Table of Contents Développement logiciel pour le Cloud (TLC) 6. Infrastructure-as-a-Service Guillaume Pierre 1 Introduction 2 OpenStack Université de Rennes 1 Fall 2012 http://www.globule.org/~gpierre/ 3 OpenStack services 4 Conclusion Développement logiciel pour le Cloud (TLC) 1 / 30 Développement logiciel pour le Cloud (TLC) 2 / 30 Table of Contents The landscape of IaaS solutions 1 Introduction 2 OpenStack Cloud system License API Amazon Web services Proprietary Proprietary (Windows Azure) Proprietary Proprietary OpenNebula Open-source Proprietary + OCCI OpenStack Open-source AWS + OCCI 3 OpenStack services 4 Conclusion OpenStack was created by Rackspace and NASA Many others joined: AMD, Intel, Canonical, SUSE Linux, Red Hat, Cisco, Dell, HP, IBM, Yahoo etc. Développement logiciel pour le Cloud (TLC) Introduction 3 / 30 Développement logiciel pour le Cloud (TLC) Introduction 4 / 30
Table of Contents OpenStack 1 Introduction 2 OpenStack OpenStack is a community of open source developers, participating organizations and users building and running the open source cloud operating system. OpenStack is a Cloud Operating System OpenStack is a Cloud Orchestration layer 3 OpenStack services 4 Conclusion Développement logiciel pour le Cloud (TLC) OpenStack 5 / 30 Développement logiciel pour le Cloud (TLC) OpenStack 6 / 30 Traditional operating system Provides APIs Abstracts access to hardware resources Controls access to these resources Cloud operating system Provides APIs Abstracts access to hardware virtualized resources Controls access to these resources Développement logiciel pour le Cloud (TLC) OpenStack 7 / 30 Développement logiciel pour le Cloud (TLC) OpenStack 8 / 30
What's the dierence? Interacting with OpenStack The type of resource controlled Hardware components vs. whole systems The scale of resources controlled One machine vs. a data center The location of the resources Local vs. remote Développement logiciel pour le Cloud (TLC) OpenStack 9 / 30 Développement logiciel pour le Cloud (TLC) OpenStack 10 / 30 Main services Mapping services onto the underlying system architecture Développement logiciel pour le Cloud (TLC) OpenStack 11 / 30 Développement logiciel pour le Cloud (TLC) OpenStack 12 / 30
OpenStack Nova == the computation service Nova is the heart of OpenStack It manages all resources, networking, authorization, and scalability needs for the cloud Challenge: exibility Dierent customers want to deploy OpenStack over dierent types of systems Développement logiciel pour le Cloud (TLC) OpenStack 13 / 30 Développement logiciel pour le Cloud (TLC) OpenStack 14 / 30 Advanced features Table of Contents Cloud federation Merge multiple clusters into a single cloud Possibly across multiple admkinistration domains Cloud bursting When one cloud approaches full capacity it starts buying resources from another cloud And extends seamlessly to these new resources Keep things transparent to the clients 1 Introduction 2 OpenStack 3 OpenStack services 4 Conclusion Développement logiciel pour le Cloud (TLC) OpenStack 15 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 16 / 30
Network virtualization Network virtualization Goal: hide the complexity of the real networks behind simple and secure abstractions In the physical world: Many applications belonging to many customers Machines are located in dierent clusters or data centers Each data center has its own rewall/nat/address space/policies In the virtualized world: Many virtual networks (e.g., one per user or project) Each isolated and independently congured (address allocation, protocols used etc.) Multiplexing physical network resources Développement logiciel pour le Cloud (TLC) OpenStack services 17 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 18 / 30 Network abstractions Virtualizing network primitives Développement logiciel pour le Cloud (TLC) OpenStack services 19 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 20 / 30
Example: rewall traversal Example: rewall traversal Développement logiciel pour le Cloud (TLC) OpenStack services 21 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 21 / 30 Example: rewall traversal Example: rewall traversal Développement logiciel pour le Cloud (TLC) OpenStack services 21 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 21 / 30
Example: rewall traversal OpenStack Quantum Multiple, virtual, isolated networks per tenant Create ports on networks and attach VMs Control your own private IP address space Access via CLI or GUI (horizon) Support dierent underlying technologies (VLANs, L2/L3 tunnels etc) Extend through plugins Développement logiciel pour le Cloud (TLC) OpenStack services 21 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 22 / 30 Example: OpenStack Nova + Quantum Example: OpenStack Nova + Quantum Développement logiciel pour le Cloud (TLC) OpenStack services 23 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 23 / 30
Example: OpenStack Nova + Quantum Example: OpenStack Nova + Quantum Développement logiciel pour le Cloud (TLC) OpenStack services 23 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 23 / 30 Example: OpenStack Nova + Quantum OpenStack Swift == data storage service Goal: redundant, scalable object storage using clusters of commodity servers Scale: terabytes to petabytes of accessible data Data storage services are not a lesystem Rather: long term storage for permanent, static data Data can be updated if necessary but clouds assume this is infrequent Usually: a RESTful API GET /api-version/username/container/object PUT /api-version/username/container/object Développement logiciel pour le Cloud (TLC) OpenStack services 23 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 24 / 30
OpenStack Swift Architecture OpenStack Swift Architecture Développement logiciel pour le Cloud (TLC) OpenStack services 25 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 26 / 30 OpenStack Glance == image management service OpenStack Keystone == authentication service Goal: discovering, registering, and retrieving virtual machine images Glance is implemented as a layer on top of Swift Goal: single source of authentication and authorization Same account and credentials for starting a vm and accessing a container in object storage Means of expressing API endpoints Authorization is usually handled using capabilities Authenticate with the Keystone service Receive a token back The token encapsulates an identity and a scope Signed by the keystone service Show the token for all requests to other services curl -H "X-Auth-Token:999888777666" http://my.keystone.server:35357 Développement logiciel pour le Cloud (TLC) OpenStack services 27 / 30 Développement logiciel pour le Cloud (TLC) OpenStack services 28 / 30
Table of Contents 1 Introduction 2 OpenStack 3 OpenStack services 4 Conclusion Conclusion Infrastructure-as-a-Service is more than a simple interface to virtualization Machine virtualization Network virtualization Data storage services Disk image repositories Identity management (Load balancing) (DNS) (Monitoring) etc. A good IaaS system should have: A rich set of infrastructure services Good APIs + user-friendly GUI Strong integration betweeen these services IaaS == the operating system of a cloud platform Développement logiciel pour le Cloud (TLC) Conclusion 29 / 30 Développement logiciel pour le Cloud (TLC) Conclusion 30 / 30