Open Source IaaS Explained

What IaaS Actually Provides

IaaS abstracts physical data center infrastructure into programmable, on-demand resources. Instead of a system administrator racking a server, cabling it to a switch, installing an operating system, and configuring storage volumes by hand, an IaaS platform lets any authorized user create these resources through a web dashboard, a command-line tool, or an API call. The physical hardware still exists, but the IaaS layer manages the allocation, scheduling, and lifecycle of virtualized resources on top of that hardware.

The four core resource types that every IaaS platform provides are compute, networking, storage, and identity. Compute means virtual machines or containers that run operating systems and applications, allocated specific amounts of CPU, RAM, and disk from the underlying hardware pool. Networking means virtual switches, routers, subnets, firewalls, and load balancers that connect compute instances to each other and to external networks, all defined in software without touching physical cabling. Storage means block volumes (virtual hard drives that attach to compute instances), object storage (for unstructured data like backups and media), and sometimes shared filesystems. Identity means user accounts, projects or tenants, role-based access control, and API authentication tokens that determine who can create and manage which resources.

What makes this "as a Service" rather than just "virtualization" is the self-service model. Users request resources through standardized interfaces, and the platform fulfills those requests automatically. There is no ticket system, no waiting for an administrator to manually provision a server, and no scheduling conflicts for shared hardware. The platform handles placement (deciding which physical host has enough free resources), scheduling (starting the VM or container on that host), and lifecycle management (monitoring health, migrating workloads during maintenance, and reclaiming resources when they are deleted).

IaaS vs PaaS vs SaaS

IaaS sits at the bottom of the cloud service model stack, providing the raw infrastructure that other service models build upon. Understanding where IaaS fits relative to PaaS and SaaS clarifies what it does and does not handle.

With IaaS, the cloud provider (or your own platform) manages the physical hardware, hypervisors, and the virtualization layer. You are responsible for everything above that: the operating system, middleware, runtime, application code, and data. When you create a VM on OpenStack or AWS EC2, you get a virtual machine with CPU, RAM, disk, and a network interface. You install the OS, patch it, configure firewalls, install your application, and manage the data. IaaS gives you flexibility but requires you to handle operational tasks that higher-level models abstract away.

With PaaS (Platform as a Service), the provider also manages the operating system, middleware, and runtime environment. You deploy your application code, and the platform handles building it into containers, deploying it across servers, scaling it based on load, and routing traffic to it. Cloud Foundry, Heroku, and Google App Engine are examples. PaaS is faster for developers because they skip infrastructure management, but it is less flexible because the platform constrains which languages, frameworks, and deployment patterns are supported.

With SaaS (Software as a Service), the provider manages everything including the application itself. You use the application through a web browser or API without managing any infrastructure, platforms, or code. Gmail, Salesforce, and Slack are SaaS products. You cannot customize the application's internals or deploy it on your own hardware; you consume it as a finished product.

Many organizations use all three models simultaneously. They might run custom applications on IaaS (OpenStack VMs), deploy web applications on a PaaS (Cloud Foundry running on top of their IaaS), and use SaaS products (Slack for communication, GitHub for code hosting) for functions that do not require internal hosting. The choice depends on the level of control needed, the team's operational capacity, and whether the workload fits within PaaS or SaaS constraints.

Components of an Open Source IaaS Platform

Every open source IaaS platform includes the same fundamental components, though they implement them differently and use different terminology.

Compute orchestration is the core of any IaaS platform. It manages the lifecycle of virtual machines: creating them from templates or images, placing them on physical hosts with available resources, starting and stopping them, migrating them between hosts for maintenance, and reclaiming resources when they are deleted. In OpenStack this is Nova, in CloudStack it is the compute engine within the management server, and in OpenNebula it is the VM management subsystem of the oned daemon.

Software-defined networking (SDN) creates virtual network topologies without physical cabling changes. This includes virtual switches that connect VMs on the same host, overlay networks (VXLAN or GRE tunnels) that extend virtual networks across hosts, virtual routers that connect private networks to external networks, DHCP servers that assign IP addresses to VMs, security groups (stateful firewalls) that filter traffic to and from VMs, and floating IPs (public addresses that can be moved between VMs). OpenStack's Neutron with OVN is the most sophisticated open source SDN implementation, while CloudStack and OpenNebula use simpler but effective networking models based on Linux bridge and Open vSwitch.

Block storage provides virtual hard drives that attach to VMs. Block volumes are persistent, meaning they survive VM reboots and can be detached from one VM and attached to another. This is how databases and other stateful applications store data in cloud environments. Ceph RBD is the most common storage backend for open source IaaS, providing replicated, distributed block storage that survives disk and node failures. LVM, NFS, and commercial SAN arrays are also widely used.

Object storage provides scalable, unstructured data storage accessed through HTTP APIs (typically S3-compatible). Object storage is used for backups, log archives, media files, machine learning datasets, and any data that does not need the random-access performance of block storage. OpenStack includes Swift as its native object storage, and MinIO provides a standalone S3-compatible alternative that works with any IaaS platform.

Image management stores and serves the VM templates (disk images) used to create new instances. Cloud images from Ubuntu, CentOS, Debian, and other distributions are pre-built disk images designed to boot in cloud environments, with cloud-init for automated initial configuration (setting hostnames, SSH keys, network configuration). OpenStack's Glance service manages these images, while CloudStack and OpenNebula include image management within their core platform.

Identity and access management authenticates users, assigns them to projects or tenants, enforces role-based access control, and issues API tokens. This is what makes IaaS multi-tenant, allowing multiple teams or customers to share the same physical infrastructure while being fully isolated from each other. OpenStack's Keystone supports local authentication, LDAP integration, and federated identity through SAML and OpenID Connect.

Why Open Source IaaS Matters

The commercial IaaS market is dominated by three hyperscalers: AWS, Microsoft Azure, and Google Cloud. Together they control roughly two-thirds of global cloud spending. Open source IaaS platforms exist because many organizations have compelling reasons not to place all their infrastructure with these providers.

Cost predictability is the most tangible benefit. Public cloud billing is complex, with separate charges for compute hours, storage capacity, storage I/O operations, network egress, load balancer hours, and dozens of other metered resources. Many organizations discover that their monthly cloud bills far exceed what they projected, especially as data transfer costs accumulate. Running open source IaaS on owned hardware converts variable costs into fixed costs: the servers, networking equipment, electricity, and a small operations team represent known monthly expenses regardless of workload volume.

Data control matters for regulated industries. Healthcare organizations subject to HIPAA, financial institutions governed by PCI DSS and SOX, government agencies with data residency requirements, and European companies under GDPR all face restrictions on where data can be stored and who can access it. Private IaaS on owned hardware provides physical certainty about data location and access controls that multi-tenant public cloud cannot guarantee to the same degree.

Avoiding architectural lock-in protects long-term flexibility. Applications built on proprietary cloud services (AWS Lambda, Azure Cosmos DB, Google BigQuery) become difficult to migrate because they depend on APIs that exist only in that provider's ecosystem. Applications built on open source IaaS use standard APIs (OpenStack APIs, S3-compatible storage, standard SQL databases running in VMs) that work across any IaaS platform, whether it is another open source platform or a commercial cloud that supports compatible APIs.

Customization at the infrastructure level enables capabilities that public clouds cannot offer. Telecommunications companies modify compute schedulers to pin network functions to specific CPU cores and NUMA nodes. Research institutions create custom quota systems that allocate resources by CPU-hour per department. Financial firms configure deterministic networking with guaranteed bandwidth allocations that multi-tenant clouds cannot provide. The open source code of these platforms makes this level of customization possible.

When Open Source IaaS Is Not the Right Choice

Open source IaaS is not universally better than public cloud. Organizations with small, variable workloads often spend more on hardware depreciation, electricity, and operations salaries than they would on public cloud services. Startups that are still discovering their infrastructure needs benefit from the public cloud's ability to scale from zero to large and back again without capital expenditure. Organizations without at least two or three experienced Linux and networking engineers should not attempt to run an IaaS platform, because the platform itself becomes a source of outages rather than a solution to them.

The hybrid approach, where predictable baseline workloads run on private IaaS and burst capacity uses public cloud, combines the cost benefits of owned infrastructure with the elasticity of public cloud. This is the model most large enterprises adopt, using their private cloud for 80 percent of capacity and bursting to public cloud for the remaining 20 percent during peak demand.