OpenStack platform, страница 3

The service supports a fully RESTful API, which developers can use to send messages between various components of their SaaS and mobile applications by using a variety of communication patterns. Any OpenStack components can integrate with Zaqar to communicate with other components and users, but in order to use the service, component must authenticate itself. At the time of writing this paper, Zaqar was ready to use in production, but only for small and medium-sized workloads.

1. Shared File System Service (Manila)

Manila was abstracted from the Block Storage service and now it is a shared filesystem service. Just like the other OpenStack controllers, this one can permit to create, delete, and give/deny access to a share. However, this service is not as ordinary as others are. The problem of the shared filesystem is a long-standing problem and there is still no best answer how to solve it. Every decision has its benefits and drawbacks. It is very hard to allow write into the shared file system instances (there is several instances because of the redundancy) and at the same time give equal results to other users, who is reading data from the same file system.

The design and prototype implementation provide extensibility for multiple backends (to support file system specific nuances (for example EMC, NetApp, HP, IBM, Oracle or Red Hat GlusterFS)) but is intended to be sufficiently abstract to support any of a variety of shared file systems.

1. DNSaaS (Designate)

This OpenStack service gives DNS as a Service. It is not a very complicated application, but it has one clear benefit in comparison with traditional DNS services: it has authentication phase, which blocks one of the design vulnerability of DNS servers.

1. Security API (Barbican)

Barbican is a REST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. Secrets can be one of the encryption keys, X.509 certificates and passwords.

Security is always very touchy theme for the business, so I will tell some more information under this topic. In modern world, there is a big problem with the key management. While windows have some decent option like Active Directory or Data Protection API, Linux lack any mechanism for key management. For the symmetric and asymmetric keys (but not raw secrets like passwords), Barbican supports full life cycle: management, provisioning, expiration, reporting, etc.

The main idea of the Barbican is to create a central secret-store for keying material, which could be distributed to all types of applications. As this service does not necessary demand the OpenStack, it can be used standalone in any cloud instances and probably even companies that are not related to cloud computing. It means that the developers can try to build its own community around this product.

The picture presents an overall logical diagram for Barbican

Рисунок 1. Overall logical diagram for Barbican

As you can see, it consists of the Relational Database Management System (RDBMS) to store keying material. The API nodes handle incoming REST requests to Barbican and if the request can be handle asynchronously, it will access RDBMS directly; otherwise, the request will be queued and processed by workers that can communicate with certificate authorities or with provisioning targets module.

1. Components Relationships

Now after we have seen all the component of the OpenStack it is time to describe its relationships. There are a lot of them, and the best way to introduce them is to show the graph:

Рисунок 2. Component's Relationships

As you can see the system is very tangled, but as there is standard RESTful API interfaces everywhere, it is easy to maintain and develop.

1. Cloud Example

Now, after we have seen the OpenStack component, I will show a typical example of how the OpenStack cloud can be arranged:

Рисунок 3. OpenStack Example

On this example, you can see the basic OpenStack cloud. Nova is used to manage the compute nodes, Neutron is used to manage the network, Cinder and Swift is used to store the data, Keystone is used to authenticate user, Glance is used to provide the images usually stored on Swift, and Ceilometer is used to gather statistics from the system

1. Deployment models

OpenStack has a wide variety of users; it is companies needed to manage datacenters. It can be hosting companies, providing PaaS, or the companies that can provide SaaS (company can provide other company for example with 1C) or IaaS (like Google, providing searching, e-mail, cloud storage, etc.). Or the companies that is creating datacenter for its own purposes, but in this case they also provide one of three types of services, and the only difference is that they are customer and the seller at the same time. Here are some companies-users of OpenStack: AT&T, Deutsche Telekom, eBay, HP Public Cloud, Intel, NASA, NSA, DreamHost, PayPal, Sony, Yahoo (terrifying company, yay?), Alcatel-Lucent, etc.

Here is the main theoretical use cases of the OpenStack:

1. Service providers offering an IaaS or services higher up in the stack (PaaS or SaaS)

2. IT departments acting as cloud service providers for business units and project teams.

3. Processing big data with tools like Hadoop.

4. Scaling compute up and down to meet demand for web resources and applications.

5. High-performance computing (HPC) environments processing diverse and intensive workloads.

As you can see now the OpenStack is very promising framework, that is why vendors have worked through multiple ways for customers to deploy it. And here is how it is in practice:

1. Infrastructure as a Service. A vendor hosts an OpenStack-based private cloud, including the underlying hardware and the OpenStack software.

2. Platform as a Service. A vendor provides a public cloud computing system based on the OpenStack project.

3. Software as a Service. A vendor hosts OpenStack management software (without any hardware) as a service. Customers sign up for the service and use it with their internal servers, storage and networks to get a fully operational private cloud.

4. On-premises distribution: In this model, a customer downloads and installs an OpenStack distribution within their internal network. (This is sort of installing OpenStack by your own)

5. Appliance based OpenStack: Nebula was a vendor that sold appliances that could be plugged into a network, which spawned an OpenStack deployment. (This is sort of automatic installation of OpenStack, prepared by some vendor)

1. OpenStack Features

Now I would like to enumerate features in the last version of the OpenStack 2015.1.2 “Kilo”:

1. Managing virtualized server resources (CPU, memory, disk, network)

2. Managing Local Area Networks (LAN) (VLANs, DHCP, IPv4, IPv6)

3. API with rate limiting and authentication (designed to add security between different users)

4. Distributed and asynchronous architecture (scalability and availability of the system leads to decreasing system downtime)

5. Virtual Machine (VM) image management (enables easy store, importing, sharing, and starting images)

6. Security groups (makes it easy to control access to virtual machines)

7. Role based access control (extra security measures)

8. Ability to allocate, track and limit resource utilization

9. Intuitive graphical interface for resource administration and orchestration for automatic deployment.

1. Conclusion

In conclusion, I would like to underline OpenStack essence, main purpose, and main functionality. OpenStack in an open software platform, developed to maintain wide variety of datacenters. It has module structure, which simplifies it and makes more flexible. The main pursued qualities are scalability, flexibility, productivity, cheapness, security, upgradability, multi-functionality.

The core components of the OpenStack are Compute, Storage and Networking. Other component gives additional functionality, such as identity service, database, telemetry, security API, etc. However, the power of OpenStack is not only in the ability to give resources to the user, but also to control them and limit. There is different types of restrictions that can be set onto the user of the cloud.

OpenStack managed to create its own ecosystem with its own “governance”, which helps to propagate the platform further into the IT community making it even better on the way up to the top of the world. Its main goal is probably been achieved and now OpenStack rapidly spreads across the market.

1. References

1. https://www.openstack.org/software/

2. https://wiki.openstack.org/wiki/

3. http://docs.openstack.org/developer/openstack-projects.html

4. http://thenewstack.io/sdn-controllers-and-openstack-part1/

5. https://en.wikipedia.org/wiki/Cloud_computing

6. https://en.wikipedia.org/wiki/OpenStack

7. https://github.com/openstack/

8. https://github.com/swiftstack/swift

9. https://en.wikipedia.org/wiki/Orchestration_%28computing%29

10. https://hadoop.apache.org/

11. https://wiki.openstack.org/wiki/File:Ironic_mascot.svg

12. https://aws.amazon.com/sqs/

13. https://www.openstack.org/foundation/board-of-directors/

14. https://www.openstack.org/legal/bylaws-of-the-openstack-foundation/

15. http://www.slideshare.net/mirantis/presentations

16. https://en.wikipedia.org/wiki/Software-defined_networking