and communicates through the networking facilities configured at the IaaS layer. It also includes a Cloud Controller, which manages instances of application execution engines rather than virtual machines. These application execution engines include application server functionality and run the actual applications. Requests reach these application execution engines through a request router. Just as OpenStack adds services such as the Imaging Service and Object Storage, Cloud Foundry adds services such as databases and messaging.

(This high-level sketch represents just my understanding as gleaned from the documentation. For more details on OpenStack, see the Administrator’s Guide at http://docs.openstack.org/. For more details on Cloud Foundry, follow the team’s blog at http://blog.cloudfoundry.com/.)

Of course, none of this is to imply that IaaS and PaaS should no longer be viewed as services. In many ways, calling these systems services makes a lot of sense. It captures the notion that customers foremost desire the capabilities rather than the hardware and software that makes it all work. But given the importance of these clouds to the businesses that rely on them, it also makes sense to get away from the notion of a cloud as a black-box.

Let me know if you see other reasons to be enthusiastic about these projects or if you think I’m just contributing to overblown hype. And I’d welcome suggestions for additional links.

I'm the Director of Threat Solutions at Shape Security, a top 50 startup defending the world's leading websites and mobile apps against malicious automation. Request our 2017 Credential Spill Report at ShapeSecurity.com to get the big picture of the threats we all face. See my LinkedIn profile at http://www.linkedin.com/in/jamesdowney and follow me on Twitter at http://twitter.com/james_downey.

Posted in Cloud Computing

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: