2. 目录
OpenStack中国行(北京)日程安排
00 签到
00
Before 14:00
写上你的文字你的文字
14:00 - 14:40 基于OpenStack建设公有云平台的开发实践 程 辉
01 骆文钟
01
14:40 - 15:20 OpenStack在香港
15:20 - 15:30 Break
02 朱荣泽
02
15:30 - 16:10 OpenStack中的块设备存储服务Cinder
16:10 - 16:40 Juju – make your life easier in the cloudOpenStack- 候正鹏
03
03
16:40 - 16:50 Break
George
04
16:50 - 17:20 企业私有云基础设施最佳选择 Wang
17:20 - 17:50 Swift架构与实践 杨雨
05
3. 标题文字标题文字
在这里写上你的标题
Building OpenStack Public Cloud
副标题副标题副标题
For副标题文字副标题文字Shenzhen
OpenStack China Tour
Hui Cheng
freedomhui@gmail.com | freedomhui.com
Community Manager of COSUG
Technical Manager in Sina.com 作者/日期
作者名字/日期
2012/9/21
4. 目录
Content
00
00 写上你的文字你的文字
01
OpenStack in Sina
01
Integration
02
Extension
02
03 New Services
03
04
Sina Contribution to OpenStack community
05
5. 目录
00
00 写上你的文字你的文字
01
01
02
02
03 OpenStack in Sina
03
04
05
6. About SinaCloud
目录
00 First and most popular PaaS cloud in
00 写上你的文字你的文字 China, launched in 2009
01 Support PHP, Python and Java
01 runtime
02
02
03
03
04
05
8. About SinaCloud
目录
00 First and most popular PaaS cloud in
00 写上你的文字你的文字 China, launched in 2009
01 Support PHP, Python and Java
01 runtime
02
02
03
03
OpenStack based public IaaS
cloud
04
05
10. About SinaCloud
目录
00 First and most popular PaaS cloud in
00 写上你的文字你的文字 China, launched in 2009
01 Support PHP, Python and Java
01 runtime
02
02
03
03
OpenStack based public IaaS
cloud
04
05
SaaS cloud based on SAE tech.
Design for the masses
1-Click buy and install apps
(SinaCloud Store)
11. 目录
00
00 写上你的文字你的文字
01
01
02
02
03 OpenStack in Sina
03
04
05
12. Sina Web Services(SWS)
目录
00
To salute Amazon Web Services
00 写上你的文字你的文字
01
It's an validated and successful cloud business
01
model. 02
02
Customers
03
03
Game makers on Weibo platform
04
Sina Partners
Common users out of Sina
05
Vision
Build an open and full-stack cloud ecosystem,
integrated IaaS, PaaS and SaaS platform.
18. 目录
Network Topology (VLAN)
Capability:
00
00 写上你的文字你的文字
• Accessibility of VMs within one tenant
• Isolation of VMs from different
01
tenants 01
• VM is able to access public network
02
02
• VM can be accessible from public
network
03
• Isolation 03
between virtual network and
internal network
04
Drawback: 05
• Pre-allocate network for future
projects
• Hard-limit of vlan 4096
• Traffic bottleneck in the gateway/NAT
19. Network Topology(Flat)
目录
00
Capability:
00 写上你的文字你的文字
• Accessibility of all VMs in the fixed IP
range
01
01
• VM is able to access public network
• VM can be accessible from public
02
network 02
• Full isolation between virtual network
03
03
and internal network
Bonus: 04
• Do not need pre-allocate for new
projects 05
• Eliminating bottleneck between
tenants
Drawback:
• Tenant isolation has gone
• Traffic bottleneck still exists in NAT
20. 目录
Network Topology(Flat & Multihost)
00
Capability:
00 写上你的文字你的文字
• Accessibility of all VMs in the fixed IP
range
01
01
• VM is able to access public network
• VM can be accessible from public
02
network 02
03
Bonus: 03
• Totally distributed architecture avoid
04
single-point failure.
• Multiple gateway eliminates NAT
bottleneck05
• High speed between OS regions
Drawback:
• Tenant isolation lessens
• Need security facility(SWS-filter) to
protect intranet
If security problems were solved, this would be our best choice!
21. 目录
Security in OpenStack
Security Group --- L3 Filter
00 Static filters --- L2 Filter
00 写上你的文字你的文字
Role-based firewall
01 MAC, IP, and ARP spoofing protectio
01
One security group is a Role Not configurable
Ingress filtering
02 Defined in /etc/libvirt/nwfilter/*.xml
Target is 02 instance
the Implemented by ebtables
Source can be CIDR or another group
03 ebtables -t nat --list
03
Implemented by iptables
See details: iptables -t filter -n -L
Whitelist 04
mechanism(ACCEPT rules)
05
22. 目录
Security Enhancement
00
SWS Filter
00 写上你的文字你的文字
01
01
Prevent Intranet Penetration
• Intranet is the internal network
02
outside 02OpenStack
of
Egress filtering
03
•
03
Target is internal network
• Source is instances in OpenStack
04
Implementation
• Whitelist mechanism(ACCEPT rules)
•
05
On the top of nova-filter-top Forward
Chain
Rational
• SWS filter is managed by cloud manager
• Only explicit authorized packets can reach Internal network C
• Packet should be controlled within Compute Node
24. SWS Load Balancer
目录
Goals
00
00 写上你的文字你的文字
Load Balance
01
01
•Dispatch request
•Support multiple routing algorithm DNS Acceleration Design
02
02
•Health check
03 Smart DNS
Acceleration 03
•Reality: narrow bandwidth between ISPs
04
•Building fiber channels from ISPs to pivot
Public Network
•Given the same endpoint within user’s ISP
05
IPv4 Shortage Telecom Unicom Mobile Others ISP
•Reality: dozens of public IPs support
hundreds of VMs High speed fiber-optic
•IPv4 has been exhausted
•IPv6 is not realistic yet in China
Router
40. Dough:Billing system
目录
00
00 写上你的文字你的文字
Keep track of billing info to charge tenants
01
01
Flexible customization of payment policies
02
02
How much/often to charge for resource unit
03
03
Handles prepaid or pay-as-you-go
04
Coupon Support
05
41. Dough:Billing system
目录
deduct
00
00 写上你的文字你的文字
01 RDBMS
01
Kanyun API Dashboard
02
(Metering)
02
03
03
04
05 Farmer API daemon
NoSQL
Check status / Subscribe or
Retrieve usage / unsubscribe
Create purchases Query info
https://github.com/sinacloud/dough (updated at 8/9)
46. SWS V3
目录
Open API & CLI
00
00 写上你的文字你的文字
01
Build
01 an cloud ecosystem
vMotion
02
02
03 High Availability
03
Fault Tolerance
04
EBS
05
Self-developed Solution
OpenSouce(Gluster/Ceph/Sheepdog)
Quantum Integration
Nicira-alike product research
47. SWS V3
目录
Multi-IDC Support
00
00 写上你的文字你的文字
01 Multi
01 Regions/Zones
02 Build for failure
02
User Console
03
03
More User friendly
Admin Console
04
Be
05 able to manage resourses like users
Physical server deployment & management
Network & Storage Management
Identity and Access Management
48. 目录
00
00 写上你的文字你的文字
01
01
Thank you, OpenStack Community and
02
02
Foundation.
03
03
04
05