Why OpenStack when we can have the services from Amazon at a very affordable price? That is a question on the mind of many businesses which plan to move to the cloud.

The first question should be “Public Cloud or Private Cloud”? There are many advantages of a private cloud which make OpenStack the platform of choice. The best reason I can come up with is no global outage can affect you. Also amazon has a global dashboard Amazon Dashboard

But to further the point, let us compare Amazon, the leading Public Cloud platform and OpenStack, the leading Private Cloud platform.

Category Description Openstack Amazon
Compute To run an application you need a server with CPU, memory and storage, with or without pre-installed operating systems and applications.




Compute is virtual machines/servers Instance Instance/VM
Sizes How much memory and CPU and temporary (ephemeral) storage is assigned to the instances/VM. Flavors: Variety of sizes: micro, small, medium, large etc. Variety of sizes: micro, small, medium, large etc.
Operating systems offered What operating systems does the cloud offer to end-users Whatever operating systems the cloud administrators host on the OpenStack cloud. (Red Hat certifies Microsoft Windows, RHEL and ubunty, SUSE) AMIs provided by the AWS marketplace.


Glance (AMI) Amazon Machine Image
A base configuration of a virtual machine, from which other virtual machines can be created. OpenStack administrators upload images and create catalogs for users. AWS provides an online marketplace of pre-defined images.
Catalogs of virtual machine images can be created from which users can select a virtual machine. Users can upload their own images. Users can upload their own images.
Networking To network virtual servers to each other. You also need to control who can access the server. You want to protect/firewall the server especially if it is exposed to the Internet.
Networking provides connectivity for users to virtual machines. Connects virtual machines to one another and to external networks (the Internet). Neutron Networking
A private IP address internal only and non-routable to the Internet Every virtual instance is automatically assigned a private IP address, typically using DHCP. AWS allocates a private IP address for the instance using DHCP.
Public IP address A floating IP is a public IP address, that you can dynamically add to a running virtual instance. AWS public IP address is mapped to the primary private IP address.
Networking service You can create networks and networking functions, eg. L3 forwarding, NAT, edge firewalls, and IPsec VPN. Virtual routers or switches can be added if you use AWS VPC, a virtual public cloud.
Load Balance VM traffic


OpenStack LBaaS (Load Balancing as a Service) balances traffic from one network to application services. ELB (Elastic Load Balancing) automatically distributes incoming application traffic across Amazon EC2 instances.
Manage the DNS entries for your virtual servers and web applications. The OpenStack DNS project (Designate) is in “incubation” and is not part of core OpenStack (as of the April 2015 Kilo release). Route 53 – AWS’s DNS service.
A method of device virtualization that provides higher I/O performance and lower CPU utilization compared to traditional implementations. Each SR-IOV port is associated with a virtual function (VF). SR-IOV ports may be provided by Hardware-based Virtual Ethernet Bridging or they may be extended to an upstream physical switch (IEEE 802.1br). AWS support enhanced networking capabilities using SR-IOV, provides higher packet per second (PPS) performance, lower inter-instance latencies, and very low network jitter.
Monitoring You get insight into usage patterns and utilization of the physical and virtual resources. You may want to account for individual usage and optionally bill users for their usage.  


Monitoring provides metering and usage of the cloud. Ceilometer Cloudwatch
System-wide metering and usage.


To collect measurements of the utilization of the physical and virtual resources comprising deployed clouds. Monitoring service for AWS cloud resources and the applications on AWS.
Option to bill users for their usage


Persist data for subsequent retrieval and analysis, and trigger actions when defined criteria are met. Collect and track metrics, collect and monitor log files, and set alarms.
Security You need the option of public key cryptography for SSH and password decryption. You want to firewall virtual machines to only allow certain traffic in (ingress) or out (egress).


Control access to your virtual machines.


Keypairs, security groups. Keypairs, security groups.


Key Pairs



To login to your VM or instance, you must create a key pair.

Linux: used to SSH.

Windows: used to decrypt the Administrator password.

When you launch a virtual machine, you can inject a key pair, which provides SSH access to your instance. To log in to your instance, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance.
Assign and control access to VM instances.

A security group is a named collection of network access rules that limit the traffic that access an instance.

When you launch an instance, you can assign one or more security groups to it.

Supported Supported
Identity You want to govern who can access your cloud. You can manage permissions to cloud resources. You may want to offer multi-factor authentication for stronger security.
Authentication and authorization methods for controlling access to virtual servers, storage and other resources in the cloud.

Integrates with an external provider, example LDAP or AD.

Keystone IAM Identity and Access Management
Storage Block storage
  • Assign virtual drives/volumes to virtual servers to grow their storage capacity, beyond the boot volume.
  • Snapshots and backups of virtual servers.
Swift S3 – Simple Storage Service
Object Storage
  • Store objects such as files, media, images
Cinder EBS – Elastic Block Storage
Database Your cloud users can use a database service without installing and configuring their own database.


Definition Trove RDS
Relational Database MySQL, PostgresSQL Users get an instance of MYSQL or Oracle 11g.
Non Relational Database Cassandra, Couchbase, MongoDB Amazon SimpleDB Users store data pairs into a simple database suitable for heavy read applications.
Orchestration This allows repeatable copies of an application to be made.
Allows developers to store the requirements of a cloud application in a file or template that defines resources (virtual machines, networks, storage, security, templates, images etc) necessary for the application to run. Heat Cloud Formation
Big data/Parallel Processing The cloud can provide the infrastructure for you to perform large scale data processing
Allows you to perform large scale parallel processing of data, example Hadoop Sahara EMR – (Elastic Map Reduce)
The cloud can buffer and move data between applications and VMs/instances on a hosted queue.  


(not released yet)


SQS – (Simple Queue Service)

GUI You can administer your cloud or users can self-serve their needs, from any compliant browser.
Browser to manage or self serve needs for compute, networking and storage. Horizon Console
CLI You can automate and script the administration and use/consumption of your cloud from the command line.
The command line interface provides administrators with commands to provision and de-provision cloud resources (virtual machines, storage, networking) Supported Supported
Business Level Compentents To segregate users by business unit, department or organization to meet legal requirements or to set quota on resources.


A tenant is a group of users who share common access to infrastructure (the cloud platform) with other users. Users are segregated. Project / tenant. Quota of compute resources can be defined for each project/tenant. Segregation is achieved using AWS VPC (Virtual Private Cloud)
SLA To run mission critical applications with minimal downtime you need an SLA from your cloud provider.
An SLA is a guarantee of availability of the cloud. An SLA is negotiated between the provider of the OpenStack private cloud (internal IT department / managed service provider) and the business units who consume the private cloud. See AWS SLA
High Availability If a cloud offers high availability, then applications hosted on the cloud can fail over and users will experience less interruption of service.
Regions and Availability Zones. Data and instances can be stored in different geographical regions for redundancy, latency or legal requirements. Amazon EC2 is hosted in multiple locations world-wide, composed of regions (a separate geographic area). Each region has multiple, isolated locations known as Availability Zones.
Cost The cost of running servers and applications in a cloud can be operational (OPEX) or capital (CAPEX).
The cost of using a cloud service. Use a managed service offering


Buy hardware to run an OpenStack cloud.


Freely download OpenStack software and employ engineers to install, maintain, enhance, upgrade etc. This cost model can be difficult to estimate because of the cost of employees required to run the cloud. How many engineers do you need? How do you know when to hire more? How do you reduce the size of your workforce if the demand for your cloud decreases?


License a distribution from a vendor. This involves an upfront license cost, annual support costs and a subsequent license renewal.


Purchase a predictable subscription from Red Hat and receive support, maintenance, consulting, upgrades….

Billing by the minute/hour – potentially unpredictable costs as usage is billed as used.

Pre-purchase blocks of usage at other rates:reserved instance or spot pricing.