Nimbula is an Infrastructure as a Service (IaaS) software stack analogous in its target market and its business model to commercial software like vCloud. It sits alongside a number of open source software products like Eucalyptus, Cloud.com (Citrix) and OpenStac k(Rackspace et al.) as well as the Amazon Web Service, and other hosted services.
Nimbula is a relatively-late entrant to the market, and is in some sense a second-attempt at IaaS, since it was developed by a lot of the original team that built AWS. It is a venture-backed statrup with a significant funding base, and is quite early in its adoption curve. There is a free version (limited to 40 cores) but this is not an Open Source product.
The Nimbula team have taken the approach of NOT adopting the Amazon AWS APIs, because it would have restricted their ability to introduce an alternative (and in their view better) architecture, and would have reduced their product to a least common denominator. They point to a number of specific features resulting from this, the key one being an integrated approach to access control known as the Cloud Authorization System. The idea here is that a broad range of service entities within one or more clouds are controlled through a common permisioning model (the actual implementation can be distributed in a redundant fashion, thereby ensuring availability in federated clouds).
Within this structure there is no pre-defined hierarchy of objects which means that access control can be configured flexibly to allow controlled tenant-to-tenant access as well as isolating tenants from each other. It’s an interesting take on the problem of tenant isolation – turn it from a problem into an opportunity – if tenants happen to be located in the same cloud then there is a possibility that they might be related to each other in some way, so there is the opportunity to offer them controlled access to each others’ resources.
Nimbula are able to leverage the permisioning model to provide a distributed node-to-node and node-to-outside-world firewall/NAT facility in a way that doesn’t involve defining a multiplicity of point-to-point firewalls using IPTables etc. they can also run fine-grained metering on top of the entity model, to allow various forms of chargeback for service providers.
The infrastructure is hypervisor-agnostic, with current implementation on KVM. It offers an NFS-based storage option with the option to define tiered pricing structures based on the underlying storage implementation.
At this stage the product is being targeted at both Enterprise and Service Provider customers with the referenceability in the Service Provider space. It offers to Service Providers an all-in-one solution which works out of the box (whereas alternatives like OpenStack may require significant customization), at a price-point which is competitive (in comparison with the other commercial supported IaaS offerings).
In the presence of existing competition, it feels like the Cloud Authorization System is a good idea for defining a flexible meta-architecture, and once it is in place a lot of things become simpler for the IaaS vendor to implement. However the OpenStack software development model (Bazaar rather than Cathedal) does have significant momentum and vast amounts of individual resource applied to it, so it remains to be seen if the architectural elegance of Nimbula ultimately turns into customer entusiasm for the features it facilitates and then into customer adoption.