Oracle Cloud’s Secret Sauce: The Virtual Cloud Network
Oracle may be late to the game of public enterprise cloud, but the Oracle Cloud claims to have at least one infrastructure technology that at least the major dominating cloud providers, such as Amazon Web Services and Microsoft Azure can’t offer yet: Hypervisor-free virtualization.
This virtualization of the company’s Oracle Bare Metal Cloud Services, which provides what the company calls the Virtual Cloud Network (VCN), which maximize network throughput by providing direct connectivity between compute and storage nodes.
“We took the I/O virtualization out of the hypervisor and put it into the network,” said Deepak Patil, Oracle vice president of development, during a press conference at the company’s Oracle Cloud Day event last month in New York City. “We’ve always looked at the network as the platform. The types of capabilities we would build in the network would define a lot of the flexibility of the platform.”
For its public cloud, Oracle offers a number of infrastructure services, namely compute, storage, networking, identity and security. From an API, users can construct virtual networks, attaching the needed services. Systems can be tied together through asynchronous messaging, made discoverable through DNS services, and scaled through load-balancing services.
Each network within an Oracle data center has a flat topology, thereby customers to easily scale-out compute and storage resources. “Any computer server can talk with any other computer server with no more than two hops on the network,” said Thomas Kurian, Oracle president of product development, speaking at the conference. This approach “guarantees predictable latency and performance,” he said.
Key to this approach was Oracle’s architectural decision to move virtualization “from a hypervisor into the core network,” Kurian told attendees. An Oracle raw physical host provides isolation, with a guarantee that nothing else is running on that host. “No one else in a public cloud offers that capability,” Kurian said.
“The general goal was to eliminate as many bottlenecks in the network as possible,” Patil later said. Hypervisors can have “a tax,” not only by slowing performance, given that they are another infrastructure layer, but also in that they limit extensibility of a platform, Patil argued. This hypervisor-free approach allows users to easily use their own middleware, firewalls, operating systems and other software. Another issue was that hypervisors bring with them another layer of potential security issues.
Instead of hypervisors, Oracle invested in network-based I/O virtualization, creating what Patil called “the bump in the wire.” The company did not use the I/O Visor open source project for the task, Patil noted, adding only that the company used internally-developed software for the task.
Users can access compute resources in one of three ways: One is is this “raw physical host” where the user can spin up a Linux or Windows OS. One can also spin up a hypervisor, or one can spin up a container on a raw physical host.
“There’s a fairly common debate in the cloud community about where to put storage and I/O virtualization,” Patil said. Azure and AWS, for instance, place the virtualization within the hypervisor. By offering bare metal servers, Oracle gives the customer the choice to run containers directly on the servers, or, if security policies dictate otherwise, run them within hypervisors, Patil said.
With the VCN, the client gets a private IP space, in which they can create subnets, routing tables and set up firewalls. For isolation of related resources, they can set up multiple VCNs. Using an IPSec VPN connection, the user can also link back to to the in-house data center, where Oracle will provide the equipment and support to connect their Oracle Cloud network to the in-house network.
Cloud Service or Managed Hosting?
“Moving the hypervisor into the network layer allows you to get much better robustness, performance, scalability and control,” said Amit Zavery, senior vice president of Oracle cloud platform, in a follow-up interview. “You can bring any application into the network and scale that out and give you a lot more predictable performance and failover.”
Not everyone is convinced that this approach is best, however. Oracle competitor Joyent also offers similar bare-metal isolation services through its own Triton cloud compute offering. But the two services are entirely different, according to Bryan Cantrill, Joyent chief technology officer, in an interview.
Oracle’s bare-metal instances, however, require users to purchase use of the entire server, thus restricting each server to one and only one tenant, Cantrill noted. “There is no hypervisor because there it is not a cloud,” he said. “It’s managed hosting as far as I’m concerned.”
— The New Stack (@thenewstack) January 17, 2017
The minimum amount of compute resources required to leverage the VCN is a single-CPU virtual machine instance, which costs $0.075 per OCPU per hour. Bare metal instances are single tenant, according to a Oracle spokesperson.
There are two forms of compute instances that are single tenant: Bare metal compute and dedicated compute. Bare metal compute instances are currently 36-OCPUs (Oracle CPUs) per instance, with optional internal non-volatile memory (NVMe) storage. These range from $0.075 to $0.15 per OCPU per hour. Internal NVMe storage is included in that price and outbound bandwidth is free up to 10 TB per month.
Oracle’s Dedicated Compute Cloud Services starts at $50,000 per month for the equivalent of 500 CPUs. Block storage is available at $50 per TB per month. There are additional fees for outbound network traffic over 10TB per month or across regions.
Oracle Cloud today manages more than 55 billion transactions each day, according to the company. Oracle plans to bring three new regions to its cloud network by mid-2017: Reston, Virginia; London, U.K.; and Turkey. This will bring the total number of regions that Oracle covers to 29, with plans for further expansions in Asia Pacific, North America, and the Middle East through mid-2018.
The company has been ramping up its infrastructure team. Patil himself was one of the founding engineers for Microsoft Azure, before moving over to Oracle. The company now has nearly 1,000 engineers working on its infrastructure cloud, including those who have previously worked with Azure, Amazon Web Services, Google, Joyent and other native cloud providers, Patil noted.
“We’ve doubled the engineering team a couple of times in the last year, and I expect to double the engineering team a couple more times in the next year,” Patil said.
Oracle is seeing increased container usage on its cloud, Patil said. He categorizes the deployments into two types. One wants to use proven container technologies, such as Docker and Kubernetes while another group of enterprise customers prefers to deploy their own in-house container tools.