Beyond easing cloud creation, most frameworks claim to make it easier to move cloud deployments among public and private clouds to get the lowest cost and best service. For example, Eucalyptus is meant to provide an Amazon EC2-compatible API that runs on top of Ubuntu Linux (the version of Linux underpinning the Ubuntu Cloud), "so apps authored for EC2 should be transplantable to one's own data center running Eucalyptus," says Conway. "Deltacloud was an initiative by Red Hat to create a 'cloud API' to abstract your application away from vendors like Amazon, and it would proxy your requests to the actual Amazon API."
For online storage vendor CX, OpenStack provides the flexibility to use other cloud vendors besides Amazon "if [Amazon's] services become too expensive or otherwise unsuitable," says CX CTO Jan Vandenbos.
Anthony Roby, a senior executive in Accenture's advanced systems and technology group, says the word "framework" is often misused, and offerings such as Eucalyptus or OpenStack are "not frameworks at all," but "products you can extend or use to build your own infrastructure cloud." However, most observers define frameworks as software building blocks used to create cloud-based services for users.
The role of open source
Open-source projects range from "pure" open-source development initiatives directed by nonprofit foundations that aren't associated with any commercial vendors, to those getting financial, marketing and development help from leading companies.
Canonical, which provides support for open-source efforts and plays a leading role in Ubuntu, has seen interest in open source "from the Fortune 50 to a ton of SMBs and startup companies," says Kyle McDonald, head of cloud at Canonical. Most of the company's OpenStack business has come from Fortune 1,000 companies seeking to reduce software costs, he says.
Over the past five years, "there's been a sea change towards open source being viewed as [a] safer bet" than proprietary software, says Chris Haddad, vice president of technology evangelism at PaaS framework provider WSO2. With the rising quality of open-source software, and the backing of major vendors, "large commercial organizations do not see it as a threat," he says. In fact, because of economic uncertainties, "to bet your farm on one company is not seen as a good decision these days," he adds.
Unlike developers working to meet the goals of a corporation subject to the ups and downs of the economy, open-source contributors "are writing software because that is what they love to do," says Conway.
While most early users of open-source products, such as Chef, were cloud providers that sold services to others customers, Robbins says he is "seeing a pretty quick shift to pretty rapid adoption in the enterprise" among banks, large media companies and other organizations that are building their own private clouds.
Most users, however, are not yet moving critical applications to the cloud, because they don't have the tools necessary to provide proper IT oversight and security, says Bryan Che, senior director of product management and marketing at Red Hat's cloud business unit. He says Red Hat's OpenShift will help meet these needs, in part by leveraging the security mechanisms already within Red Hat Enterprise Linux.
State Street overcomes security concerns by never acquiring open-source software directly from the Web, but only through trusted partners from which "we can get a support structure as well as the software," says chief architect Kevin Sullivan. Moreover, he says, the company also carefully checks contracts to ensure compliance with the terms of the license, and it scans all open-source software for malicious code.