OpenStack: Scary Enterprise Support

At Red Hat, we’re seeing a surge of confidence from large organizations and more and more OpenStack adoption (with deployments in thousands and tens of thousands of sockets) in industries like financial services, insurance, healthcare, and retail.

This increased confidence can be tied to the increasing maturity of the OpenStack code (at least for the core services), and an emerging set of features that are critical for enterprises, like identity federation in Keystone, and Red Hat’s strong, enterprise-grade support. The latter is incredibly important and has made the difference in many deals.

Enterprise-grade support for any open source project, and especially for one as complex as OpenStack, can be articulated through many dimensions. However, they are almost never part of the conversation until too late. When you evaluate enterprise-grade support from any OpenStack provider, assess at least these six key dimensions:

Expertise In the underlying operating system

OpenStack depends on the underlying Linux operating system to function. As OpenStack needs a number of facilities and libraries (e.g., cryptographic modules) provided by the operating system (OS), there is no way to decouple the two.

To provide enterprise-grade support, any vendor offering a commercial edition of OpenStack must package it with an OS that is proven from a reliability and security standpoint, as well as deeply understood, to fix issues in case things go wrong (and things will go wrong at some point. Savvy CIOs know this to be a fundamental truth).

As I talk to customers around the globe, a common theme is emerging: when evaluating OpenStack, enterprises prefer to rely on tested, supported, and certified Linux distributions rather than unknown OSes.

When your OpenStack vendor:

  • is using a Linux distribution that has been in the market for a very short period (i.e., one year)
  • has no history of contribution to the Linux distribution of choice (check the stats provided by the awesome Bitergia research firm)
  • doesn’t even mention its Linux distribution of choice in its marketing materials

…that spells scary enterprise support.

Case in point: at the 2015 OpenStack Summit in Vancouver, sharing their experience in operating their OpenStack cloud, Time Warner Cable stated “Kernel panics happen, kernel panics happen, kernel panics happen”, and then asked “Do you have a kernel vendor on your vendor list?”

In more than one deal, Red Hat has been called to replace an existing OpenStack vendor due to our deep experience and expertise in both the underlying OS and OpenStack itself. In most cases, we have been asked to first support the existing implementation, and then help the client migrate to our own OpenStack distribution.

Security response

Like every other piece of software, OpenStack is prone to security vulnerabilities. The problem is that, like any other cloud engine, OpenStack is a mission critical piece of software, on which many lines of business depend when their apps run in the cloud.

To provide enterprise-grade support, any vendor offering a commercial edition of OpenStack must be capable of addressing security issues as they arise as fast as possible and in the most possible competent way.

When your OpenStack vendor:

  • doesn’t have a security response team
  • has a security response team that consists of a single person per continent
  • cannot back port and port a security fix to older and newer versions of OpenStack before it’s fixed in the trunk code

…that spells scary enterprise support.

More often than you could imagine, Red Hat has been selected in deals also because of the vast skills of our global Security Response Team and their track record of fixing 97% of security issues within 24 hours. We are incredibly proud of them.

Certification and compliance

To trust any solution on the market to run mission critical systems, enterprises need certification and compliance in a wide number of areas: software and hardware integration, security, government regulation. Without them, large organizations can’t have the peace of mind from calling a single, well-defined actor to help solve issues, should they arise. Who do you call if you experience storage corruption in your Windows virtual machine hosted by a KVM hypervisor running on an IBM blade system, connected to an EMC storage system through an Emulex HBA in a non-certified OpenStack cloud?

In specific environments, peace of mind is not even the biggest issue; organizations simply cannot operate without regulatory compliance.

When your OpenStack vendor:

  • only supports a handful of ISVs or IHVs
  • only supports its own hardware
  • has no security or government certifications

…that spells scary enterprise support.

Red Hat is often preferred over other OpenStack providers because we truly support a multi-vendor cloud stack, at the hardware and software level. With more than 270 certified OpenStack partners, Red Hat boasts the industry’s largest certified ecosystem in support of commercial OpenStack deployments. This helps provide customers with freedom of choice and peace of mind that is necessary to build and operate an actual hybrid cloud. Do you know, for example, that Red Hat has 25 Microsoft SVVP certifications to support various Windows operating systems?

Vertical consulting

Like any software solution, enterprises need to adapt OpenStack to their ever evolving business needs, and integrate it with the remarkably heterogeneous IT systems. While the incredible industry support for OpenStack enables support for a wide range of environments and use cases, OpenStack cannot satisfy every need for every company in every vertical out of the box.

To provide enterprise-grade support, any vendor offering a commercial edition of OpenStack must support its deployment, integration and customization with a global consulting arm that is vertically skilled on the product and its complexities.

When your OpenStack vendor:

  • has no consulting division
  • has a consulting division that consists of four engineers across five continents
  • has a generic consulting division with no vertical expertise and dedicated practice on OpenStack

…that spells scary enterprise support.

Red Hat realized enterprise customers want a business partner to support them well beyond the initial deployment of OpenStack. This awareness led to key strategic investments, like the acquisition of eNovance, bringing more 100 OpenStack engineers to the Red Hat Consulting organization; the establishment of a Cloud Innovation Practice, to help transfer the new skill sets required to govern a cloud environment without taking its ownership in a typical managed services fashion; and the creation of a comprehensive, hands-on OpenStack training.

Code Indemnification

Like any other open source project, OpenStack contributions come from a vibrant and highly skilled community of individuals and vendors. Despite the deep expertise, contributors are humans and can unintentionally violate intellectual property rights in their open source code.

To provide enterprise-grade support, any vendor offering a commercial edition of OpenStack must protect its customers from legal repercussion in case of intellectual property right infringements.

When your OpenStack vendor:

  • doesn’t mention or recognize code indemnification as an important legal protection
  • has no experience in the legal implications with open source licensing
  • is not formally committed to code indemnification

…that spells scary enterprise support.

Red Hat is proud to be one of the few open source vendors to offer code indemnification as an additional support mechanism for our enterprise customers. Our commitment doesn’t just imply taking care of the legal implications, but it extends to quickly providing a technical replacement for the disputed code.

Extended cloud management

OpenStack is a powerful and flexible Infrastructure-as-a-Service (IaaS) engine, but it’s not enough to build an enterprise-grade cloud. Large organizations need governance capabilities, such as policy enforcement, capacity management, and configuration management, that are not provided out of the box by OpenStack, and that are not limited to OpenStack management. Depending on cost, performance, reliability, security, compliance, and many other constraints, lines of business must be able to host their applications across a wide range of private and public cloud engines. Managing all of those clouds in a consistent fashion, orchestrating the lifecycle of the workloads as coherently as possible, is a massive challenge that requires a powerful single pane of management glass.

To provide enterprise-grade support, any vendor offering a commercial edition of OpenStack must be capable of offering a robust and powerful governance layer that integrates with, and augments OpenStack basic operational management capabilities. That way, when the enterprise is ready to grow, the vendor can fully support its evolution.

When your OpenStack vendor:

  • suggests that OpenStack is all you need to build a mature enterprise cloud
  • has no cloud management platform that tightly integrates with its OpenStack distribution
  • has a cloud management platform that cannot support side by side server virtualization, IaaS, and Platform-as-a-Service (PaaS) across both private and public environments

…that spells scary enterprise support.

We consistently hear the same question over and over from large enterprises we talk to that are interested in OpenStack: how can you help us build our enterprise cloud on top of OpenStack?

That is where managing OpenStack through our cloud management platform CloudForms makes a huge difference. Customers may not want to buy their full cloud stack from us, and we are committed to support multi-vendor approaches, but many also want to have the assurance that if they want to have a full Red Hat cloud, we have it. We do.

Any OpenStack provider claiming to offer enterprise-grade support, must excel in every of those aforementioned dimensions, not just one of them.


Alessandro Perilli
GM, Management Strategy