First thoughts about vCloud

With VMworld taking place this week, there’s been a lot of talk about VMware‘s success in getting various companies to announce VMware-based cloud offerings. So I thought it was time to take another look at the vCloud API, which VMware has submitted to DMTF for consideration as a standard. My assessment: nice clean use of REST, including the use of Tasks for asynchronous operations; some welcome extensions to the OVF spec; but a long way short of what’s needed for a real multi-tenant Infrastructure-as-a-Service solution. Among the obvious gaps:

  • There’s no way of describing instance isolation/affinity (as in EC2’s “availability zone” scheme). This is a show-stopper for me.
  • There are significant gaps and problems with the whole org/users/authentication/authorization scheme. “Roles” and “Rights” are mentioned, but are not elaborated in the Programming Guide or the XSD files. In a multi-tenant system, I certainly don’t want users to be able to enumerate all of the Organizations living in my cloud. (And what kind of authorization is needed for that operation, anyway?)
  • The language of the specification is regrettably VMware-centric. Various concepts are defined implicitly in terms of VMware mechanisms, which is unacceptable for an open standard.
  • At a first glance, I can’t see how to achieve the kind of resource abstraction that I find attractive in EC2. I’d like to be able to create and share a vApp (AMI) without the user knowing (or caring) whether it used an LsiLogic SCSI controller or was running Windows Server.
  • Speaking of which, sharing is good. There needs to be some way of coupling vAppTemplates to a sharing or pay-for-use scheme.

This is certainly a reasonable starting point for an eventual DMTF standard – it’s significantly cleaner and more regular than some of the other candidates – but there’s a lot of work needed. (Did VMware really expect it to be accepted as-is?) I’m rather surprised at how limited it is in many respects; I’d expect them to have learned more from the defects of the Amazon API system.

UPDATE: Of course there are plenty of alternatives out there. Eucalyptus has its Amazon clone, Rackspace just open-sourced their APIs, and then there’s GoGrid and others. There’s even a “meta-API” coming from Cloudkick.

1 Comment to "First thoughts about vCloud"

  1. September 8, 2009 - 3:49 AM | Permalink

    Very insightful comments indeed. A few clarifications on the vCloud API.

    Multi-tenancy in the API enables strict access control. So any user would not be able to list all organizations in the vCloud. Only a vCloud Administrator will be able to do so based on strict access control and privilges.

    The Specification has been submitted to DMTF. The intent is for the API to be completely platform independent, so it can become an open standard. The DMTF submission has been cleansed of VMware references.

    The programming guide that has been published is for illustrating the API better with examples and so has certain VMware references.

Comments are closed.