After posting about How Development works on Open PaaS and VMforce, I felt it was time to provide an equivalent view from an Administrator’s perspective. Before going deep, I thought I would provide a comparison of what things look like between the Developer’s view of things vs. the Administrator’s.

Comparison of Developer vs. Admin View

Please note that this is derived information and in some cases speculative (but I bet I’m close)
Starting at the top:

  • The URL and Mapping matches a DNS entry with an External IP (Host), a Path, and a Port to Access the Application
  • The Application contains an App Instance matching the Virtual Machine with a Workload (Potentially multiple Workloads)
  • The Internal IP operates off of the assumption that the VM is either multi-homed or has a NAT based interface with an Inside and Outside Address
  • The Service Instance matches a VM with a specific Running Service inside. This could be a shared Service instance or a Multi-User/Tenant Service Instance (There isn’t enough info. from what I have found to know which)
  • The Service Catalog is the equivalent of a Template/Gold Image based VM (in the describe model)
  • There are several different ways VMware could choose to implement isolation and multi-tenancy.

The diagram below gives an Administrator’s view of Open PaaS and its implementation inside of VMforce. The current implemented resource model shows a quota system as the chosen way of limiting/controlling consumption of resources in the Open PaaS Cloud.

Administrator's View of Open PaaS / VMforce

The Account is the line between where the Administrator turns over the resources to the Developer. This seems like it would create an environment like the wild west, but this is a deceptively simple view. The Architects and Administrators both have the ability to constrain the system before any code is pushed into it. This is achieved by decisions on what types of code can supported in the system, potentially constraining allowed frameworks, available services, the ability to create services, and allocated resources. Quota based allocated resources include number of CPU cores, Memory, and Disk space.

From what I have been able to find so far, there is a focus on isolation by Account using a quota system.
The strongest isolation model would be to assign each workload its own VM, this however would consume far more resources than isolation at a process level (a typical trade-off). Implementing isolation at a process level would work well but you wouldn’t want all Workloads (App Instances) for a single Application running in a single VM, because if the VM fails so does your Application. As more is revealed, I will provide more indepth information on how isolation and distribution is done.

There is also an unknown as to if and how a load-balancing mechanism is implemented. I haven’t come across how/if this is implemented, perhaps this is done in the Mapping (via. DNS/round robin?). This is purely speculative.


  1. You are very close to how things work based on the limited info you have. A few clarifications…

    We have the ability to run application instances in a process level multitenant isolation model or in a one app per vm model, depending on the sla level you choose. We put each app instance on a different vm and have a health manager that will respawn any app processes that have their vm’s fail.

    Load balancing is done via a custom load balancer we have written that is aware of the URL mappings and knows where to find all of your app instances, it makes intelihwnt decisions about which backend to send a request to.

    Hope that helps clarify a bit more 😉

  2. I find it very interesting that this is being marketed as an “Open” platform. While the API is open.. its useless in avoiding vendor lock-in unless a bunch of other cloud vendors adopt/support the Force API. Are you willing to bet months of developer resources on that? And if you do take that gamble, how long will you be locked in until some finally does adopt the Force API? And will they be who you want to work with? The proper solution here is to use a vendor which provides a complete ECA Stack (, is fully functional to the end user without knowing an API, supports Java, PHP, Ruby/Rails out of the box, is fully multi-tenant and can run on a EC2 and/or your own datacenter. Morph Labs’ ‘mCloud’ offerings are the only solution I have seen that does this ( Force has some great offerings.. but an open, non locked in stack?.. They just aren’t there yet.

  3. This vm centric approach might fly initially with newcomers but eventually when the enterprise customers come to the cloud they will want much more control with respect to QoS which in itself will be used to drive their own QoS initiatives up at the user level across multiple groups (free, paying, premium).

    I think we will also see applications fade into the background (after vm’s have long gone) with the focus on activity/task/job mobility and metered service interactions/exchanges (grid meets telecom). Cloud 2.0?

    Openness needs to be focused on creating a standard service commerce infrastructure for metered service interactions that will result in applications, runtimes and services becoming cost and quality aware. None of which is addressed by OpenPaaS which is looking like the Silverstream of the Cloud.

    1. I’m not following how QoS isn’t taken into account with a system such as Open PaaS? QoS boils down to ability to respond (Latency of the Response), why isn’t that captured?

      Applications are nothing more than Service/Data Composites with logic in them when you move to this model anyway. Most applications that a user consumes will be a thin UI connected to a backend as described in my previous sentence.

      I understand the idea behind what you are describing in the third paragraph, however with the costs of computing going down and densities going up I don’t see developers or enterprises going after this for a while.

      I’m going to write a follow-up piece to this reply as it is time to go a bit deeper into the economics, it would be great if you would read it over (once posted) and provide some feedback.

      1. QoS is not taken into account by OpenPaaS other than what it does internally to meet its own advertised SLA’s which are unlikely to be specified an individual entry/inter/exit point. The QoS I’m referring to is the service that the application is itself offering to its different user groups or activities. This is application specific and needs an runtime that understands much more the context of any service request than a PaaS offering could ever hope to imagine (never mind realizing).

        QoS built on QoS maybe but I have yet to see how Open allows such information to be exchanged up and down the stack and across services some of which will reside in other clouds.

      2. This seems to make a great deal of assumptions as to what is in place vs. what WILL be in place for Open PaaS. I don’t see why I couldn’t write code to expose contextual services in a solution on Open PaaS, could you walk through an example?

      3. “I understand the idea behind what you are describing in the third paragraph, however with the costs of computing going down and densities going up I don’t see developers or enterprises going after this for a while.”

        In the financial trading platforms we are seeing already adoption of our CARS initiative in very interesting ways with very promising results. But yes there is a much bigger incentive in such environments but that said I think we are going to see much more differentiation of service quality being offered and our approach solves this much better than anything I have seen to date. The quicker PaaS is adopted (and fails as did early non-standard app servers) the quicker this need is realized (I am referring to enterprise customers and not the typical rails web app).

        Cost awareness (metering) & chargeback are crucial for the cloud to maintain its illusion of infinite capacity – we need a disincentive for high consumption levels that result in insufficient capacity.

      4. I think that you are assuming that PaaS is an all or nothing option. I don’t see PaaS in this way, I see it as a complimentary solution to traditional Enterprise Architecture (classic 3-tier architecture). I do agree that you don’t want people to consume all the capacity as if it were free, but why can’t Quotas, Rules, or constraints take care of this programatically?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s