WavebreakmediaMicro - Fotolia
Private clouds offer compelling cloud-like benefits to an enterprise, such as automation, self-service, flexibility and scalability, but run in the local data center, which allows the business to retain full control over the infrastructure and data there. Private cloud implementations can, however, be complex endeavors that demand careful attention to integration. Cloud software must interoperate with existing virtualization platforms by supporting numerous hypervisors. Given the growth in cloud software, IT and business leaders must carefully consider OpenStack hypervisor support when they make private cloud decisions.
Integration is critical
Cloud and virtualization technologies aren't the same thing. Virtualization is a foundation -- or gating -- technology, and cloud technologies build upon virtualization by adding the higher-level features of automation, orchestration, self-service, chargeback/showback and other capabilities needed to architect a full-featured cloud environment. No cloud, public or private, can exist without an underlying virtualization layer.
Consequently, an enterprise must ensure integration and interoperability between cloud software and underlying hypervisors. The importance of OpenStack hypervisor support is critical.
OpenStack supports numerous current hypervisors and OpenStack plug-ins, but it doesn't support all hypervisors. Private cloud adopters often need to reevaluate their choice of hypervisor from a security-focused perspective. Hypervisors provide the logical isolation needed to guard one VM instance from another, but it's important to examine that isolation in an environment that promises much higher scalability and reduced IT administrative control.
Consider maturity and security
A business will often choose to implement OpenStack atop a mature hypervisor with which the IT staff is most familiar. A mature hypervisor, such as VMware ESXi, typically provides better performance and refined management options, as well as poses fewer security vulnerabilities compared to relatively new virtualization platforms, such as containers. Mature hypervisors might also provide formalized independent certifications that reflect adequate performance. As an example, the Kernel-based Virtual Machine (KVM) hypervisor is Common Criteria-certified, which indicates a proven ability to provide adequate instance isolation. Still, an enterprise might choose to reevaluate with OpenStack hypervisor support in mind to ensure suitable delivery of other capabilities, such as auditing, access control methods, encryption and other security features.
Team expertise is also important for hypervisor deployment and security. The IT staff is well-positioned to configure, manage and update the hypervisor, so they are less likely to make configuration oversights or mistakes that could lead to security vulnerabilities.
Evaluate hypervisor features
Consider the hardware features and capabilities when you evaluate OpenStack hypervisor support; a hypervisor might need these to improve performance for virtualization and the greater private cloud environment. While many current servers provide a wealth of hardware-level features, IT staff might still need to leverage some features to optimize performance or support advanced functionality for the private cloud.
For example, Intel Virtualization Technology for Directed I/O or Advanced Micro Devices I/O Virtualization Technology extensions in modern processors allow features like peripheral component interconnect pass-through with support of I/O virtualization, while other technologies, such as Single Root I/O Virtualization, Multi-Root IOV and automatic transfer switches, allow PCI Special Interest Group I/O Virtualization to securely share PCI Express devices. Intel Virtualization Technology for Connectivity offers network virtualization that boosts the performance of network I/O through hypervisors. Additionally, you can bolster security with Intel Trusted Execution Technology for dynamic attestation services.
Finally, when examining OpenStack hypervisor support, don't overlook encryption in private cloud implementations. It's important to verify that the desired hypervisor and OpenStack cloud framework can work together to protect data in flight and at rest using major cryptography standards, including Advanced Encryption Standard, Rivest-Shamir-Adleman, Twofish, Federal Information Processing Standard 140-2 and others.
Dig Deeper on Open source virtualization
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading