Cloud management tools are as varied as cloud uses. For this test, we chose five tools that each attack cloud management from a different perspective.
We looked at Symplifed for identity management exclusively targeted to SaaS-based apps, Puppet Labs for virtual machine deployment, HP for building and managing private clouds, Abiquo for IaaS platform management and TurnKey Linux for low-cost cloud backup.
Symplified Identity Management and SinglePoint
Symplified Identity Manager (SIM) provides administrators with a way to deal with Web-based application identity and passwords. This is done through an "identity router" called SinglePoint. The SIM product, in turn, manages identity for users with SaaS applications.
The SaaS applications covered include LinkedIn, Google Apps (the business version), Salesforce and many more. Almost any Web app that has a login screen can be included, using HTTP federation.
With SAML-based SIM and SinglePoint, all of the construction of authentication is "behind the scenes" to users. Administratively, we found SIM and SinglePoint to be a little tough, but very usable once constructed.
SIM develops an identity vault that stores passwords and identities for selected websites. These identities can be linked to local in-house user stores such as LDAP or Active Directory via the included SimpleLink connector.
The identities and passwords are stored in a centralized vault that is encrypted with AES128, using a rotating encryption key. The vault is stored on the Identity Router, which can be installed locally or hosted by Symplified (ours was hosted).
The identity router becomes a middleman to connect the user to the apps. Single sign-on (SSO), access control and centralized auditing are some of the benefits of SinglePoint. But it must be emphasized that Symplified is only for Web-based apps.
Setup and configuration
SIM needs a virtual machine (VM) to connect your credentials (like Active Directory or LDAP) to the Symplified cloud-hosted proxy authentication system. The VM instance uses CentOS 5+ or Red Hat Linux. We used CentOS and only installed an SSH server on it.
After that we installed SimpleLink RPM (Red Hat Package Manager) kit. Symplified usually helps customers with this portion of the install; we tried doing it ourselves. After we had a setup call, we got help linking our Active Directory to Symplified's cloud platform. There is a local Web interface for uploading the credentials. The SimpleLink server then connects our infrastructure with its Identity Router(s), and behind the scenes SimpleLink uses openVPN to secure the channels.
SinglePoint Portal is the cloud-based admin Web portal where everything is set up and configured. SinglePoint Portal is a Flash-based app and is responsive, although the fact that it uses Flash will give some organizations security concerns. The portal allowed us to add user stores or entries of logon IDs and passwords. We could create application groups and links to the applications themselves. HTTP Federation or SAML type apps can be discovered, but it's also possible to manually configure HTTP-based apps that log users on.
Within the portal's app groups selection, we could create policies to allow certain users/groups access to various apps based on attributes that are retrieved from the various user stores.
There's a "My Dashboard" section that displays an overview of Identity Router sessions, loads, file system, CPU usage, system memory and configuration info such as how many user stores, app groups, applications, policies and Web servers have been created.
Perhaps the only operational criticism that we have of the process is that there is no interstitial message to remind us to publish configurations when they're changed. If we were to forget, and exit without publishing, nothing would be saved.
Overall, SIM is a nice, lightweight but highly effective method of dealing with many internal users needing single sign-on with multiple popular cloud-based SAML/HTTP applications. It's flexible, and has the grace not to be annoying in an otherwise annoying process.
The Abiquo platform is a unifying management application that's compatible with VMware, Xen, HyperV, Red Hat and KVM-based products.
Abiquo is a multi-tenant application, and can remold resources in fascinating ways. We tested Abiquo using what it calls "proof of concept modeling." This method has its limitations for testing, but we were able to get a good feel of how Abiquo works.
An Abiquo engineer guided us through the installation, as the company does for all of its clients. Multiple services need to be installed, including Abiquo Server, Abiquo Remote Services, Abiquo V2V Conversion Services, DHCP and a NFS Server.
We could put all these services on a single ESXi host and install the services under different VMs. Abiquo is pretty easy to use once all the prerequisites are in place.
Our installation specifics used a CentOS installation. All we had to do was select the different options that we wanted to install and fill in some values. The server VMs were easy to set up and configure. The installation forms are understandable and useful.
We could also brand our portal. This allows customers to bundle services together for aggregation poised toward groups. All the branding that was required was replacing a few files and restarting the server.
Inside the GUI are infrastructure views for admins, which shows resources in terms of VMs, vCPUs, storage and other infrastructure characteristics. Admins can add "bare metal" physical hypervisors to a "rack" and configure each one. They can also view networks, storage tiers and allocation rules.
Abiquo's Virtual Datacenters are among the exciting elements of the components. We could see virtual data centers created with supplied or our own virtual appliances, along with network and volume information. We could add/delete/edit virtual appliances, which lends itself to "off the rack" data center provisioning. We could also set up resource limits for each virtual data center.
In turn, an Apps Library is built that lists all the virtual images that have been downloaded from remote repositories or uploaded from local files.
A tab in the GUI lists the users for each "enterprise," which can be used to separate users into different groups and roles. The events tab lists all the events that happen (similar to Unix logs, Info, Warning, Normal, Major, Critical) -- all color-coded for our viewing pleasure.
Interestingly, Abiquo divides VMs into managed or persistent vs. non-persistent, which, upon shutdown, evaporate and repopulate the resource pools available.
Abiquo's data center infrastructure is egalitarian, yet fairly easy to deploy and to manage, both for internal use and for customers or business units.
Next Page: 3 more tools...