Cloud

Side-by-side comparisons of IaaS service providers

Thoran Rodrigues compares the major players and some of the newcomers in the increasingly competitive IaaS space, examining both their service offerings and how well they meet user cloud concerns.

Earlier this year I wrote a comparison of several cloud infrastructure-as-a-service (IaaS) providers, to serve as a starting point for anyone looking to take the plunge into cloud computing. The Infrastructure as a Service (IaaS) market, however, has proven to be one of the most exciting ones in the cloud space, and there have been several important movements, such as changes in pricing strategies, the appearance of new smaller players, and the entrance of some technology heavyweights. All these changes led me to two conclusions: first, the original comparison needed an update, since the relative positions of the main players in the space may have changed; second, it would actually make more sense to split the different IaaS providers into two groups: the "top-of-mind", most well-known and larger companies in this space, and all the new contenders and upstarts.

Once again, my focus is going to be providers whose services can be bought straight from the web, with a simple credit card, without the need for any interaction with salespeople. The rationale behind this is that if someone is going to run experiments and get into the cloud for the first time, they want to do this without any kind of hassle or friction.

Once again, I tried to look at dimensions that translate the main promises of cloud computing, such as scalability, cost reductions, service levels, and others. But I also tried to focus on the main user concerns: security, ease of migration, true reliability levels, and so on. I have also tried to group the dimensions into related topics, so that comparisons would be easier. So here are the dimensions:

Cloud promises

  • Cost reductions / optimizations
    • Variety of Pricing Plans - The more variety offered (hourly, monthly, etc), the better a provider is considered.
    • Average Monthly Price - Estimated cost in US$ for a 1 CPU, 2GB RAM cloud server (or the nearest best option), averaged over datacenters for companies with location-based pricing, and averaged over Windows/Linux servers. When available, hourly pricing was used, based on 730-hour months. Otherwise, monthly pricing was used.
    • Cost of Outbound Data Transfer - The cost, in US$, for each GB of outbound data sent from the server. Companies that offer a per second (Mbps) connection for free have costs listed as zero.
    • Cost of Inbound Data Transfer - Same as above, but for inbound data.
    • Storage Costs - Average cost per GB of persistent storage. While most VMs will come with some storage included, if you want true persistent storage you have to do it externally.
  • Scalability and Automation
    • Scale Up - If it's possible to scale up your servers automatically, by adding more disk space, RAM or processing units.
    • Scale Out - If it's possible to quickly and easily deploy new images based on existing VMs.
    • APIs - If the company offers APIs to interact with the servers or not.
    • Monitoring - A 3-level subjective scale measuring the easy availability of monitoring tools:

  • Poor - Companies that have no monitoring/alert solutions integrated, requiring the deployment of third-party tools or that extra services be purchased
  • Average - Companies with very simple integrated monitoring tools (few indicators or no alerting)
  • Extensive - Companies with very complete integrated monitoring tools offered for no additional cost

  • Choice and Flexibility
    • Number of Datacenter Locations - The number of different datacenter locations where cloud servers can be hosted.
    • Number of Instance Types - The number of different available instance types, in terms of RAM, CPU, disks and so on.
    • Supported Operating Systems - The number of different supported operating systems (regardless of version) available as pre-configured images.

User concerns

  • Security Features
    • Certifications - If the vendor has compliance- and security-related certifications, such as PCI or SAS 70.
    • Protection - If the vendor offers the possibility of protecting servers with firewalls and other security functionality. A 3-level subjective scale:

  • Poor - Companies that only offer the most basic security features (such as a basic firewall), or no features at all
  • Average - Companies that offer a more advanced mix of security features.
  • Extensive - Companies that offer not only several security features, but also some security automation.

  • Ease of Migration
    • Open Standards - If the vendor employs or supports open standards in cloud infrastructure.
    • VM Upload - If the vendor supports uploading your own machine images (made locally) to the cloud
  • Reliability
    • Service Age - How long the service has been around.
    • Service Level Agreement (SLA) - The uptime SLA offered (regardless of past performance), in percentage points.
    • Support - A 3-level subjective scale:

  • Poor - Companies that only offer on-line forums for free; any other support must be paid
  • Average - Companies that offer a single type of 24x7 support for free (either phone-based or on-line chat), in addition to forums
  • Extensive - Companies with multiple support offerings included in the base price

So we have jumped from 14 dimensions to 19, but they can give us a much better picture of the different providers. I've also increased the number of companies in the comparison from 11 to 16. This is a result of adding seven new companies (Microsoft, IBM, AT&T, Google, HP, Lunacloud and Tier3) and removing two of the existing ones (GoDaddy, who isn't positioned as a IaaS provider, and Reliacloud, who removed the information I needed for the comparison from their website).

Here are the two comparison tables in thumbnails that you can click on for a larger view: (Cloud Promises and User Concerns):

Click to see comparison of Cloud Promises.

Click for how they rate on User Concerns.

You can also download the IaaS rating charts as an Excel spreadsheet.

Summary

Since the last time I made the comparison, the first thing that called my attention was that the information available on the websites of IaaS providers has increased greatly. It was much easier to find pricing data, SLAs, and so on than it was before. In fact, some of the providers that I left out of the first comparison, such as IBM, due to a lack of available information, have now been included. I believe this marks an evolution in the market, especially increased competition, which has led to better availability of information.

Once again, there is a wide variation in price ranges, from under US$ 50 to over US$ 200. There was, however, a widespread reduction in prices. This is evidence of two factors: the increased competition in this space, as well as economies of scale that large IaaS providers enjoy and that they can give back to their customers.

A couple more interesting trends are that most providers are now offering both "scale-up" and "scale-out" features, that is, the ability to dynamically increase storage, RAM and CPUs on a single server, as well as the ability to easily clone servers based on predetermined images. This is the natural evolution in this market, since this scalability is one of the greatest cloud promises. Following this trend is the way that many providers are now allowing customers to build entirely customizable cloud servers in terms of resources, opposed to the fixed instance types that Amazon and Rackspace adopt.

Finally, I'm also seeing many providers basing their solutions on VMware technology and allowing customers to upload their own images to the cloud, which can be a very interesting possibility, especially for enterprise customers.

Once again, this comparison is far from authoritative, but it's meant to serve as a good starting point for anyone trying to easily see the similarities and differences between cloud providers. This can help both the newcomers to the cloud as well as people looking to change their current provider. It was based on information publicly available on the web site of the providers, so there might be variations in contracts for specific customers. Finally, if there is additional information, dimensions or providers that I've forgotten along the way, please share in the comments.

Sources

About

After working for a database company for 8 years, Thoran Rodrigues took the opportunity to open a cloud services company. For two years his company has been providing services for several of the largest e-commerce companies in Brazil, and over this t...

11 comments
Techman48
Techman48

Why isn't Wipro Data Center Services cloud offering (iStructure) not on the list of cloud vendors?

maximator152
maximator152

It's great to have a list of IaaS providers to compare their services. Yet many people don't even know whether they need IaaS services or cloud benefit more of a private cloud. ** Link: http://www.cloudtec.ch/en/cloud-readiness If you need a [b]vendor independent readiness assessment[/b], specially tailored for SME companies. There is a free cloud readiness assessment that gives you an instant result. Each section will be given a score along with tips and recommendations that are based on your provided answers. In addition, an overall readiness score will be generated. It helps you to get started???

erik
erik

Thanks Thoran for a great comparison of cloud services. I signed up for both Amazon and OpSource, just to start somewhere. According to Your article Amazon should be way more costly then OpSource. But when I use OpSource's own cost estimator it gets more expensive than Amazon! What am I missing?

cyberthought
cyberthought

I noticed that the ordering of vendors changed. Is there a reason or is it random?

bjthompson
bjthompson

Thoran, this was a great article and I can really appreciate the approach you have taken to compare each provider across common dimensions. While i absolutely respect your view, I believe this may highlight an opportunity for Tier 3 to better clarify some of the security features of our platform which may not have been apparent in your research but are commonly brought out when we are working with enterprise customers. Tier 3 believes strong security is the cornerstone of our business relationship with our customers. As a result, we place the highest possible level of focus on security for the systems they entrust to us with the goal of meeting or exceeding our customers’ own security policies. Some highlights from our security capabilities include: · SSAE16 audited, support for HIPAA and PCI compliance · Full session state based Juniper firewalls o The perimeter is protected by a series of redundant Juniper SRX series firewalls which employ Unified Thread Management (UTM) technology. o We isolate the virtual machine with zone-based firewalls, where each customer service runs on its own private VLAN. o IDS and IDP on external data transmission. For complex environments customers also can enable IPSEC at the operating system level to encrypt all network traffic. o We provide Microsoft Forefront for all customers. · In addition to real-time monitoring and NOC support, we perform monthly Nessus vulnerability scans of all customer environments (may be performed more frequently upon request) and work with customers for remediation of any identified vulnerabilities. · Private VLAN and VPN connections for all environments. Customers can also use secure connections such as Persistent\User VPN, Direct Connection, or MPLS. · Access: Role-based approach to authentication and authorization with permissions set explicitly per resource type. Access to the Control System is only via username and password. All actions performed through the Control System are logged and auditable. Another area of the comparison which may not have fully captured the breadth of capabilities that Tier 3 makes available to its customers would be around Monitoring. We offer two levels of monitoring at no additional cost to our customers: Self service - Monitors exist for Bandwidth, CPU, Memory, Disk, Ping and can be set directly with our Control Portal or API. NOC configured - Our NOC leverages an industry leading, comprehensive monitoring solution which we leverage for clients that require more complex monitoring (e.g. Exchange, SQL Server, etc). A customer simply submits a ticket through the control portal requesting any of the following monitors .(http://help.tier3.com/entries/21080248-monitors-that-are-supported and our NOC will promptly configure the monitoring for a severs or groups of servers. This complex monitoring into the control portal in the coming months. System administrators can apply an overarching set of monitors that cascade down groups of servers. These settings can be easily overridden on a per-group or per-server basis to generate unique monitoring policies. In addition to the infrastructure monitoring, users of the Tier 3 Web Fabric (PaaS) environment instantly get access to the industry-leading application monitoring framework from New Relic (http://www.tier3.com/blog/web-fabric-app-monitoring). This service is provided at no charge and gives users sophisticated insight into how their web applications are performing. Custom alerts can be configured for either monitoring solution at no additional cost. Again, I really like the article and your approach, and appreciate this opportunity to provide additional clarity into the Tier 3 public offering. Regards and Thanks, Bryan Thompson VP of Product Management Tier 3

jscriba
jscriba

Zerigo offers public cloud services like the ones that you are reviewing. Zerigo also offers DNS and monitoring services as well. Aside from the public cloud offerings, 8x8 has a highly available enterprise cloud offering and a dedicated cloud offering as well.

dlovep
dlovep

Great article, but just when I thinking of IaaS and SaaS, actually are we IT professionals are digging our grave ? when services and infrastructures all move over, business actually can actually CUT OUT our existence in the company, and when users can easily config anything they want, which mean only 1 or 2 IT staffs would be more than enough... what about the rest of us ? go back to work as a clerk or work in other industries ?

mario.aguirre
mario.aguirre

Given that a bunch of certifications has been included, I would add CSA (Cloud Security Alliance) and it's CCM (Cloud Controls Matrix) to the certifications you should ask for.

thoran.rodrigues
thoran.rodrigues

Amazon's price on my comparison is based on an average across all of their "zones" and Linux / Windows OS. This means that, on average, the price is higher; however, if you look at an individual zone and compare it to another provider, you may get a different cost. Another thing to keep in mind is that Amazon has "Free Tiers" for most of its offerings, so you might be paying for the server, but not the storage space or data transfer. If you input on the cost estimator for OpSource a server with the same characteristics as the one I mentioned (1 CPU, 2GB of RAM, default 10GB disk space) it will come out at a $67.89 price; the storage cost, however, is much higher ($0.22 vs $0.19 for Amazon). The logic behind the comparison is that, at the limit, you'll basically be paying the per GB storage cost, and not relying on any "default" internal storage. The same goes for data transfer.

Editor's Picks