A Third Way: Private Cloud, Outsourced Management

To some, there is a raging debate about whether companies will migrate their applications to vast public clouds or run them in hybrid mode, with some data and applications on premises in private clouds and some on the public cloud or clouds. There is a third option, of course, and that is to run a slice of the public cloud on premises.

Thus far, Amazon has been resistant to this idea, with the exception of its GovCloud region set up explicitly as a separate entity to run applications for agencies and departments of the United States government. GovCloud is in the northwestern United States, and has more stringent electronic and physical security measures than other regions. Oh, and of course, the US Central Intelligence Agency famously shelled out $600 million to have its own private version of Amazon Web Services set up for just its own use. If you have enough money, apparently you can buy anything – even a private public cloud Amazon does not feel meets its own definition of a shared information public utility.

It is not just AWS that talks public cloud but sometimes bends the rules. China has a special version of the Microsoft Azure cloud that has been run by 21vianet for the past two years, and it is most definitely not hooked into the rest of Azure. Soon Deutsche Telekom will be running an Azure region in Germany, and we think other governments will lean on all of the big cloud providers to provide indigenous clouds under local control.

These are rather large exceptions to the public cloud rule espoused by Amazon, but you cannot get a private AWS cloud for your datacenter. By the end of the year, however, it will be possible to get a scaled-down clone of Azure, running on different servers and networks than Microsoft itself uses, called Azure Stack, which will scale to tens of thousands of virtual machines. It will not be managed by Microsoft, although Mike Neil, corporate vice president in charge of Enterprise Cloud at the company, told The Next Platform last month ahead of the Azure Stack launch that Microsoft did expect for third parties to offer managed Azure Stack instances running in private datacenters.

Customers adopting the OpenStack cloud controller for their private clouds already have such an option. For more than four years, OpenStack co-founder Rackspace Hosting, which started up the OpenStack project with NASA in July 2010, has been peddling OpenStack managed private clouds for the past four years, taking its “fanatical support” and OpenStack expertise into the corporate datacenter for those customers who want to keep control of their own in their own shops, but who are perfectly fine paying an expert to run it.

We are not suggesting that this model of cloud computing will take off, but it is an option and it certainly does alleviate some of the cons of moving applications to the public cloud while at the same time providing some – but certainly not all – of the benefits. By moving to a slice of a public cloud that is hosted locally in the private datacenter, customers lose the ability to scale massively, and in most cases, there are differences in the underlying infrastructure. For instance, the actual RackSpace public cloud relies on XenServer from Citrix Systems to virtualize its instances, while the OpenStack managed private cloud service uses the KVM hypervisor. Rackspace is not interested in charging for support licenses for this offering, per se, but is obviously charging for its OpenStack operational expertise, given that it runs the largest OpenStack cluster in the world.


The private OpenStack cloud has redundant firewalls and load balancers and redundant 10 Gb/sec Ethernet networks. Four nodes with two “Haswell” Xeon E5 v3 processors each are required for the OpenStack control plane, and the same class of servers are used for compute nodes. The whole shebang is designed to scale to over 200 nodes with that four server control plane, and is currently based on the “Kilo” OpenStack release, which came out last October. Server nodes from Hewlett Packard Enterprise, Dell, Lenovo, and Cisco Systems as well as Open Compute iron that have been tested to run Ubuntu Server can be used to build the OpenStack cluster. Swift is used for object storage and Cinder for block storage on server nodes or for block drivers linking out to iSCSI disk arrays from EMC, NetApp, and others.

Build It And They Will Rent

As OpenStack has broadened and deepened as a software substrate and as Fortune 500-class customers have adopted the technology, the Rackspace private cloud business has grown, Bryan Thompson, senior director of products at company, tells The Next Platform.

“In the early part of our journey, we certainly built a large number of proof of concept clouds, often with ten nodes or fewer. Over the past couple of years, as OpenStack has matured and we have built on our expertise, we have been pulled into larger and larger enterprises and we are building larger clouds. So our average managed private cloud is now 25 to 30 nodes, and that has a long tail of smaller clouds, and we have customers running hundreds of nodes. In the aggregate, we are managing many thousands of nodes.”

That may not seem like a lot, but as we reported earlier this week, there are probably only a couple thousand of production OpenStack clouds in the world, and while Thomson cannot give out numbers, the private hosted OpenStack service run just by Rackspace could comprise a few points of share by OpenStack server count, which should be somewhere around a couple hundred thousand nodes worldwide.

It may be the nature of the OpenStack private cloud service that has limited its appeal thus far, but at its Rackspace::Solve event in New York this morning the company announced a partnership with Red Hat that will see a hosted private cloud based on its own implementation of OpenStack, known as Red Hat Enterprise Linux OpenStack Platform.

For the past four years, OpenStack has been peddling its private OpenStack cloud based on the pure and most current upstream OpenStack component code. This cloud was based on Ubuntu Server from Canonical and packaged up and deployed the code in LXC Linux containers. As for deployment, Rackspace has created its own Ansible scripts for deploying to the LXC containers, and Red Hat of course bought Ansible last October for $150 million.

Interestingly, the OpenStack code was updated every two weeks or so, and only the then-current and prior releases of OpenStack (which come out in April and October of every year) were supported. This is a pretty fast cadence for most enterprises, which do not want to muck around with working infrastructure code if there is no good reason to do so. It is intriguing that Rackspace is able to provide a 99.99 percent uptime service level agreement on the OpenStack control plane considering how frequently the code is being updated on its managed service.

With the Red Hat OpenStack variant of the Rackspace managed private cloud, Enterprise Linux and OpenStack Platform will have a longer term support cycle that spans at least two years (so-called N-3 support in the lingo), and patching for security vulnerabilities and other big bugs will be available for a year beyond that (known as N-5 support) for each OpenStack release. Moreover, the patching and provisioning of the systems software can be hooked into Satellite service created by Red Hat and maintained just like any other on-site Red Hat product.


With the Red Hat variant of the OpenStack stack, the software runs on bare metal servers, still on four server nodes and still with the 99.99 percent uptime guarantee on the control plane. Cinder block storage is swapped out for Ceph object and block storage and there are hooks for linking to Cinder as well as EMC, NetApp, and other arrays that support the Cinder protocol. You have to have five nodes for Ceph in a minimum configuration. Companies can buy licenses for the Red Hat code – Enterprise Linux, OpenStack, and Ceph – from Rackspace, which is reselling them, or bring their own licenses.

Rackspace can host the private OpenStack cloud in a corporate datacenter or in one of its own, the latter of which is arguably not private at all bust rather just hosting an OpenStack cloud, albeit a lot smaller than something the US government can command. Early on, says Thompson, about 70 percent of the companies that wanted the private cloud service chose to host it in a Rackspace datacenter, but over the past several releases, particularly since the “Icehouse” release came out in October 2014 with the reference architectures allowing for much larger OpenStack installations “out of the box,” the deployments have not only gotten larger, but shifted toward corporate datacenters. The mix today is around half and half, says Thompson.

Rackspace is not providing details on the pricing – which would be enlightening, of course – but does say that it is charging monthly fees that scale downward depending on the size of the cluster and the amount they spend on Rackspace services. The four control plane nodes cost more than the compute nodes.

Rackspace is not the only one offering managed services for OpenStack private clouds. Cisco Systems offers a service called Metapod, enabled through its acquisitions of OpenStack distributors Piston Cloud and Metacloud last year. This service also has a 99.99 percent uptime SLA, and drops either Cisco UCS iron and networking or gear from third parties into your datacenter with Cisco’s experts installing and managing the OpenStack cluster.

It is hard to say how fast managed private OpenStack clouds will take off, but we think there will probably be a much larger uptake for such things in the Windows Server base once Azure Stack comes out later this year. Linux shops tend to have a lot of expertise and Windows shops often do not – not to over generalize, of course. It is the skills in operating complex pieces of software like OpenStack and Azure Stack that companies lack, and this is one way to share them just like other capacities on the cloud.

Sign up to our Newsletter

Featuring highlights, analysis, and stories from the week directly from us to your inbox with nothing in between.
Subscribe now

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.