What is OpenStack?

Openstack Logo

Many organisations are moving to the cloud, but some do not want to support the hegemony that is AWS and Microsoft Azure (and to a lesser extent Google Cloud Platform). A good alternative is OpenStack, but what is it and what is the technology and components behind this cloud?

OpenStack is an open source cloud-based IaaS operating system that manages huge pools of compute, storage, and networking resources across a datacentre. These pools are controlled via a dashboard that gives administrators control while supporting users in the provision of resources via a web interface. It started as a joint project between RackSpace and NASA in 2010.

The cloud technology is supported by a number of software development companies and hosting providers and has a community of thousands of individuals contributing code. OpenStack is operated by the OpenStack Foundation, which looks after the development of the cloud software as well as overseeing the community that has developed around it.

Since its formation in 2010, the cloud technology has been revised roughly every six months. The latest release of OpenStack is known as Train. Ussuri is in the development stage and is set to follow in May this year.

What does it do?

OpenStack is much like AWS and Azure in that it enables users to use virtual machines and instances and create private and public clouds.

The platform contains individual projects and services dedicated to specific functions within the ecosystem.

There are nine core functions:


Understanding your open source risk

Open source libraries can introduce vulnerabilities to your code



This manages the computing resources of an OpenStack cloud. With this function, users can create instances, resize them, and manage where they are located within the cloud.


This function creates virtual networks in the cloud as well as routers, subnets, firewalls, load balancers, et cetera.


This maintains and manages server images for a cloud. OpenStack compatible images can also be uploaded using this function with images stored either locally or on object storage.


This is the authentication and authorisation component built into each OpenStack cloud. The function is usually the first component to be installed as it looks after project creation.


This function provides an OpenStack cloud with Block Storage as a Service. This is done by virtualising pools of block storage devices while providing users with a self-service API to request and consume those resources without them needing to know where storage is actually deployed.


While Cinder provides Block Storage as a Service, Swift offers Object Storage as a Service to an OpenStack cloud. This is provided as a highly available, distributed, eventually consistent object/blob store.


This is a function that provides a web-based graphical overview of what is happening in an OpenStack cloud as well as a means of managing the cloud via this dashboard.


This is the telemetry function which keeps track of what components a user uses in order to make billing easier.


This orchestration function records prerequisites of a cloud application in a file in order to define what resources are essential for that application.

Beyond these core functions are other components that may be of use to organisations wishing to deploy OpenStack, such as identity management and messaging as a service, to name a few.


Understanding your open source risk

Open source libraries can introduce vulnerabilities to your code


OpenStack pros and cons

There are no upfront costs with OpenStack as it’s available freely as open source software. Considering its key functions and components, as a platform it’s comprehensive and production-ready for enterprises wishing to build in either the public or private cloud.

OpenStack comes with a great deal of flexibility. However to fully capitalise on all of the moving parts, skilled engineers are required who understand its inner workings. Otherwise, the platform can be a dangerous foundation on which to build.

It’s also worth bearing in mind that knowledge is required not only for the initial build, but also for long-term maintenance. Organisations need to decide whether building their own applications is something that will provide a strong enough return on investment to justify using OpenStack in the first place. For many organisations, this level of specialisation and the additional cost is brings may be unnecessary.

The security of open source operating systems can also be called into question. Vulnerabilities in code continue to be uncovered by the OpenStack community, but patching projects are in place. The OpenStack Security Project allows the OpenStack community to share and report vulnerabilities, pushing them into the fix-queue. Quick-fixes are a rare occurrence, however.