SlideShare ist ein Scribd-Unternehmen logo

Améliorer OpenStack avec les technologies Intel

Odinot Stanislas
Odinot Stanislas

This document summarizes Intel's contributions and technologies for enhancing OpenStack. It discusses how Intel technologies can enhance OpenStack compute, storage, networking, and data collection. Specific technologies covered include Trusted Compute Pools, key management, erasure coding for Swift storage, and the Intel Open Network Platform for SDN/NFV. The presentation concludes by providing resources for learning more about Intel's OpenStack solutions and contributions.

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
1 Enhancing OpenStack* with Intel® Technologies for Public, Private and Hybrid Cloud Girish Gopal – Strategic Planning, Intel Corporation Malini Bhandaru – Security Architect, Intel Corporation EDCS003
2 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
3 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
4 Intel Enables OpenStack* Cloud Deployments Contributions Intel IT Open Cloud Intel® Cloud Builders • Across OpenStack projects plus tools released to Open Source • Top 10 contributor to Grizzly and Havana releases1 • Optimizations, validation and patches • Intel IT Open Cloud with OpenStack • Deliver Consumable Services • Automated Management of Cloud • Collection of best practices • Intel IT Open Cloud Reference Arch • Share best practices with IT and CSPs 1Source: stackalytics.com
5 OpenStack* Architecture Identity (Keystone) Authentication and authorization for services Object Storage (Swift) Allows you to store or retrieve files Image (Glance) Catalog and repository for virtual disk images Dashboard (Horizon) Modular web-based user interface for all services Compute (Nova) Provides virtual servers upon demand Networking (Neutron) Provides "network connectivity as a service" Block Storage (Cinder) Provides persistent block storage to guest VMs Heat Orchestrate multiple composite cloud applications Ceilometer Collect measurements for metering and monitoring New Components in Havana
6 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute – Trust – Security – Enhanced Platform Awareness (EPA) • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
7 Trusted Compute Pools (TCP) Enhance visibility, control and compliance - Key IT concerns (61%, 55% and 57% respectively1) • TCP Solution - Place workloads & VMs in trusted pools of virtualized servers - Trusted Computing Group Compliant Platform (TPM) - Intel® Xeon® processor initiates a trusted boot - OpenStack* Folsom release or later - Policy Engine / Console - Trust level of VM specified as Trusted  Compute (Nova) – Trust Filter  Dashboard (Horizon) – Trust Filter UI - Open Attestation (OAT) SDK  https://github.com/OpenAttestation/OpenAttestation • Core technologies - Intel® Trusted Execution Technology - Intel® Virtualization Technology FlexMigration 1source: McCann “what’s holding the cloud back?” cloud security global IT survey, sponsored by Intel, May 2012 Trust TCP is enabled in OpenStack (Folsom release) • Vendors: Bundle OAT into your OpenStack offering • Providers/IT: Implement TCP in your OpenStack Cloud • Users: Request and deploy VMs on Trusted nodes
8 Trusted Compute Pools with Geo-Tagging Use asset descriptor information to control virtual workloads - E.g., Enforce policies to control migration or bursting to trusted systems in specific geographical locations • Enhance OpenStack* services - Dashboard – display VM/storage geo - Flavor – Geo for VM Instances and Storage - Aggregate filter - Geo attestation service - Configure geo attestation service - Provision geo certificate for trusted machines Provide feedback, use cases Trust
9
10
11 Key Management Facilitates server-side encryption; Data-at-rest security Enables new use cases and users, e.g., compliance • Random Key generation - Intel® Secure Key: true randomness important • Secure Storage – keys encrypted with a master key • Access controlled - Identity - Keystone and access policies • Audit logging - create/delete/use • High availability • Pluggable backend – HSM, TPM Security Encryption Keys : Create, Store, Protect, and Ready Access
12 OpenStack* Key Manager Key management as separate service; prototype in Havana, incubation in Icehouse release of OpenStack* Secure OpenStack Clouds • Encrypt volumes, objects and communications Status and Next Steps • Barbican Key Manager: - https://github.com/cloudkeep/barbican • Integration with OpenStack authentication and authorization system • Immediate: Provide volume/block encryption Future • Creation and certification of public-private key pairs • Software support for periodic background tasks • Client component that can work against HSM • Examine KMIP • Leverage AES-XTS to enhance performance Building Blocks • Trusted Platform Module • Intel® Secure Key • Intel® AES-NI • New instructions and wider registers Security Intel® AES-NI = Intel® Advanced Encryption Standard New Instructions
13 OpenStack* Security Guide http://docs.openstack.org/sec/ • OpenStack* services • Public and Private clouds • Security domains and bridges • Layered security • Secure node bootstrapping and hardening • Secure intra-service communication • Database security • Hypervisor selection • Trusted machine images • VM Migration • Logging • Identity management • Access control • Compliance & Audit Help update the Security Guide Security
14 CPU Features Exposure Allows OpenStack* to have a greater awareness of the capabilities of the hardware platforms • Expose CPU features to OpenStack Nova scheduler • Use ComputeCapabilities filter to select hosts with required features - Security workload could run faster & more securely with Intel® AES-NI • Enables premium flavors - Enhanced capabilities for cloud customers - Enhanced revenue for cloud providers Intel® AES-NI = Intel® Advanced Encryption Standard New Instructions Image (Glance) Import host capabilities request via VM metadata Dashboard (Horizon) Expose Compute (Nova) Host capabilities discovery, reporting and filter enhancements Targeted for Havana and future OpenStack releases EPA
15 PCI Express* (PCIe* ) Accelerator Exposure • OpenStack* updates to enable PCI Express* (PCIe*) Accelerators – Solution based on libvirt and KVM – Add PCIe device info to the libvirt driver – Extend Nova Scheduler to handle PCIe device allocation – Configure the VM for Deployment • Status – Code released to the community – Not yet integrated into the Havana release mainline – NIC SR-IOV Virtual Function allocation to a VM possible  Not a recommended use case  Additional OpenStack updates necessary for a robust solution Leverage PCI Express Accelerators to gain performance • Crypto speed-up, hardware-based trust, faster I/O SR-IOV = Single Root I/O Virtualization EPA
16 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage – Intelligent Volume Scheduling – Erasure Code – COSBench • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
17 Intelligent Volume Scheduling - OpenStack* Cinder Maximize block storage efficiency by intelligently allocating volume based on workload and type of service required Example: Differentiated Service with Different Storage Backends • CSP: 3 different storage systems, offers 4 levels of volume services • Volume service criteria dictates which storage system can be used • Filter scheduler allows CSP to name storage services and allocate correct volume Intelligent Volume Scheduling is enabled in OpenStack* (Grizzly release)
18 Erasure Code for OpenStack* Swift Access Tier (Concurrency) Capacity Tier (Storage) Clients Tri-replication pathErasure code path Saves disk space, does not impact QoS for hot objects • Swift uses tri-replication today (3x storage) • Add daemon on storage node • Scans all existing objects offline • Selects cold objects of large enough size • Replaces tri-replication algorithm with erasure code Collaborate on Erasure Code • CLDS007: “OpenStack Swift Erasure Code: A Smart Cloud Storage Solution“ Wednesday, 5PM, Rm 2005 • https://blueprints.launchpad.net/swift/+spec/swift-ec
19 Introducing COSBench An Open Source Intel developed benchmarking tool to measure Cloud Object Storage (e.g., OpenStack* Swift) performance • Compare performance of cloud object stores • Evaluate internal options for software stacks • Identify bottlenecks and tune performance • Pluggable adaptors for different storage systems • Web-based UI • Real-time performance monitoring Throughput Response Time Bandwidth Success Ratio Download, Evaluate, Contribute https://github.com/intel-cloud/cosbench
20 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking – Intel® Open Network Platform • Enhancing OpenStack Data Collection • Intel® IT Open Cloud • Summary and Next Steps
21 Intel® Open Network Platform (ONP), OpenStack* and SDN/NFV Framework Node NodeNode Node NodeNode Controller Controller OpenStack (Orchestrator) Network Applications Northbound API Southbound API e.g., OpenFlow*, Open vSwitch Network Appliance TOR Switch Cloud Server Virtual Switch EPC Media Gateway Neutron SDN/NFV; Software Defined Networking/Network Functions Virtualization Intel® ONP Switch Reference Design Intel ONP Server Reference Design Learn more about Intel ONP • CLDS006: “Extending Open Networking Platform (ONP) for the Next Generation Server Architectures“ Wednesday, 3:45PM, Rm 2005
22 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection – Multiple Publisher Support – Intelligent Workload Scheduling • Intel® IT Open Cloud • Summary and Next Steps
23 Data Collection for Monitoring: Multiple Publisher (Ceilometer) Data Collector Transformer Pipeline Manager Transformer Metering Monitoring Publisher Publisher Publisher Transformer Facilitates transformation and publishing of metered data for consumption by various targets • Send/publish collected measurements to different endpoint/utility through different conduits with different format • Provides ability to store collected data in different data stores Targeted for OpenStack* Havana release • Create/add plugs-ins to store data in your own data stores
24 Data Collection for Efficiency: Intelligent Workload Scheduling Enhanced usage statistics allow advanced scheduling decisions • Pluggable metric data collecting framework - Collects data via plug-ins - Sends data to notification bus for use by other OpenStack* components • Compute (Nova) - New filters / weighers for utilization-based scheduling Targeted for OpenStack* Havana release • Utilize pluggable framework to create/add your own plugs-ins to monitor network
25 Agenda • Intel® and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
26 Intel IT Open Cloud • 77% Virtualized • 80% of new servers in the Cloud • Under 1 hour to deploy Infrastructure • Small number of SaaS apps in usage • Savings realized to date: $21M • Land Applications in minutes • Automation: lower cost w/ less resources • Open Cloud for bursting capacity • SaaS for non-differentiated apps (e.g. email) Today: Large Private Cloud, Limited Public Cloud Tomorrow: Hybrid Cloud Learn more on Intel IT Open Cloud • CLDS004 “Intel IT Open Cloud – What’s Under the Hood, and How Do We Drive It?” Wednesday, 5PM, Rm 2001
27 Agenda • Intel® and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
28 Summary: Intel® Technologies & Solutions for OpenStack* Release Trusted Compute Pools (TCP) TCP With Geotagging • Place workloads and VMs in trusted pools of virtualized servers • Determine and control location of sensitive data in the cloud • Intel® TXT, Intel® VT FlexMigration Folsom Icehouse Key Manager • Manager for symmetric and public/private keys, certificates • Intel® AES-NI, Intel® Secure Key Havana/ Icehouse Enhanced Platform Awareness • Levering PCIe accelerator devices in cloud infrastructure, and enabling access to Intel® 64 instruction set extensions • Intel® QuickAssist, Intel AES-NI, Intel® AVX, AVX2, Intel® SSE4, Intel Secure Key Havana Erasure Code • Replacing tri-replication algorithm in Swift Havana Intelligent Volume Scheduling • Allocate block storage type of service required Grizzly Multiple Publisher • Transformation & publishing of metered data Havana Data Collection for Efficiency • Usage statistics for scheduling decisions Havana Open Network Platform • Framework for SDN/NFV • Intel® VT-d, Intel® DPDK, Intel® DDIO Open Attestation SDK • Remote attestation service for TCP Open Source COSBench • Object store performance characterization tool Open Source Intel® TXT = Intel® Trusted Execution Technology; Intel® VT = Intel® Virtualization Technology; Intel® AES-NI = Intel® Advanced Encryption Standard – New Instructions; Intel® AVX = Intel® Advanced Vector Extensions; Intel® VT-d = Intel® Virtualization for Directed I/O; Intel® DPDK = Intel® Data Plane Development Kit; Intel® DDIO = Intel® Data Direct I/O
29 Read, Download, Get Involved • Compute - Open Attestation SDK: https://github.com/OpenAttestation/OpenAttestation - OpenStack* on Intel® TXT (Fedora*): https://fedoraproject.org/wiki/OpenStackOnTXT - Mechanisms to Protect Data in the Open Cloud: http://download- software.intel.com/sites/default/files/Intel_TXT_Open_Cloud_Security_Final_Web.pdf • Storage - COSBench: https://github.com/intel-cloud/cosbench • Networking - Intel® Open Network Platform: http://www.intel.com/content/www/us/en/switch-silicon/open-network-platform.html • Intel IT use of OpenStack - Accelerating Deployment of Cloud Services Using Open Source Software: http://www.intel.com/content/dam/www/public/us/en/documents/best- practices/accelerating-deployment-of-cloud-services-using-open-source-software.pdf Intel® Trusted Execution Technology (Intel® TXT)
30 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm Intel, Xeon, Look Inside and the Intel logo are trademarks of Intel Corporation in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright ©2013 Intel Corporation.
31 Legal Disclaimer • Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see Intel® Advanced Encryption Standard Instructions (AES-NI). • Built-In Security: No computer system can provide absolute security under all conditions. Built-in security features available on select Intel® processors may require additional software, hardware, services and/or an Internet connection. Results may vary depending upon configuration. Consult your system manufacturer for more details. For more information, see http://security-center.intel.com/. • Intel® 64 architecture requires a system with a 64-bit enabled processor, chipset, BIOS and software. Performance will vary depending on the specific hardware and software you use. Consult your PC manufacturer for more information. For more information, visit http://www.intel.com/info/em64t. • Intel® Secure Key Technology: No system can provide absolute security. Requires an Intel® Secure Key-enabled platform, available on select Intel® processors, and software optimized to support Intel Secure Key. Consult your system manufacturer for more information • Intel® Trusted Execution Technology (Intel® TXT): No computer system can provide absolute security under all conditions. Intel® TXT requires a computer with Intel® Virtualization Technology, an Intel TXT enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security. • Trusted Platform Module (TPM): The original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM functionality must be initialized and may not be available in all countries. • Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, and virtual machine monitor (VMM). Functionality, performance or other benefits will vary depending on hardware and software configurations. Software applications may not be compatible with all operating systems. Consult your PC manufacturer. For more information, visit http://www.intel.com/go/virtualization.
32 Risk Factors The above statements and any others in this document that refer to plans and expectations for the third quarter, the year and the future are forward-looking statements that involve a number of risks and uncertainties. Words such as “anticipates,” “expects,” “intends,” “plans,” “believes,” “seeks,” “estimates,” “may,” “will,” “should” and their variations identify forward-looking statements. Statements that refer to or are based on projections, uncertain events or assumptions also identify forward-looking statements. Many factors could affect Intel’s actual results, and variances from Intel’s current expectations regarding such factors could cause actual results to differ materially from those expressed in these forward-looking statements. Intel presently considers the following to be the important factors that could cause actual results to differ materially from the company’s expectations. Demand could be different from Intel's expectations due to factors including changes in business and economic conditions; customer acceptance of Intel’s and competitors’ products; supply constraints and other disruptions affecting customers; changes in customer order patterns including order cancellations; and changes in the level of inventory at customers. Uncertainty in global economic and financial conditions poses a risk that consumers and businesses may defer purchases in response to negative financial events, which could negatively affect product demand and other related matters. Intel operates in intensely competitive industries that are characterized by a high percentage of costs that are fixed or difficult to reduce in the short term and product demand that is highly variable and difficult to forecast. Revenue and the gross margin percentage are affected by the timing of Intel product introductions and the demand for and market acceptance of Intel's products; actions taken by Intel's competitors, including product offerings and introductions, marketing programs and pricing pressures and Intel’s response to such actions; and Intel’s ability to respond quickly to technological developments and to incorporate new features into its products. The gross margin percentage could vary significantly from expectations based on capacity utilization; variations in inventory valuation, including variations related to the timing of qualifying products for sale; changes in revenue levels; segment product mix; the timing and execution of the manufacturing ramp and associated costs; start-up costs; excess or obsolete inventory; changes in unit costs; defects or disruptions in the supply of materials or resources; product manufacturing quality/yields; and impairments of long-lived assets, including manufacturing, assembly/test and intangible assets. Intel's results could be affected by adverse economic, social, political and physical/infrastructure conditions in countries where Intel, its customers or its suppliers operate, including military conflict and other security risks, natural disasters, infrastructure disruptions, health concerns and fluctuations in currency exchange rates. Expenses, particularly certain marketing and compensation expenses, as well as restructuring and asset impairment charges, vary depending on the level of demand for Intel's products and the level of revenue and profits. Intel’s results could be affected by the timing of closing of acquisitions and divestitures. Intel's results could be affected by adverse effects associated with product defects and errata (deviations from published specifications), and by litigation or regulatory matters involving intellectual property, stockholder, consumer, antitrust, disclosure and other issues, such as the litigation and regulatory matters described in Intel's SEC reports. An unfavorable ruling could include monetary damages or an injunction prohibiting Intel from manufacturing or selling one or more products, precluding particular business practices, impacting Intel’s ability to design its products, or requiring other remedies such as compulsory licensing of intellectual property. A detailed discussion of these and other factors that could affect Intel’s results is included in Intel’s SEC filings, including the company’s most recent reports on Form 10-Q, Form 10-K and earnings release. Rev. 7/17/13
33 Backup
34 Trusted Geolocation Preview • Determine and control location of server with sensitive information in the cloud • Server location information added to server root of trust • Three main phases: 1. Platform Attestation and Safe Hypervisor launch 2. Trust-based Secure Migration 3. Trust- and Geolocation-based Secure Migration
35 Key-Manager Cinder Keys Glance Keys OpenStack Service Swift/Cinder/ Glance/Keystone ) TPM Key Creation and Storage Random Number Generator (keys random) Storage (master keys) put(key-id, enc-key-str) get(key-id) enc_key_str success Keystone Keys Swift Keys <key-id, enc-key-str, descriptors> Swift authentication token, access Swift keys Descriptors Creation-time, Expire-time, Num-uses, Type: public/private/ symmetric/unknown (encrypted) communication Formatter KMIP
36 Implementation Example ONP Switch ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC CDN CDN Billing ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC vEPC vEPC Forecast ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC vEPC CDN Analytics Controller

Empfohlen

Barbican 1.0 - Open Source Key Management for OpenStack
Barbican 1.0 - Open Source Key Management for OpenStackBarbican 1.0 - Open Source Key Management for OpenStack
Barbican 1.0 - Open Source Key Management for OpenStackjarito030506
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementationsedukull
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Introduction to the DevNet Sandbox and IVT
Introduction to the DevNet Sandbox and IVTIntroduction to the DevNet Sandbox and IVT
Introduction to the DevNet Sandbox and IVTCisco DevNet
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...Cisco DevNet
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 

Empfohlen

Barbican 1.0 - Open Source Key Management for OpenStack
Barbican 1.0 - Open Source Key Management for OpenStackBarbican 1.0 - Open Source Key Management for OpenStack
Barbican 1.0 - Open Source Key Management for OpenStackjarito030506
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementationsedukull
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Introduction to the DevNet Sandbox and IVT
Introduction to the DevNet Sandbox and IVTIntroduction to the DevNet Sandbox and IVT
Introduction to the DevNet Sandbox and IVTCisco DevNet
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...Cisco DevNet
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenarioAnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenarioRoberto Carratala
 
Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014Vangelis Koukis
 
Managing Microservices at Scale
Managing Microservices at ScaleManaging Microservices at Scale
Managing Microservices at ScalePerforce
 
OpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureOpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureRitesh Somani
 
Using Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveUsing Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveCisco DevNet
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Cheah Eng Soon
 
NGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX, Inc.
 
Making Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce HelixMaking Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce HelixPerforce
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleMofizur Rahman
 
Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618Arnaud Le Hors
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Container Solutions
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native WorldMichael Ducy
 
Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velocidex Enterprises
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX, Inc.
 
Docker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessDocker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessLogicworksNY
 
Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalIntel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalDeepak Mane
 
Openstack 101
Openstack 101Openstack 101
Openstack 101Kamesh Pemmaraju
 

Weitere ähnliche Inhalte

Was ist angesagt?

AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenarioAnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenarioRoberto Carratala
 
Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014Vangelis Koukis
 
Managing Microservices at Scale
Managing Microservices at ScaleManaging Microservices at Scale
Managing Microservices at ScalePerforce
 
OpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureOpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureRitesh Somani
 
Using Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveUsing Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveCisco DevNet
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Cheah Eng Soon
 
NGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX, Inc.
 
Making Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce HelixMaking Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce HelixPerforce
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleMofizur Rahman
 
Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618Arnaud Le Hors
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Container Solutions
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native WorldMichael Ducy
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX, Inc.
 
Docker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessDocker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessLogicworksNY
 

Was ist angesagt? (20)

AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenarioAnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
AnsibleFest 2020 - Automate cybersecurity solutions in a cloud native scenario
 
Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014Synnefo @ LinuxCon/CloudOpen North America 2014
Synnefo @ LinuxCon/CloudOpen North America 2014
 
Managing Microservices at Scale
Managing Microservices at ScaleManaging Microservices at Scale
Managing Microservices at Scale
 
OpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and ArchitectureOpenStack- A ringside view of Services and Architecture
OpenStack- A ringside view of Services and Architecture
 
Using Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveUsing Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep dive
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018
 
NGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX Plus R18: What's new
NGINX Plus R18: What's new
 
Making Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce HelixMaking Git Work for the Enterprise Through the Power of Perforce Helix
Making Git Work for the Enterprise Through the Power of Perforce Helix
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at Scale
 
Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618Hyperledger Fabric Technical Deep Dive 20190618
Hyperledger Fabric Technical Deep Dive 20190618
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Microservices: A Security Nightmare?
Microservices: A Security Nightmare?Microservices: A Security Nightmare?
Microservices: A Security Nightmare?
 
DevOps in a Cloud Native World
DevOps in a Cloud Native WorldDevOps in a Cloud Native World
DevOps in a Cloud Native World
 
Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEA
 
Docker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. ServerlessDocker vs. Kubernetes vs. Serverless
Docker vs. Kubernetes vs. Serverless
 

Ähnlich wie Améliorer OpenStack avec les technologies Intel

Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalIntel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalDeepak Mane
 
Cloud Foundry and OpenStack – Marriage Made in Heaven !
Cloud Foundry and OpenStack – Marriage Made in Heaven ! Cloud Foundry and OpenStack – Marriage Made in Heaven !
Cloud Foundry and OpenStack – Marriage Made in Heaven ! Animesh Singh
 
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...VMware Tanzu
 
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...VMware Tanzu
 
OpenStack Block Storage 101
OpenStack Block Storage 101OpenStack Block Storage 101
OpenStack Block Storage 101NetApp
 
Speed up Digital Transformation with Openstack Cloud & Software Defined Storage
Speed up Digital Transformation with Openstack Cloud & Software Defined StorageSpeed up Digital Transformation with Openstack Cloud & Software Defined Storage
Speed up Digital Transformation with Openstack Cloud & Software Defined StorageMatthew Sheppard
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackMicrosoft
 
Introduction to Open stack - An Overview
Introduction to Open stack - An Overview Introduction to Open stack - An Overview
Introduction to Open stack - An Overview SpringPeople
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoLew Tucker
 
Public vs. Private Cloud Performance by Flex
Public vs. Private Cloud Performance by FlexPublic vs. Private Cloud Performance by Flex
Public vs. Private Cloud Performance by FlexStackIQ
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise Cisco Canada
 
Getting Started with OpenStack, Red Hat Summit 2016
Getting Started with OpenStack, Red Hat Summit 2016Getting Started with OpenStack, Red Hat Summit 2016
Getting Started with OpenStack, Red Hat Summit 2016Charles Eckel
 
OpenstackOverview.pdf
OpenstackOverview.pdfOpenstackOverview.pdf
OpenstackOverview.pdfKevinBuck30
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudDatadog
 
KT ucloud storage, by Jaesuk Ahn
KT ucloud storage, by Jaesuk AhnKT ucloud storage, by Jaesuk Ahn
KT ucloud storage, by Jaesuk AhnHui Cheng
 
2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V clouds2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V cloudsppouliot
 

Ähnlich wie Améliorer OpenStack avec les technologies Intel (20)

Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalIntel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-final
 
Openstack 101
Openstack 101Openstack 101
Openstack 101
 
OpenStack 101 update
OpenStack 101 updateOpenStack 101 update
OpenStack 101 update
 
Cloud Foundry and OpenStack – Marriage Made in Heaven !
Cloud Foundry and OpenStack – Marriage Made in Heaven ! Cloud Foundry and OpenStack – Marriage Made in Heaven !
Cloud Foundry and OpenStack – Marriage Made in Heaven !
 
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
 
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
Cloud Foundry and OpenStack - A Marriage Made in Heaven! (Cloud Foundry Summi...
 
OpenStack Block Storage 101
OpenStack Block Storage 101OpenStack Block Storage 101
OpenStack Block Storage 101
 
Speed up Digital Transformation with Openstack Cloud & Software Defined Storage
Speed up Digital Transformation with Openstack Cloud & Software Defined StorageSpeed up Digital Transformation with Openstack Cloud & Software Defined Storage
Speed up Digital Transformation with Openstack Cloud & Software Defined Storage
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: Openstack
 
Introduction to Open stack - An Overview
Introduction to Open stack - An Overview Introduction to Open stack - An Overview
Introduction to Open stack - An Overview
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at Cisco
 
Public vs. Private Cloud Performance by Flex
Public vs. Private Cloud Performance by FlexPublic vs. Private Cloud Performance by Flex
Public vs. Private Cloud Performance by Flex
 
OpenStack Havana Release
OpenStack Havana ReleaseOpenStack Havana Release
OpenStack Havana Release
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise
 
Getting Started with OpenStack, Red Hat Summit 2016
Getting Started with OpenStack, Red Hat Summit 2016Getting Started with OpenStack, Red Hat Summit 2016
Getting Started with OpenStack, Red Hat Summit 2016
 
OpenstackOverview.pdf
OpenstackOverview.pdfOpenstackOverview.pdf
OpenstackOverview.pdf
 
Monitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloudMonitoring kubernetes across data center and cloud
Monitoring kubernetes across data center and cloud
 
KT ucloud storage, by Jaesuk Ahn
KT ucloud storage, by Jaesuk AhnKT ucloud storage, by Jaesuk Ahn
KT ucloud storage, by Jaesuk Ahn
 
Am 02 osac_kt_swift
Am 02 osac_kt_swiftAm 02 osac_kt_swift
Am 02 osac_kt_swift
 
2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V clouds2011 Essex Summit: Openstack/Hyper-V clouds
2011 Essex Summit: Openstack/Hyper-V clouds
 

Mehr von Odinot Stanislas

Silicon Photonics and datacenter
Silicon Photonics and datacenterSilicon Photonics and datacenter
Silicon Photonics and datacenterOdinot Stanislas
 
Using a Field Programmable Gate Array to Accelerate Application Performance
Using a Field Programmable Gate Array to Accelerate Application PerformanceUsing a Field Programmable Gate Array to Accelerate Application Performance
Using a Field Programmable Gate Array to Accelerate Application PerformanceOdinot Stanislas
 
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...Odinot Stanislas
 
SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining Odinot Stanislas
 
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...Odinot Stanislas
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 
PCI Express* based Storage: Data Center NVM Express* Platform Topologies
PCI Express* based Storage: Data Center NVM Express* Platform TopologiesPCI Express* based Storage: Data Center NVM Express* Platform Topologies
PCI Express* based Storage: Data Center NVM Express* Platform TopologiesOdinot Stanislas
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Software Defined Storage - Open Framework and Intel® Architecture Technologies
Software Defined Storage - Open Framework and Intel® Architecture TechnologiesSoftware Defined Storage - Open Framework and Intel® Architecture Technologies
Software Defined Storage - Open Framework and Intel® Architecture TechnologiesOdinot Stanislas
 
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Odinot Stanislas
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
Moving to PCI Express based SSD with NVM Express
Moving to PCI Express based SSD with NVM ExpressMoving to PCI Express based SSD with NVM Express
Moving to PCI Express based SSD with NVM ExpressOdinot Stanislas
 
Intel Cloud Builder : Siveo
Intel Cloud Builder : SiveoIntel Cloud Builder : Siveo
Intel Cloud Builder : SiveoOdinot Stanislas
 
Configuration and deployment guide for SWIFT on Intel Architecture
Configuration and deployment guide for SWIFT on Intel ArchitectureConfiguration and deployment guide for SWIFT on Intel Architecture
Configuration and deployment guide for SWIFT on Intel ArchitectureOdinot Stanislas
 
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?Odinot Stanislas
 
Configuration and Deployment Guide For Memcached on Intel® Architecture
Configuration and Deployment Guide For Memcached on Intel® ArchitectureConfiguration and Deployment Guide For Memcached on Intel® Architecture
Configuration and Deployment Guide For Memcached on Intel® ArchitectureOdinot Stanislas
 
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...Odinot Stanislas
 
Big Data and Intel® Intelligent Systems Solution for Intelligent transportation
Big Data and Intel® Intelligent Systems Solution for Intelligent transportationBig Data and Intel® Intelligent Systems Solution for Intelligent transportation
Big Data and Intel® Intelligent Systems Solution for Intelligent transportationOdinot Stanislas
 
Big Data Solutions for Healthcare
Big Data Solutions for HealthcareBig Data Solutions for Healthcare
Big Data Solutions for HealthcareOdinot Stanislas
 
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Odinot Stanislas
 

Mehr von Odinot Stanislas (20)

Silicon Photonics and datacenter
Silicon Photonics and datacenterSilicon Photonics and datacenter
Silicon Photonics and datacenter
 
Using a Field Programmable Gate Array to Accelerate Application Performance
Using a Field Programmable Gate Array to Accelerate Application PerformanceUsing a Field Programmable Gate Array to Accelerate Application Performance
Using a Field Programmable Gate Array to Accelerate Application Performance
 
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...
Hands-on Lab: How to Unleash Your Storage Performance by Using NVM Express™ B...
 
SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining
 
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)
 
PCI Express* based Storage: Data Center NVM Express* Platform Topologies
PCI Express* based Storage: Data Center NVM Express* Platform TopologiesPCI Express* based Storage: Data Center NVM Express* Platform Topologies
PCI Express* based Storage: Data Center NVM Express* Platform Topologies
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
 
Software Defined Storage - Open Framework and Intel® Architecture Technologies
Software Defined Storage - Open Framework and Intel® Architecture TechnologiesSoftware Defined Storage - Open Framework and Intel® Architecture Technologies
Software Defined Storage - Open Framework and Intel® Architecture Technologies
 
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
 
Moving to PCI Express based SSD with NVM Express
Moving to PCI Express based SSD with NVM ExpressMoving to PCI Express based SSD with NVM Express
Moving to PCI Express based SSD with NVM Express
 
Intel Cloud Builder : Siveo
Intel Cloud Builder : SiveoIntel Cloud Builder : Siveo
Intel Cloud Builder : Siveo
 
Configuration and deployment guide for SWIFT on Intel Architecture
Configuration and deployment guide for SWIFT on Intel ArchitectureConfiguration and deployment guide for SWIFT on Intel Architecture
Configuration and deployment guide for SWIFT on Intel Architecture
 
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
 
Configuration and Deployment Guide For Memcached on Intel® Architecture
Configuration and Deployment Guide For Memcached on Intel® ArchitectureConfiguration and Deployment Guide For Memcached on Intel® Architecture
Configuration and Deployment Guide For Memcached on Intel® Architecture
 
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...
Scale-out Storage on Intel® Architecture Based Platforms: Characterizing and ...
 
Big Data and Intel® Intelligent Systems Solution for Intelligent transportation
Big Data and Intel® Intelligent Systems Solution for Intelligent transportationBig Data and Intel® Intelligent Systems Solution for Intelligent transportation
Big Data and Intel® Intelligent Systems Solution for Intelligent transportation
 
Big Data Solutions for Healthcare
Big Data Solutions for HealthcareBig Data Solutions for Healthcare
Big Data Solutions for Healthcare
 
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
Protect Your Big Data with Intel<sup>®</sup> Xeon<sup>®</sup> Processors a..
 

Kürzlich hochgeladen

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 

Kürzlich hochgeladen (20)

Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 

Améliorer OpenStack avec les technologies Intel

  • 1. 1 Enhancing OpenStack* with Intel® Technologies for Public, Private and Hybrid Cloud Girish Gopal – Strategic Planning, Intel Corporation Malini Bhandaru – Security Architect, Intel Corporation EDCS003
  • 2. 2 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 3. 3 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 4. 4 Intel Enables OpenStack* Cloud Deployments Contributions Intel IT Open Cloud Intel® Cloud Builders • Across OpenStack projects plus tools released to Open Source • Top 10 contributor to Grizzly and Havana releases1 • Optimizations, validation and patches • Intel IT Open Cloud with OpenStack • Deliver Consumable Services • Automated Management of Cloud • Collection of best practices • Intel IT Open Cloud Reference Arch • Share best practices with IT and CSPs 1Source: stackalytics.com
  • 5. 5 OpenStack* Architecture Identity (Keystone) Authentication and authorization for services Object Storage (Swift) Allows you to store or retrieve files Image (Glance) Catalog and repository for virtual disk images Dashboard (Horizon) Modular web-based user interface for all services Compute (Nova) Provides virtual servers upon demand Networking (Neutron) Provides "network connectivity as a service" Block Storage (Cinder) Provides persistent block storage to guest VMs Heat Orchestrate multiple composite cloud applications Ceilometer Collect measurements for metering and monitoring New Components in Havana
  • 6. 6 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute – Trust – Security – Enhanced Platform Awareness (EPA) • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 7. 7 Trusted Compute Pools (TCP) Enhance visibility, control and compliance - Key IT concerns (61%, 55% and 57% respectively1) • TCP Solution - Place workloads & VMs in trusted pools of virtualized servers - Trusted Computing Group Compliant Platform (TPM) - Intel® Xeon® processor initiates a trusted boot - OpenStack* Folsom release or later - Policy Engine / Console - Trust level of VM specified as Trusted  Compute (Nova) – Trust Filter  Dashboard (Horizon) – Trust Filter UI - Open Attestation (OAT) SDK  https://github.com/OpenAttestation/OpenAttestation • Core technologies - Intel® Trusted Execution Technology - Intel® Virtualization Technology FlexMigration 1source: McCann “what’s holding the cloud back?” cloud security global IT survey, sponsored by Intel, May 2012 Trust TCP is enabled in OpenStack (Folsom release) • Vendors: Bundle OAT into your OpenStack offering • Providers/IT: Implement TCP in your OpenStack Cloud • Users: Request and deploy VMs on Trusted nodes
  • 8. 8 Trusted Compute Pools with Geo-Tagging Use asset descriptor information to control virtual workloads - E.g., Enforce policies to control migration or bursting to trusted systems in specific geographical locations • Enhance OpenStack* services - Dashboard – display VM/storage geo - Flavor – Geo for VM Instances and Storage - Aggregate filter - Geo attestation service - Configure geo attestation service - Provision geo certificate for trusted machines Provide feedback, use cases Trust
  • 9. 9
  • 10. 10
  • 11. 11 Key Management Facilitates server-side encryption; Data-at-rest security Enables new use cases and users, e.g., compliance • Random Key generation - Intel® Secure Key: true randomness important • Secure Storage – keys encrypted with a master key • Access controlled - Identity - Keystone and access policies • Audit logging - create/delete/use • High availability • Pluggable backend – HSM, TPM Security Encryption Keys : Create, Store, Protect, and Ready Access
  • 12. 12 OpenStack* Key Manager Key management as separate service; prototype in Havana, incubation in Icehouse release of OpenStack* Secure OpenStack Clouds • Encrypt volumes, objects and communications Status and Next Steps • Barbican Key Manager: - https://github.com/cloudkeep/barbican • Integration with OpenStack authentication and authorization system • Immediate: Provide volume/block encryption Future • Creation and certification of public-private key pairs • Software support for periodic background tasks • Client component that can work against HSM • Examine KMIP • Leverage AES-XTS to enhance performance Building Blocks • Trusted Platform Module • Intel® Secure Key • Intel® AES-NI • New instructions and wider registers Security Intel® AES-NI = Intel® Advanced Encryption Standard New Instructions
  • 13. 13 OpenStack* Security Guide http://docs.openstack.org/sec/ • OpenStack* services • Public and Private clouds • Security domains and bridges • Layered security • Secure node bootstrapping and hardening • Secure intra-service communication • Database security • Hypervisor selection • Trusted machine images • VM Migration • Logging • Identity management • Access control • Compliance & Audit Help update the Security Guide Security
  • 14. 14 CPU Features Exposure Allows OpenStack* to have a greater awareness of the capabilities of the hardware platforms • Expose CPU features to OpenStack Nova scheduler • Use ComputeCapabilities filter to select hosts with required features - Security workload could run faster & more securely with Intel® AES-NI • Enables premium flavors - Enhanced capabilities for cloud customers - Enhanced revenue for cloud providers Intel® AES-NI = Intel® Advanced Encryption Standard New Instructions Image (Glance) Import host capabilities request via VM metadata Dashboard (Horizon) Expose Compute (Nova) Host capabilities discovery, reporting and filter enhancements Targeted for Havana and future OpenStack releases EPA
  • 15. 15 PCI Express* (PCIe* ) Accelerator Exposure • OpenStack* updates to enable PCI Express* (PCIe*) Accelerators – Solution based on libvirt and KVM – Add PCIe device info to the libvirt driver – Extend Nova Scheduler to handle PCIe device allocation – Configure the VM for Deployment • Status – Code released to the community – Not yet integrated into the Havana release mainline – NIC SR-IOV Virtual Function allocation to a VM possible  Not a recommended use case  Additional OpenStack updates necessary for a robust solution Leverage PCI Express Accelerators to gain performance • Crypto speed-up, hardware-based trust, faster I/O SR-IOV = Single Root I/O Virtualization EPA
  • 16. 16 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage – Intelligent Volume Scheduling – Erasure Code – COSBench • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 17. 17 Intelligent Volume Scheduling - OpenStack* Cinder Maximize block storage efficiency by intelligently allocating volume based on workload and type of service required Example: Differentiated Service with Different Storage Backends • CSP: 3 different storage systems, offers 4 levels of volume services • Volume service criteria dictates which storage system can be used • Filter scheduler allows CSP to name storage services and allocate correct volume Intelligent Volume Scheduling is enabled in OpenStack* (Grizzly release)
  • 18. 18 Erasure Code for OpenStack* Swift Access Tier (Concurrency) Capacity Tier (Storage) Clients Tri-replication pathErasure code path Saves disk space, does not impact QoS for hot objects • Swift uses tri-replication today (3x storage) • Add daemon on storage node • Scans all existing objects offline • Selects cold objects of large enough size • Replaces tri-replication algorithm with erasure code Collaborate on Erasure Code • CLDS007: “OpenStack Swift Erasure Code: A Smart Cloud Storage Solution“ Wednesday, 5PM, Rm 2005 • https://blueprints.launchpad.net/swift/+spec/swift-ec
  • 19. 19 Introducing COSBench An Open Source Intel developed benchmarking tool to measure Cloud Object Storage (e.g., OpenStack* Swift) performance • Compare performance of cloud object stores • Evaluate internal options for software stacks • Identify bottlenecks and tune performance • Pluggable adaptors for different storage systems • Web-based UI • Real-time performance monitoring Throughput Response Time Bandwidth Success Ratio Download, Evaluate, Contribute https://github.com/intel-cloud/cosbench
  • 20. 20 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking – Intel® Open Network Platform • Enhancing OpenStack Data Collection • Intel® IT Open Cloud • Summary and Next Steps
  • 21. 21 Intel® Open Network Platform (ONP), OpenStack* and SDN/NFV Framework Node NodeNode Node NodeNode Controller Controller OpenStack (Orchestrator) Network Applications Northbound API Southbound API e.g., OpenFlow*, Open vSwitch Network Appliance TOR Switch Cloud Server Virtual Switch EPC Media Gateway Neutron SDN/NFV; Software Defined Networking/Network Functions Virtualization Intel® ONP Switch Reference Design Intel ONP Server Reference Design Learn more about Intel ONP • CLDS006: “Extending Open Networking Platform (ONP) for the Next Generation Server Architectures“ Wednesday, 3:45PM, Rm 2005
  • 22. 22 Agenda • Intel and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection – Multiple Publisher Support – Intelligent Workload Scheduling • Intel® IT Open Cloud • Summary and Next Steps
  • 23. 23 Data Collection for Monitoring: Multiple Publisher (Ceilometer) Data Collector Transformer Pipeline Manager Transformer Metering Monitoring Publisher Publisher Publisher Transformer Facilitates transformation and publishing of metered data for consumption by various targets • Send/publish collected measurements to different endpoint/utility through different conduits with different format • Provides ability to store collected data in different data stores Targeted for OpenStack* Havana release • Create/add plugs-ins to store data in your own data stores
  • 24. 24 Data Collection for Efficiency: Intelligent Workload Scheduling Enhanced usage statistics allow advanced scheduling decisions • Pluggable metric data collecting framework - Collects data via plug-ins - Sends data to notification bus for use by other OpenStack* components • Compute (Nova) - New filters / weighers for utilization-based scheduling Targeted for OpenStack* Havana release • Utilize pluggable framework to create/add your own plugs-ins to monitor network
  • 25. 25 Agenda • Intel® and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 26. 26 Intel IT Open Cloud • 77% Virtualized • 80% of new servers in the Cloud • Under 1 hour to deploy Infrastructure • Small number of SaaS apps in usage • Savings realized to date: $21M • Land Applications in minutes • Automation: lower cost w/ less resources • Open Cloud for bursting capacity • SaaS for non-differentiated apps (e.g. email) Today: Large Private Cloud, Limited Public Cloud Tomorrow: Hybrid Cloud Learn more on Intel IT Open Cloud • CLDS004 “Intel IT Open Cloud – What’s Under the Hood, and How Do We Drive It?” Wednesday, 5PM, Rm 2001
  • 27. 27 Agenda • Intel® and OpenStack* • Enhancing OpenStack Compute • Enhancing OpenStack Storage • Enhancing OpenStack Networking • Enhancing OpenStack Data Collection • Intel IT Open Cloud • Summary and Next Steps
  • 28. 28 Summary: Intel® Technologies & Solutions for OpenStack* Release Trusted Compute Pools (TCP) TCP With Geotagging • Place workloads and VMs in trusted pools of virtualized servers • Determine and control location of sensitive data in the cloud • Intel® TXT, Intel® VT FlexMigration Folsom Icehouse Key Manager • Manager for symmetric and public/private keys, certificates • Intel® AES-NI, Intel® Secure Key Havana/ Icehouse Enhanced Platform Awareness • Levering PCIe accelerator devices in cloud infrastructure, and enabling access to Intel® 64 instruction set extensions • Intel® QuickAssist, Intel AES-NI, Intel® AVX, AVX2, Intel® SSE4, Intel Secure Key Havana Erasure Code • Replacing tri-replication algorithm in Swift Havana Intelligent Volume Scheduling • Allocate block storage type of service required Grizzly Multiple Publisher • Transformation & publishing of metered data Havana Data Collection for Efficiency • Usage statistics for scheduling decisions Havana Open Network Platform • Framework for SDN/NFV • Intel® VT-d, Intel® DPDK, Intel® DDIO Open Attestation SDK • Remote attestation service for TCP Open Source COSBench • Object store performance characterization tool Open Source Intel® TXT = Intel® Trusted Execution Technology; Intel® VT = Intel® Virtualization Technology; Intel® AES-NI = Intel® Advanced Encryption Standard – New Instructions; Intel® AVX = Intel® Advanced Vector Extensions; Intel® VT-d = Intel® Virtualization for Directed I/O; Intel® DPDK = Intel® Data Plane Development Kit; Intel® DDIO = Intel® Data Direct I/O
  • 29. 29 Read, Download, Get Involved • Compute - Open Attestation SDK: https://github.com/OpenAttestation/OpenAttestation - OpenStack* on Intel® TXT (Fedora*): https://fedoraproject.org/wiki/OpenStackOnTXT - Mechanisms to Protect Data in the Open Cloud: http://download- software.intel.com/sites/default/files/Intel_TXT_Open_Cloud_Security_Final_Web.pdf • Storage - COSBench: https://github.com/intel-cloud/cosbench • Networking - Intel® Open Network Platform: http://www.intel.com/content/www/us/en/switch-silicon/open-network-platform.html • Intel IT use of OpenStack - Accelerating Deployment of Cloud Services Using Open Source Software: http://www.intel.com/content/dam/www/public/us/en/documents/best- practices/accelerating-deployment-of-cloud-services-using-open-source-software.pdf Intel® Trusted Execution Technology (Intel® TXT)
  • 30. 30 Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm Intel, Xeon, Look Inside and the Intel logo are trademarks of Intel Corporation in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright ©2013 Intel Corporation.
  • 31. 31 Legal Disclaimer • Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see Intel® Advanced Encryption Standard Instructions (AES-NI). • Built-In Security: No computer system can provide absolute security under all conditions. Built-in security features available on select Intel® processors may require additional software, hardware, services and/or an Internet connection. Results may vary depending upon configuration. Consult your system manufacturer for more details. For more information, see http://security-center.intel.com/. • Intel® 64 architecture requires a system with a 64-bit enabled processor, chipset, BIOS and software. Performance will vary depending on the specific hardware and software you use. Consult your PC manufacturer for more information. For more information, visit http://www.intel.com/info/em64t. • Intel® Secure Key Technology: No system can provide absolute security. Requires an Intel® Secure Key-enabled platform, available on select Intel® processors, and software optimized to support Intel Secure Key. Consult your system manufacturer for more information • Intel® Trusted Execution Technology (Intel® TXT): No computer system can provide absolute security under all conditions. Intel® TXT requires a computer with Intel® Virtualization Technology, an Intel TXT enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security. • Trusted Platform Module (TPM): The original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM functionality must be initialized and may not be available in all countries. • Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, and virtual machine monitor (VMM). Functionality, performance or other benefits will vary depending on hardware and software configurations. Software applications may not be compatible with all operating systems. Consult your PC manufacturer. For more information, visit http://www.intel.com/go/virtualization.
  • 32. 32 Risk Factors The above statements and any others in this document that refer to plans and expectations for the third quarter, the year and the future are forward-looking statements that involve a number of risks and uncertainties. Words such as “anticipates,” “expects,” “intends,” “plans,” “believes,” “seeks,” “estimates,” “may,” “will,” “should” and their variations identify forward-looking statements. Statements that refer to or are based on projections, uncertain events or assumptions also identify forward-looking statements. Many factors could affect Intel’s actual results, and variances from Intel’s current expectations regarding such factors could cause actual results to differ materially from those expressed in these forward-looking statements. Intel presently considers the following to be the important factors that could cause actual results to differ materially from the company’s expectations. Demand could be different from Intel's expectations due to factors including changes in business and economic conditions; customer acceptance of Intel’s and competitors’ products; supply constraints and other disruptions affecting customers; changes in customer order patterns including order cancellations; and changes in the level of inventory at customers. Uncertainty in global economic and financial conditions poses a risk that consumers and businesses may defer purchases in response to negative financial events, which could negatively affect product demand and other related matters. Intel operates in intensely competitive industries that are characterized by a high percentage of costs that are fixed or difficult to reduce in the short term and product demand that is highly variable and difficult to forecast. Revenue and the gross margin percentage are affected by the timing of Intel product introductions and the demand for and market acceptance of Intel's products; actions taken by Intel's competitors, including product offerings and introductions, marketing programs and pricing pressures and Intel’s response to such actions; and Intel’s ability to respond quickly to technological developments and to incorporate new features into its products. The gross margin percentage could vary significantly from expectations based on capacity utilization; variations in inventory valuation, including variations related to the timing of qualifying products for sale; changes in revenue levels; segment product mix; the timing and execution of the manufacturing ramp and associated costs; start-up costs; excess or obsolete inventory; changes in unit costs; defects or disruptions in the supply of materials or resources; product manufacturing quality/yields; and impairments of long-lived assets, including manufacturing, assembly/test and intangible assets. Intel's results could be affected by adverse economic, social, political and physical/infrastructure conditions in countries where Intel, its customers or its suppliers operate, including military conflict and other security risks, natural disasters, infrastructure disruptions, health concerns and fluctuations in currency exchange rates. Expenses, particularly certain marketing and compensation expenses, as well as restructuring and asset impairment charges, vary depending on the level of demand for Intel's products and the level of revenue and profits. Intel’s results could be affected by the timing of closing of acquisitions and divestitures. Intel's results could be affected by adverse effects associated with product defects and errata (deviations from published specifications), and by litigation or regulatory matters involving intellectual property, stockholder, consumer, antitrust, disclosure and other issues, such as the litigation and regulatory matters described in Intel's SEC reports. An unfavorable ruling could include monetary damages or an injunction prohibiting Intel from manufacturing or selling one or more products, precluding particular business practices, impacting Intel’s ability to design its products, or requiring other remedies such as compulsory licensing of intellectual property. A detailed discussion of these and other factors that could affect Intel’s results is included in Intel’s SEC filings, including the company’s most recent reports on Form 10-Q, Form 10-K and earnings release. Rev. 7/17/13
  • 34. 34 Trusted Geolocation Preview • Determine and control location of server with sensitive information in the cloud • Server location information added to server root of trust • Three main phases: 1. Platform Attestation and Safe Hypervisor launch 2. Trust-based Secure Migration 3. Trust- and Geolocation-based Secure Migration
  • 35. 35 Key-Manager Cinder Keys Glance Keys OpenStack Service Swift/Cinder/ Glance/Keystone ) TPM Key Creation and Storage Random Number Generator (keys random) Storage (master keys) put(key-id, enc-key-str) get(key-id) enc_key_str success Keystone Keys Swift Keys <key-id, enc-key-str, descriptors> Swift authentication token, access Swift keys Descriptors Creation-time, Expire-time, Num-uses, Type: public/private/ symmetric/unknown (encrypted) communication Formatter KMIP
  • 36. 36 Implementation Example ONP Switch ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC CDN CDN Billing ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC vEPC vEPC Forecast ONP Server OS / Hypervisor DPDK Accelerated Open vSwitch vEPC vEPC CDN Analytics Controller