ITRI Cloud OS: An End-to-End OpenStack Solution Tzi-cker Chiueh 闕志克 Cloud Computing Research Center for Mobile Applications (CCMA) 雲端運算行動應用研究中心 1
Cloud Service Models Software as a Service (SaaS) Turn-key software hosted on the cloud and accessible through the browser Example: salesforce.com, and all major desktop software vendors Hotel Furnished Apartment Platform as a Service (PaaS) An operating environment including (application-specific) libraries and supporting services (DBMS, AAA) Example: Google s App Engine, Microsoft s Azure, IBM s XaaS 2 Infrastructure as a Service (IaaS) A set of virtual machines with storage space and external network bandwidth Example: Amazon Web Service Unfurnished Apartment
Beyond Server Virtualization Physical Server VM0 VM1 VMn Layer-3 Border Routers Layer-2-Only Data Center Network Load Balancing Traffic Shaping Intrusion Detection NAT Compute Server Rack 3 Storage Server
Data Center Virtualization Virtual Data Center Management Physical Data Center Management BestBuy Photo Sharing VDC Video Streaming VDC Web Conference VDC AT&T Provision and Deploy Cloud Application Developer Cloud Service Provider 4 Monitor and Configure Virtual Resources Physical Cluster Cloud Service Infrastructure Administrator Carrier Monitor, Diagnose and Configure Physical Resources
ITRI Cloud OS Service Model 5 Multi-tenancy support from the grounds up Virtual data center virtual cluster VM Users provide a Virtual Cluster specification No. of VM instances each with CPU performance and memory size requirement Per-VM storage space requirement External network bandwidth requirement Security policy Backup policy Traffic shaping policy Load balancing and auto-scaling policy Network configuration: public IP address and private IP address range OS image and application image
Components of ITRI Cloud OS Physical resource management (PRM): BIOS Centralized installation of all systems and applications software Start up, discover, shut down, and recover a data center computer Data center storage management: file management Main storage (DMS) : Forming a highly available global storage pool from a set of distributed JBOD storage servers Secondary storage (DSS): Offering streamlined disk-based snapshot and backup with configurable policy Virtualization management: process management Resource provisioning management (RPM): allocate physical data center resources for a given virtual data center and auto-scaling Dynamic virtual resource management (DVMM): use VM migration to support consolidation, load balancing and fault tolerance 6
Components of ITRI Cloud OS 7 Physical data center management (PDCM): system administration Comprehensive server/switch/disk/software monitoring Unified event log collection and analysis Application performance management Integrated trouble ticking support Virtual data center management (VDCM): system administration VDC/VC/VM specification Real time resource usage and application performance measurement Security: security Inter-VDC isolation Centralized L3 and distributed L7 and web application firewalling Internet edge logic: WAN appliance Inter-VM load balancing within a VC Traffic shaping DDoS attack mitigation
Building Cloud Data Center Primary/Secondary Storage Management (EMC) Virtualization Management (VMWare) Physical Data Center Management (Tivoli) Physical Resource Management (Dell) Servers (HP) Storage (Seagate) Networks (Cisco) Virtual Data Center Management (CA) 8 System Integration (IBM) Security (Checkpoint) Server Load Balancing/ Traffic Shaping (F5) (XXX): represents leader In the corresponding space
ITRI Cloud OS s Way Primary/Secondary Storage Management (ITRI) Virtualization Management (ITRI) Physical Data Center Management (ITRI) Physical Resource Management (ITRI) Servers (commodity) Storage (commodity) Networks (commodity) Virtual Data Center Management (ITRI) 9 System Integration (ITRI) Security (ITRI) Internet Edge Logic (ITRI)
OpenStack Open Stack core + API for third-party plug-ins 10 Nova: Virtual machine service Glance: VM image upload and delivery Swift: Object storage Cinder: Virtual block storage service Quantum: Virtual network service Improvement over Nova Boot from remote cloned volume Inter-physical-machine load balancing Power consolidation Dedicated physical machine pool Auto-scaling
OpenStack-Compatible Cloud OS OpenStack API Security Directory Server IEL DMS/DSS Walrus PRM/PDCM VDCM/RS APIs with VDC concept VMM NC Security Directory Server IEL Nova Volume DMS/DSS OpenStack compatible Glance/Swift Storage API PRM/PDCM VDCM/RS APIs with VDC concept VMM lite Compute API OpenStack Nova Network API create/start/stop/delete/migrate VMs create/start/stop/delete/migrate VMs Xen Xen Xen Xen KVM Xen Qemu HyperV
Strong Data Protection Storage hardware: JBOD-based (just a bunch of disks) storage servers RAID: disk failure N-way data replication: disk, controller, server, and network failures Periodic snapshots for local data backup with de-duplication: manual error Wide-area data backup: site failure Snapshot frequency: a couple of hours to days 12
High Availability Support High availability support for Cloud OS subsystems Active-passive: Linux HA + DRBD + edit logging/recovery Active-active: MySQL and server load balancer Disk state-preserving fail-over for application VMs running inside VDCs Shared persistent state + VM restart + take-over 13
Scalability: Multi-Dimensional Load Balancing Multi-homing load balancing Inter-VM load balancing Network-wide load balancing Inter-storage-server load balancing Inter-PM load balancing Thermal load balancing
Cloud Security Any security breaches that are possible for a physical data center are equally likely for a virtual data center L4/L7 and Web Application Firewall New security concerns Inter-VDC isolation vs. VLAN isolation 15
Network Virtualization 16 Multiple virtual networks on top of a single physical network Each VDC has its own virtual network A single virtual L2 switch connecting all the VMs in a VDC A full private IP address (i.e. 10.x.x.x) VPN connections connect VDCs that share the same IP address space Per-VC firewall, server load balancing and traffic shaping policy Assigned public IP addresses Is VLAN needed in the network virtualization model? Support private IP address reuse without tunneling: A private IP address such as 10.1.2.5 could be used in multiple VDCs simultaneously
System Management/Administration Separation between PDC operator and VDC operator Multi-tenancy aware Comprehensive monitoring Server/switch/storage sensors Systems software health Virtual to physical resource mapping Virtual Machines Physical Machines Virtual Volumes Physical Disks Virtual Network Links Physical Network Links Unified log collection and access 17
Summary ITRI Cloud OS is a fully integrated IaaS solution for both public, private and hybrid cloud Compatible with OpenStack (since Essex distribution) Key features: Distributed replicated block storage PDCM/VDCM separation Network virtualization on Ethernet network without tunneling 18
Thank You! Questions and Comments? tcc@itri.org.tw 19