TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Overview: Building Open Source Cloud Computing Environments
1. C R A S H CO U RS E O N
O P E N S O U RC E C LO U D CO M P U T I N G
Mark R. Hinkle
Director, Cloud Computing Community
CloudStack.org
2. AG E N DA
1. Introduction
2. Quick Cloud Computing Overview
3. Open Source Building Blocks for Cloud Computing
4. Open Source Tools for Cloud Management
5. Questions
4. Q U I C K C LO U D CO M P U T I N G OV E RV I E W :
O R T H E O B L I G ATO RY “ W H AT I S T H E
C LO U D ? ” S L I D ES
5. F I V E C H A R AC T E R I ST I C S O F C LO U D S
6. C LO U D CO M P U T I N G S E RV I C E M O D E L S
USER CLOUD a.k.a. SOFTWARE AS A SERVICE
Single application, multi-tenancy, network-based, one-to-many delivery of
applications, all users have same access to features.
Examples: Salesforce.com, Google Docs, Red Hat Network/RHEL
DEVELOPMENT CLOUD a.k.a. PLATFORM-AS-A-SERVICE
Application developer model, Application deployed to an elastic service that
autoscales, low administrative overhead. No concept of virtual machines or
operating system. Code it and deploy it.
Examples: Google AppEngine, Windows Azure, Rackspace Site, Red Hat
Makara
SYSTEMS CLOUD a.k.a INFRASTRUCTURE-AS-A-SERVICE
Servers and storage are made available in a scalable way over a network.
Examples: EC2,Rackspace
CloudFiles, OpenStack, CloudStack, Eucalyptus, Ubuntu Enterprise
Cloud, OpenNebula
7. D E P LOY M E N T M O D E L S
P U B L I C , P R I VAT E & H Y B R I D C LO U D S
8. C LO U D ST I L L R EQ U I R ES
A RC H I T EC T U R A L D ES I G N
Cloud Computing isn’t a magical solution apps need to
be able to scale out
Design your architecture with the end in mind
Make your infrastructure easily replicable
9. B U I L D I N G CO M P U T E C LO U D S
W I T H O P E N S O U RC E S O F T WA R E
10. W H Y O P E N S O U RC E ?
User-Driven Solutions to Real Problems
Lower barrier to participation
Larger user base, users helping users
Aggressive release cycles stay current with the state-of-
the-art
Open data, Open standards, Open APIs
11. O P E N V I RT UA L M AC H I N E FO R M AT S
Open Virtualization Format (OVF) is an open
standard for packaging and distributing virtual
appliances or more generally software to be run in
virtual machines.
Formats for hypervisors/cloud technologies:
• Amazon - AMI
• KVM – QCOW2
• VMware – VMDK
• Xen – IMG
• VHD – Virtual Hard Disk - Hyper-V
12. S O U RC I N G O S S
V M S A N D C LO U D A P P L I A N C ES
13. O P E N S O U RC E H Y P E RV I S O RS
Open Source
Xen, Xen Cloud Platform (XCP)
KVM – Kernel-based Virtualization
VirtualBox* - Oracle supported Virtualization Solutions
OpenVZ* - Container-based, Similar to Solaris Containers or BSD Zones
LXC – User Space chrooted installs
Proprietary
VMware
Citrix Xenserver
Microsoft Hyper-V
OracleVM (Based on OS Xen)
14. O P E N S O U RC E CO M P U T E C LO U D S
Year Started License Hypervisors Supported
2008 GPL Xenserver, Xen Cloud
Platform, KVM, VMware
2006 GPL Xen, KVM, VMware
2010 Apache VMware ESX and ESXi,
(Developed by Microsoft Hyper-V, Xen,
NASA by Anso KVM and Virtual Box
Labs
previously)
15. SCALE-UP OR SCALE-OUT
Vertical Scaling (Scale-Up) – Allocate additional
resources to VMs, requires a reboot, no need for
distributed app logic, single-point of OS failure
Horizontal Scaling (Scale-Out) – Application needs logic
to work in distributed fashion (e.g. HA-Proxy and
Apache, Hadoop)
16. O P E N S O U RC E
P L AT FO R M - A S - A - S E RV I C E
Year Started Sponsors Hypervisors Supported
2011 VMware Spring, Rails, Node.js
2011 Joyent Node.js
2011 Red Hat Express – Ruby, Php and
Python
Flex – Jboss, Java EE6
2010 WSO2 Jboss, Java EE6
17. O P E N S O U RC E
C LO U D CO M P U T I N G STO R AG E
GlusterFS – Scale Out NAS system aggregating storage over
Ethernet or Infiniband
Ceph – Distributed file storage system developed by
DreamHost
OpenStack Object Storage (SWIFT) – Long-term storage
object storage system
Sheepdog – Distributed storage for KVM hypervisors
NFS – Old standby, tried and true, not designed for cloud scale
or performance
18. C LO U D A P I S A R E N ’ T C R EAT E D EQ UA L
O P E N S O U RC E A B ST R AC T I O N S
jclouds
libcloud
deltacloud
fog
19. P R I VAT E C LO U D A RC H I T EC T U R E
API
Abstractions
20. M A N AG I N G C LO U D S W I T H
O P E N S O U RC E TO O L S
21. AU TO M AT I O N U N LO C KS
T H E P OT E N T I A L O F T H E C LO U D
•
•
•
•
22. T H E M Y T H O F T H E N I N ES
Availability % Downtime per Downtime per Downtime per
Year Month Week
99.9% (three nines) 8.76 hours 43.2 minutes 10.1 minutes
99.95% 4.38 hours 21.56 minutes 5.04 minutes
99.99% (four nines) 52.6 minutes 4.32 minutes 1.01 minutes
99.999% (five nines) 5.26 minutes 25.9 seconds 6.05 seconds
99.9999% (six nines) 31.5 seconds 2.59 seconds .0605 seconds
23. 4 T Y P ES O F M A N AG E M E N T TO O L S
Provisioning
Installation of operating systems and other software
Configuration Management
Sets the parameters for servers, can specify
installation parameters
Orchestration/Automation
Automate tasks across systems
Monitoring
Records errors and health of IT infrastructure
24. M A N AG E M E N T TO O LC H A I N S
Monitoring
Patching
and
Provisioning
Configuration
25. O P E N S O U RC E
P ROV I S I O N I N G TO O L S
Year Started License Installation
Targets
Kickstart ? GPL Most .dep and RPM
based Linux distros
Cobbler (Plus koan 2007 GPL Red Hat, OpenSUSE
for PXE boot of Fedora, Debian,
VMs) Ubuntu
Spacewalk 2008 GPL Fedora, Centos
Crowbar 2011 Apache (Bare metal
provisioning)
26. OPEN SOURCE
C O N F I G U R AT I O N M A N A G E M E N T TO O L S
Year Started Language License Client/Server
Cfengine 1993 C Apache Yes
Chef 2009 Ruby Apache Chef Solo – No
Chef Server -
Yes
Puppet 2004 Ruby GPL yes
Salt 2011 Python Apache yes
27. O P E N S O U RC E
M O N I TO R I N G TO O L S
License Type of Monitoring Collection
Methods
Cacti / RRDTool GPL Performance SNMP, syslog
Nagios GPL Availability SNMP,TCP, ICMP,
IPMI, syslog
Zabbix GPL Availability/ SNMP, TCP/ICMP,
Performance and IPMI, Synthetic
more Transactions
Zenoss GPL Availability, SNMP, ICMP, SSH,
Performance, Event syslog, WMI
Management
28. O P E N S O U RC E
AU TO M AT I O N / O RC H EST R AT I O N TO O L S
Year Started Language License Client/Server Support
Organization
Capistrano 2006 Ruby MIT Yes None
RunDeck 2010 Java Apache Yes DTO Solutions
Func 2007 Python GPL Yes Fedora Project
MCollective 2009 Ruby Apache Yes PuppetLabs
Salt 2011 Python Apache Yes SaltStack Inc.
?
29. CO N C E P T UA L AU TO M AT E D TO O LC H A I N
Generate Images BootStrapped Image Provision Configuration
SUSE Studio CloudStack Cobbler Puppet
BoxGrinder OpenStack Kickstart Chef
Monitoring
Nagios Start/Stop Services
Zenoss RunDeck
Cacti Capistrano
MCollective
30. Questions?
SLIDES CAN BE VIEWED AND DOWNLOADED
AT:
H T T P : / / W W W. S L I D E S H A R E . N E T/ S O C I A L I Z E D S
O F T WA R E /
32. A D D I T I O N A L R ES O U RC ES
Devops Toolchains Group
DevOps Wikipedia Page
Open Cloud Initiative
NIST Cloud Computing Platform
Open Virtualization Format Specs
Clouderati Twitter Account
Planet DevOps
33. C R A S H CO U RS E I N O P E N S O U RC E C LO U D
CO M P U T I N G
B Y M A R K R . H I N K L E I S L I C E N S E D U N D E R A C R E AT I V E C O M M O N S
AT T R I B U T I O N - S H A R E A L I K E 3 . 0 U N I T E D S TAT E S L I C E N S E .
Hinweis der Redaktion
From the NIST Cloud Computing On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).Resource pooling.The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.This is different than virtual private hosting which is constrained to a single host or hosted Exchange server with fixed storage limits. Rapid elasticity.Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out, and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Cloud Software as a Service (SaaS) – The Application CloudThe capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.Cloud Platform as a Service (PaaS) – The Development Cloud The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.Cloud Infrastructure as a Service (IaaS). – Systems CloudThe capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
Private cloudThe cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.Public cloudThe cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.Hybrid cloudThe cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
An OVF package consists of several files, placed in one directory. A one-file alternative is the OVA package, which is a TAR file with the OVF directory inside.OVF is a packaging format for software appliances. From a technical point of view, an OVF is a transport mechanism for virtual machine templates. One OVF may contain a single VM, or many VMs (it is left to the software appliance developer to decide which arrangement best suits their application). OVFs must be installed before they can be run; a particular virtualization platform may run the VM from the OVF, but this is not required. If this is done, the OVF itself can no longer be viewed as a “golden image” version of the appliance, since run-time state for the virtual machine(s) will pervade the OVF. Moreover the digital signature that allows the platform to check the integrity of the OVF will be invalid.VHD – Virtual Hard Disk format started by Connectix (now part of Microsoft) made open through the Microsoft Open Specification Promise.
Software appliances are like toasters, they do one thing very well. BitnamiBitNami Cloud Images allow BitNami Stacks to run in a cloud computing environment. BitNami offers Amazon Machine Images (AMIs) for running BitNami Stacks on the Amazon Cloud, as well as BitNami Cloud Hosting, a service that simplifies the process of running open source applications on Amazon EC2.BoxGrinderBoxGrinder supports many virtualization and Cloud platforms like EC2, Xen, KVM, VMware. You can create an appliance based on Fedora, Red Hat Enterprise Linux or CentOS. You are of course free to write your own plugin to support any other virtualization platform or operating system.SUSE StudioSuSE Studio allows you to use a hosted build service and a on premise virtual build system. Has a RESTful API to make calls to SUSE Studio openSUSE, SUSE Enterprise Linux (SuSE) and JeOSIntegrates with SUSE Lifecycle Management Server and WebYASTCan Share Images in the SUSE Studio Gallery
Top choices for Cloud Computing are Xen and KVM.OpenVZ, container virtualization for Linux, is an interesting option as it has a very minimal overhead to scale application space similar to containers like BSD Jails. Advantage is that memory allocation is soft and unutilized memory can be used by other applications.
CloudStack – www.cloudstack.org - CloudStack is a sponsored by Citrix systems released under GPLv3 that provides a highly capable IaaS solution for service providers and enterprises. Robust Web Interface Comprehensive APISecure-Single Sign-OnDynamic Workload ManagementXenserver, Xen Cloud Platform, KVM, VMware, OracleVM supportSecure AJAX Console for VMsNetworking-as-a-Service (Create VLANs to segregate traffic)EC2 API Compatibility Usage MeteringEucalyptus– http://open.eucalyptus.com - IaaS platform originally targeted to provide migration path from Amazon EC2 to private cloud. Amazon AWS Interface CompatibilitySupports Amazon AMIHigh AvailabilityNetwork Management, Security Groups, Traffic IsolationSelf Service S3 compatible Storage Bucket-Based StorageXen and KVM Hypervisor Support (VMware in Enterprise Edition)User Group and Role-Based ManagementOpenStack– www.openstack.org - Sponsored by Rackspace, a hosting provider is made up by three primary projects. OpenStack Compute (Nova) – Nova is a cloud orchestration platform similar to Amazon EC2 Orchestration of popular hypervisors (Xen, Xenserver, KVM, Hyper-V, VMware, Linux Containers)Floating IP Addresses (keep IPs and DNS correct when restarting VMs)VNC proxy through the WebApache 2.0 License Android/iOS ClientsBlock Storage Support (AOE, iSCSI, Sheepdog)OpenStack Storage (Swift) – Is a EBS style solution used for long term storage not real time. Swift is used creating redundant, scalable object storage using clusters of standardized servers to store petabytes of accessible data.Features:Store and Manage files ProgrammaticallyCreate public and private folders Using Commodity HardwareFault tolerant (Nodes/HDD)Scale-out, Scale-UpOpenStack Image Service(Glance) - OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images.Features:Provides images-as-a-serviceSupports Raw, VHD, VDI, qcow2, VMDK, OVF Restful APIBackend Options – Swift, Local, S3, HTTPVersion Control and LoggingOpenNebula – http://www.opennebula.org/ – Cloud Computing Toolkit Apache license
Scale Up Scale Out
CloudFoundryCloud Foundry, a VMware-led project, for building a Platform as a Service (PaaS) offering. Cloud Foundry provides a platform for building, deploying, and running cloud apps using Spring for Java developers, Rails and Sinatra for Ruby developers, Node.js and other JVM frameworks including Grails.SmartOSRecent entry by Joyent,node.js PaaS. OpenShiftA free Platform-as-a-Service that enables developers to deploy apps written in multiple frameworks and languages across clouds. Open source licensing is forthcoming. WSO2 Java PaaS.
GlusterFS is an open source scale-out NAS solution. The software is a powerful and flexible solution that simplifies the task of managing unstructured file data whether you have a few terabytes of storage or multiple petabytes.Ceph is a distributed network storage and file system designed to provide excellent performance, reliability, and scalability. Ceph is based on a reliable and scalable distributed object store, with a distributed metadata management cluster layered on top to provide a distributed file system with POSIX semantics. There are a variety of ways to interact with the systemOpenStack Object Storage (code-named Swift) is open source software for creating redundant, scalable object storage using clusters of standardized servers to store petabytes of accessible data. It is not a file system or real-time data storage system, but rather a long-term storage system for a more permanent type of static data that can be retrieved, leveraged, and then updated if necessary. Primary examples of data that best fit this type of storage model are virtual machine images, photo storage, email storage and backup archiving. Having no central "brain" or master point of control provides greater scalability, redundancy and permanence.Sheepdog is a distributed storage system for QEMU/KVM. It provides highly available block level storage volumes that can be attached to QEMU/KVM virtual machines. Sheepdog scales to several hundreds nodes, and supports advanced volume management features such as snapshot, cloning, and thin provisioning.
Types of Tasks Accomplished by an APIProvisioning (creating, re-creating, moving, or deleting components e.g. virtual machines, vlans)Configuration (assigning or changing attributes of the architecture such as security and network settings)Cloud ProvidersJclouds – java API Abstraction Libcloud – started by CloudKick (now Rackspace) to abstract clouds, Apache incubator projectDeltacloud – started by Red Hat to abstract clouds, Apache incubator projectFog - provider and abstraction level API across compute and storage, written in Ruby
Derived from the NIST Diagram
Cloud computing promises highly available systems, but if you have a reactive approach you won’t achieve that goal. If you want a five nines service level you have 5.26 minutes to find, fix and recoverBuild redundant, highly environment systems
Other disciplines like back-up, log management, performance and security (virus,intrusion detection) are important but not core to the delivery of cloud computing systems
Ideally for the cloud you create management toolchains that automate the management of your cloud. So that the output of one tool informs the input of another.
These tools are all appropriate for Linux guest operating systems, Windows operating system provisioning is not well addressed in OSS. CobblerCobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between lots of various commands and applications when rolling out new systems, and, in some cases, changing existing ones. With a simple series of commands, network installs can be configured for PXE, reinstallations, media-based net-installs, and virtualized installs (supporting Xen, qemu, KVM, and some variants of VMware). Cobbler uses a helper program called 'koan' (which interacts with Cobbler) for reinstallation and virtualization support. SpacewalkSpacewalk manages software content updates for Red Hat derived distributions such as Fedora, CentOS, and Scientific Linux, within your firewall. You can stage software content through different environments, managing the deployment of updates to systems and allowing you to view at which update level any given system is at across your deployment. A clean central web interface allows viewing of systems and their software update status, and initiating update actions.CrowbarBare metal provisioning for CloudStack developed by Dell using Opscode Chef.
CfengineCFEngine is a policy-based configuration management system written by Mark Burgess at Oslo University College. Its primary function is to provide automated configuration and maintenance of computers, from a policy specification. The CFEngine project was started in 1993 as a reaction to the complexity and non-portability of shell scripting for Unix configuration management, and continues today. The aim was to absorb frequently used coding paradigms into a declarative, domain-specific language that would offer self-documenting configuration.Cfengine 3.0 Nova latest version October 2011. Native Windows support, on the fly support for Hupervisor configuration KVM/Xen using libvirt (in commercial version)Opscode Chef With Chef, you write abstract definitions as source code to describe how you want each part of your infrastructure to be built, and then apply those descriptions to individual servers. The result is a fully automated infrastructure: when a new server comes on line, the only thing you have to do is tell Chef what role it should play in your architecture. Chef performs actions defined in recipes to configure systems. Recipes are written in Ruby with specific domain specific language (DSL) extensions to specify configuration resources. A Recipe describes a series of resources that should be in a particular state on a particular part of a server (such as Apache, MySQL, or Hadoop). This might include packages that should be installed, services that should be running, or files that should be written. When Recipes are run, Chef makes sure that each resource is properly configured, only taking corrective action when it's necessary. The result is a safe, flexible mechanism for making sure your servers are always running exactly how you want them to be.PuppetPuppet, an automated administrative engine for your *nix systems, performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.SaltStackSalt is a powerful remote execution manager that can be used to administer servers in a fast and efficient way.Salt allows commands to be executed across large groups of servers. This means systems can be easily managed, but data can also be easily gathered. Quick introspection into running systems becomes a reality.Remote execution is usually used to set up a certain state on a remote system. Salt addresses this problem as well, the salt state system uses salt state files to define the state a server needs to be in.Between the remote execution system, and state management Salt addresses the backbone of cloud and data center management.
CapistranoCapistrano is a developer tool for deploying web applications. It is typically installed on a workstation, and used to deploy code from your source code management (SCM) to one, or more servers.Capistrano recently added classes capabilities that match cobbler. RunDeckRunDeck is cross-platform open source software that helps you automate ad-hoc and routine procedures in data center or cloud environments. RunDeck allows you to run tasks on any number of nodes from a web-based or command-line interface. RunDeck also includes other features that make it easy to scale up your scripting efforts including: access control, workflow building, scheduling, logging, and integration with external sources for node and option data.FuncFunc allows for running commands on remote systems in a secure way, like SSH, but offers several improvements. Func allows you to manage an arbitrary group of machines all at once. Func automatically distributes certificates to all "slave" machines. There's almost nothing to configure. Func comes with a command line for sending remote commands and gathering data. There are lots of modules already provided for common tasks. Anyone can write their own modules using the simple Python module API. Everything that can be done with the command line can be done with the Python client API. The hack potential is unlimited. You'll never have to use "expect" or other ugly hacks to automate your workflow. It's really simple under the covers. Func works over XMLRPC and SSL. Since func uses certmaster, any program can use func certificates, latch on to them, and take advantage of secure master-to-slave communication. There are no databases or crazy stuff to install and configure. Again, certificate distribution is automatic too. McollectiveThe Marionette Collective AKA mcollective is a framework to build server orchestration or parallel job execution systems.Mcollective is used as a means of programmatic execution of Systems Administration actions on clusters of servers. MCollective use modern tools like Publish Subscribe Middleware and modern philosophies like real time discovery of network resources using meta data and not hostnames. Delivering a very scalable and very fast parallel execution environment.
Automated Toolchain(For Linux guests) Bootstrapped image is launched fro a template in the cloud provider, then searches for the Cobbler server.Post Install from Cobbler kicks off Puppet with defined management class to configure server using rolesAfter cobbler runs kicks off configuration management in Puppet. Then services can be started and stopped with RunDeck or post-install scriptsThen RunDeck can insert new hosts in Zenoss or NagiosFinally as the network conditions change Zenoss can remediate via other tools based on situational awareness