|Here's What's Inside Oracle's AWS-Killing Bare Metal Cloud |
September 23, 201610:57 am PT
The biggest of this week’s cloud announcements at Oracle OpenWorld was the second generation of the company’s infrastructure-as-a-service (IaaS), called the Oracle Bare Metal Cloud. It’s the foundation of Oracle’s claims to outdo Amazon Web Services (AWS) in IaaS.
Oracle already offers an IaaS and uses it as the foundation for its own clouds. The Bare Metal Cloud is the company’s next-generation offering, created by a Seattle-based, all-star team of developers from AWS, Microsoft Azure, and Google Cloud.
During a Tuesday keynote, CTO Larry Ellison offered some stats to “prove” Bare Metal Cloud mops up the floor with AWS:
But what’s inside Bare Metal Cloud? Oracle revealed the basics during OpenWorld sessions this week. The picture is incomplete but suggests a “minimum viable product” that looks like it could be competitive eventually, according to Gartner analyst Lydia Leung.
Oracle Bare Metal Cloud — a cloud where customers can run the software of their choice on the servers — was designed from scratch by a Seattle-based team of cloud experts. Oracle boasts of having scooped up talent from AWS, Microsoft Azure, and Google.
What Oracle mainly got out of this team is their experience. “The AWS folks were at AWS for a long time. They understand how customers really use these things and had time to look over the designs,” Leong said. “Any time you’re an engineer doing several iterations, you get better.”
The obvious disadvantage is that competitors have had time to mature. AWS “has added strata of cloud services and functions” over the years, Leong says. Oracle, just starting out, has to play some catch-up.
“It’s going to be difficult to start from scratch right now,” says Bill Karpovich, general manager of cloud for IBM — another competitor that’s been offering bare metal cloud services. “You can’t deny the benefit of having been in the market for five years.”
The Data Centers
Bare Metal Cloud’s physical data centers will eventually be global, but so far, only one region is live: Phoenix, which won’t be generally available until Oct. 13. A second region is due to come online in Ashburn, Virginia in a few months, says Don Johnson, Oracle’s vice president of IaaS product engineering.
Every region is split into three availability domains — three data centers that are physically separated, to back one another up in case one data center fails. The ADs are kept close enough to one another so that latency is kept to 1 millisecond or less — “so it’s not hundreds of kilometers; it’s less than that,” says Jag Brar, an Oracle software developer and architect.
That way, it doesn’t matter if one customer’s servers are split among multiple ADs. The ADs are connected by Oracle-owned dark fiber, so the inter-AD traffic doesn’t traverse the Internet.
Related: Oracle Goes All-In on Cloud and IaaS
Network virtualization, for connecting the various servers associated with an application, is common in hyperscale data centers. For Oracle, the twist is that it’s performed by a hardware element — a “bump in the wire,” says Oracle architect Pradeep Vincent — that’s sitting outside the host server.
That’s in contrast to approaches such as VMware NSX, where virtualization is run by the hypervisor.
Ellison described the off-box element as “software that runs on our special network interface adapter card,” but Oracle isn’t providing any other detail.
Oracle claims this method provides better isolation because even if a server or hypervisor is breached, the attacker will be stuck on one virtual network, developer Brar says. Any attempt to jump to another virtual network would be stopped by that network’s off-box elements because they wouldn’t consider the traffic source legitimate.
Jag Brar and Pradeep Vincent.
The resulting microsegmented network is what Oracle calls a virtual cloud network (VCN). This network gets its own IP address space and can operate by its own security rules. Those rules are applied via a distributed firewall that Oracle provides (although this being an IaaS platform, customers are presumably welcome to pick firewalls of their own).
Elements on the VCN “never go out to the internet when they talk to each other,” Vincent says. Likewise, the control plane overseeing the VCNs is not exposed to the internet, Oracle officials said.
Containers, of Course
When Leong calls this cloud a “minimum viable product,” she’s partly referring to the fact that Oracle will need to offer more than bare metal.
Other options are coming. Virtual machine support, based on Oracle’s own hypervisor, is due to arrive later this year, and container support is slated for early next year.
“It makes sense. It’s built in layers, and it is a logical order,” Leong says.
The upcoming Oracle Container Service, as it’s called, will include Oracle’s own networking and orchestration technologies for containers. That’s interesting, considering popular options exist for both. Orchestration, in particular, is usually covered by Kubernetes or Mesos.
A shim to let users run more common alternatives such as Kubernetes or Mesos will be available later, but Oracle wants to start by offering home-grown stuff.
“We want to make sure we’re deeply integrated in Oracle bare metal cloud,” says Mark Cavage, vice president of software development. “We think it’s really important — the networking is a classic example. We’re deeply integrating networking into the orchestration stack.”
Having said that, one early customer of Oracle Container Service happens to be using Kubernetes. It’s Falkonry, a big data analytics startup that’s been a beta user of the Bare Metal Cloud. Falkonry had been using Kubernetes since before it became an open standard.