The OpenStack project went public with its “Diablo” release late last month, even as cloud-computing companies bring their own commercial distributions of the open-source cloud operating system to market.

Jonathan Bryce is chairman of the OpenStack project policy board and Devin Carlen is a project leader, and both are part of the companies now hoping to derive value from the project. Bryce works at Rackspace, which uses OpenStack components to host its public cloud. Carlen is a cofounder of Nebula, a company seeking to productize OpenStack.

They’re joining a group of startups and existing software companies that will be bringing their own distributions of this open-source cloud operating system to market later this year.

Commercializing OpenStack
At the core of this newfound rush to commercialize OpenStack are the complaints many companies have had about the platform since it was created. Josh McKenty, founder of Piston Cloud Computing and one of the original authors of OpenStack Compute at NASA, said that his company made inroads with the government by offering a security layer inside of OpenStack.

McKenty said that many government organizations and enterprises have been looking for a way to use OpenStack, but existing security and compliance requirements were making that proposition difficult. While he was at NASA, working on the Nebula project that became OpenStack Compute, he said that the security work done on the project could not be open-sourced.

“At NASA, it was the first cloud environment ever certified under FISMA [Federal Information Security Management Act] because of the work we put into making it secure. Unfortunately, we couldn’t open-source that. The government still believes in security by obscurity,” said McKenty.

Thus Piston Cloud Computing offers these security enhancements on a commercial basis. The primary source of these enhancements is the new Linux distribution used underneath. McKenty said that Piston Cloud Computing created its own Linux distribution for this product; its version is stripped of all non-essential elements for the running of OpenStack.

OpenStack isn’t just forming the basis for commercial distribution companies. It’s also gathering support from traditional enterprise software vendors who are looking at ways to support private clouds. ServiceMesh, a cloud unification and governance platform company, announced in late September that it had begun to support its platform on OpenStack.

Dave Roberts, vice president of strategy and marketing at ServiceMesh, said that his company’s existing enterprise customers were already using VMware, but recently they’ve begun to prepare for OpenStack.

“I would say VMware and OpenStack are receiving the most interest,” he said. “Everybody has VMware and has built virtualized environments based on VMware, and it’s fairly easy to make the transition from virtualized to cloud-based on VMware underpinnings. That said, VMware costs a reasonable amount of money, and we saw with the whole dustup over VMware’s pricing scheme, that is moving to the front of people’s minds.”

McKenty agreed. “We’re still in the early adopter phase for sure. The No. 1 request we got was, ‘Give us something secure and supported, so we can call you if we have problems.’ They see VMware as being the new Microsoft, and they don’t want to be stuck paying them every year for the next three decades,” he said.

Governing the cloud
McKenty said that, despite the newfound competition around OpenStack, there’s plenty of room for companies to collaborate and compete. Every two weeks, he said, Piston Cloud Computing holds an OpenStack meet-up in its San Francisco offices, and he said that many of his competitors show up for the event.

And while this may sound like an insular club to belong to, McKenty said that governance of the OpenStack project itself is not monopolized by any one company. One of the frequent concerns voiced over OpenStack is its lack of a non-profit governing body, but McKenty said that this is actually missing for a reason.

“I see this in the media a lot, but I haven’t heard it from the community,” he said. “We’re up to 13 or 14 people on the project policy board. There’s Piston Cloud, HP, Citrix, Cisco, and a few Rackspace people. It’s ending up in a quite nicely balanced discussion. We’ve made sure that in the discussions of the working group we have no more than one representative from any one commercial entity.”

Additionally, said McKenty, the reason there is no non-profit governance board is because NASA, as a government organization, can’t donate to a non-profit. That would have made the creation of OpenStack impossible. Still, McKenty said that NASA’s contributions to the project are waning, primarily due to budget cuts.

But Al Hilwa, program director for applications development software at IDC, said that governance is still a key issue for OpenStack. “They have certainly built out to a large consortium-like entity with many, many cooks,” he said. “They have size, but whether they have agility is another thing. I think that their biggest challenge at this point is managing the hugely divergent and competing interests of their members.”

Bryce said that OpenStack is nearing the point where a non-profit may be necessary, however. “We had a discussion around this at the OpenStack Design Summit in April, and had a lot of people involved in it,” he said.

“We said it’s most likely going to happen at some point, but when we’ve talked with a lot of the companies most involved in OpenStack up to this point, they’ve said it’s just too early. There has to be a level of commitment and involvement, financially and resource-wise, from companies to make something like the non-profit work. Otherwise, it’s just another layer of bureaucracy and expense. I think we’re heading towards the time when that step is going to be something that makes more sense.”

Holes to fill
While OpenStack has been advancing quickly, it is still rife with areas that could use improvement. To this end, numerous companies and groups are making efforts to build the missing pieces of the puzzle. Intel, for example, has designed an entire Web-based OpenStack administration GUI, which it hopes to make open source later this year.

McKenty’s Piston Cloud, on the other hand, has taken on the troublesome setup process for OpenStack. “The problem is that it’s self-provisioning for the end users, but it’s more complicated for the administrators,” he said. “Piston Enterprise Operating System is packaged in a USB stick. You plug it into your laptop and set up your whole cloud by editing a single config file. Then you plug it into your switch, and walk away.”

Other companies aren’t fixing OpenStack’s administration tools; they’re building a stack layer above. ServiceMesh, for example, offers a more holistic approach to managing workloads across public and private clouds through its platform. Instead of administrating OpenStack, policies are enacted in the ServiceMesh layer and spread across clouds, regardless of their underlying operating system.

“One of the challenges with any single cloud implementation technology is that they all try to provide a UI, but that UI is typically locked to that implementation technology,” said Roberts. “If you play with a VMware cloud, you’ll use vCloud Director. If you go with OpenStack, you use the OpenStack management tools. All the public providers have their own Web-based UIs.

“From an enterprise perspective, that’s not appealing. They’re all looking for a way to deal with that environment in a very consistent fashion, but also from a policy and governance perspective too, because their workloads are going to be moving in and out of the cloud at various times.”

McKenty said that OpenStack is being used and tested around the world, and that not all of those projects are making noise about their efforts. He lamented the fact that OpenStack is not “postcard-ware.”

“We hear about people doing things with OpenStack, but they didn’t show up on the mailing list,” he said. “It’s similar to the early adoption of Linux. I wish this were postcard-ware. The early Linux license required people to send Linux a postcard so he knew what people were doing with it.”