Updates in OpenStack's latest release are relatively minor in comparison to some previous releases, but they will be meaningful to cloud operators who have struggled to deploy the cloud operating system on existing infrastructures, experts say.
There are 350 new features in the release, but their common denominator is better usability for enterprises that look to integrate OpenStack with legacy environments, according to John Treadway, senior vice president at Cloud Technology Partners, a Boston, Mass.-based cloud consulting firm. His clients have struggled to set up OpenStack.
"You could get a proof of concept up in a few hours with some scripting," Treadway said. "But if I have a converged infrastructure block or other existing infrastructure to think about, it required way too much engineering out of the gate."
For example, the Keystone identity management application program interface (API) has been brushed up with this release with support for federated identity management. Pre-Icehouse, Keystone could take credentials, hand back and verify tokens, and list the services end users have permission to access, but all of that data had to reside behind one Keystone service. Keystone now has a middleware hook framework that allows it to reach out to separate systems to verify credentials using the Security Assertion Markup Language.
The upshot of all this is that OpenStack cloud users won't have to log in to multiple clouds independently for management or self-service, which had been a much-requested feature prior to Icehouse.
The ability to log in once and reach multiple clouds is "massive," according to Das Kamhout, IT principal engineer for Intel, who spoke on a webcast about the Icehouse release this week.
It will enable Intel to more efficiently set up hybrid clouds, he added.
Keystone updates also include support for finer-grained Access Control Lists than previous releases, which along with the new back-end abstraction will be important for Mountain View, Calif.-based video technology services provider Ooyala, Inc., which uses Metacloud's OpenStack version to run its private cloud.
"These are moves in the right direction to allow us the flexibility we need as we expand the types of users and services interacting with OpenStack's APIs," said Ilan Rabinovitch, tech lead for Ooyala.
Meanwhile, though OpenStack Havana contained the open source cloud computing platform's first support for rolling upgrades, Icehouse is the first release where rolling upgrades are non-disruptive, meaning production virtual machines (VMs) do not have to be shut down during the process, and can be automated. This process is also improved by giving Icehouse control plane the ability to manage Havana nodes, meaning end users don't have to notice a switchover between releases.
Live migration is supported in this edition of OpenStack, if VMs are using shared storage.
Finally, a new testing and verification process has been put in place for the Icehouse release to ensure higher quality of device drivers for equipment such as network switches and storage subsystems.
How far should OpenStack go up the stack?
While some industry watchers were underwhelmed by the incremental nature of updates to Icehouse, Treadway said he hopes it will be a sign of things to come for the platform.
For example, database as a service is now available through an API called Trove, which was in incubation with Havana. But to Treadway, that's putting the cart before the horse.
"They need to keep their eye on the ball, which is the enterprise," Treadway said. "That's where the opportunities are."
If this means spending a few releases refining basic utilities such as compute, networking and storage, so be it, he said.
"If the engine doesn't run, it doesn't matter of the car has a really nice radio," he said.
This has become a debate over the last six months or so within the OpenStack community as new APIs have been developed that go beyond infrastructure automation. Also at the center of this debate is a proposed API for platform as a service called Solum, which some OpenStack pros say will become a competitor to Cloud Foundry, and which others argue doesn't belong in OpenStack at all.