Cloud stack vs openstack vs eucalyptus comparison

1. CloudStack vs OpenStack vs
Eucalyptus
IaaS Private Cloud Brief Comparison

2. public iaas private iaas

3. CloudStack Eucalyptus OpenStack
Architecture
Installation
Administration
Security
High Availability

6. Zone
Pod
Cluster
Host
Primary storage
Secondary storage

7. CloudStack installation
Build physical network, storage nodes, hypervisors
Unzip cloudstack .tar.gz, run install.sh
(yum install cloudstack mysql)
Cloud-bridge RPM
Set up NFS shares (primary/secondary storage)
Download system & user templates
Database schema setup
UI-based cloud launch
See also http://www.bizalgo.com/2012/07/08/making-cloudstack-quick-install-quicker/

10. ec2-add-keypair mykey
ec2-add-group grp1
ec2-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0
ec2-run-instances ami-123456 --instance-count 1
--instance-type m1.small --key mykey --group grp1
ec2 API
script
CloudBridg
e
(awsapi)
?comand=createSSHKeyPair&name=mykey
?comand=createSecurityGroup&name=grp1
?comand=authorizeSecurityGroupIngress
&securitygroupname=grp1
&startport=22&endport=22&cidrList=0.0.0.0/0
?comand=deployVirtualMachine
&serviceofferingid=m1smallid&templateid=ami123456id
&zoneid=1&keypair=mykey&group=grp1
CloudStack
REST API

11. baseline security:
VLAN/Firewall
VLAN 1
outgress
ingress
tenant1
VM
Custome
r
financial
s
virtual
router
switch
VLAN 2
tenant2
Marketing
apps
outgress
ingress
VM
virtual
router

12. CloudStack high availability
CloudStack
#1
CloudStack
#2
CloudStack
#3
mysql
#2
VM
VM
VM
VM
dom0
Hypervisor
VM
VM
VM
VM
Primary
storage
Secondary
storage
VM
VM
VM
VM
dom0
Hypervisor
VM
VM
VM
VM
mysql
#1

13. CloudStack high availability
CloudStack
#1
CloudStack
#2
CloudStack
#3
mysql
#2
mysql
#1
Load balanced
multi-node
Management Server
Replicated database
for disaster recovery

14. CloudStack
Architecture
Monolithic controller. Datacenter
model, not object storage.
Installation Fewest parts to install. RPM needed.
Administration Good web UI; a belated script CLI
Security Baseline vlan/firewall vm protection
High Availability Load-balanced multi-node controller

16. Cloud
Controller
(CLC)
WalrusCloud
Cluster
Controller
(CC)
Storage
Controller
(SC)
Cluster
(Availability Zone)
Node
Controller
VM VM
Node
Controller
VM VM
Node
Controller
VM VM
Nodes

18. Eucalyptus installation
Build physical network, storage nodes, hypervisors
Open firewall ports on cloud component nodes
(CLC to Walrus, CC to NC, etc)
Setup yum/dpkg repositories (eucalyptus.repo)
RPM/apt-get installation of eucalyptus components
Configure eucalyptus.conf
euca_conf: create postgres db
Register components and arbitrators
HA: configure DRBD

19. Web UI does NOT control
guest instances!
Use euca2ools CLI instead.
(Or RightScale/enStratus)

20. ec2-add-keypair mykey
ec2-add-group grp1
ec2-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0
ec2-run-instances ami-123456 --instance-count 1
--instance-type m1.small --key mykey --group grp1
ec2 API
script
euca-add-keypair mykey
euca-add-group grp1
euca-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0
euca-run-instances ami-123456 --instance-count
1
--instance-type m1.small --key mykey --group grp1
equivalent
euca2ool
script
euca2ools

21. Eucalyptus security
The CloudStack baseline
(VLAN, API PKI, VM SSH)
Component registration
(since not monolithic)
…and…

22. Eucalyptus high availability
Primary/secondary CLC, Walrus, SC, CC
NC and VM instances
are disposable

23. Eucalyptus high availability
Failover, NOT load balancing
Eight controller machines at cloud/cluster level
Storage redundancy relies on SAN vendor
Arbitrators monitor connectivity
to CLC, Walrus, CC

24. Eucalyptus
Architecture Five main components. AWS clone
Installation Nice RPM/DEB, still medium effort
Administration Strong CLI compatible with EC2 API
Security Baseline + component registration
High Availability
Primary/secondary component
failover

26. nova-api
rabbit-mq
nova-compute
nova-volume
nova-network
nova-scheduler
VM
VM
VM
VM
VM
VM
hypervisor swift-account
swift-container
swift-object
swift-proxy
glance-control
glance-registry
horizon
keystone: identity, token, catalog, policy
rdbms
OpenStack services

27. OpenStack installation
Build physical network, storage nodes, hypervisors
KEYSTONE setup
Install keystone, reconfigure from sqlite to mysql
Manually create keystone database, init the service
Define tenants, users, roles; run keystone-init.py
Define swift filter in keystone.conf
Populate keystone service catalog from database
Verify keystone with openssl
GLANCE setup
Install glance, reconfigure from sqlite to mysql
Manually create glance database
Configure glance-api-paste.ini, glance-registry.conf
Populate glance database, restart services
Verify glance by uploading a test image
NOVA setup
Install nova and dependencies
Manually create nova database
Configure hypervisor, database, keystone in nova.conf
Populate nova database, restart services
Create nova network bridge interface for guest vms
Configure openrc file with CLI credentials
Download real vm image, upload to glance registry
Define security group, keypair, start an instance
SWIFT STORAGE setup
Do the following for each storage node.
Install swift account, container, object
Make XFS filesystem on each disk partition
Configure rsync
Configure swift account, container, object servers
Start storage services
SWIFT PROXY setup
Install swift proxy
Create SSL certificate
Configure memcached to listen on proxy local ip address
Configure keystone admin token
Create proxy server conf
Run swift ring builder for account, container, object rings
Enumerate storage devices on each ring
Verify and rebalance the rings
Start proxy services
HORIZON setup
Install apache and horizon dashboard
Manually create horizon database
Populate horizon database
Restart services

29. OpenStack administration
euca2ools work here!
OpenStack CLI
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova secgroup-create grp1 "my security group"
nova secgroup-add-rule grp1 tcp 22 22 192.168.1.1/0
nova boot --flavor 2 --image f4addd24-4e8a-46bb-
b15d-fae2591f1a35 --key_name mykey
--security_group grp1 i-123456
euca-run-instances ami-123456 --instance-count 1
--instance-type m1.small --key mykey --group grp1

30. Keystone security
client
servic
e
keystone
(1) authenticate (2) token
(3) service request with token
(4) check token (5) authorize
(6) authorized service response

31. which services offer HA?
nova-api
rabbit-mq
nova-compute
nova-volume
nova-network
nova-scheduler
VM
VM
VM
VM
VM
VM
hypervisor swift-account
swift-container
swift-object
swift-proxy
glance-control
glance-registry
horizon
keystone: identity, token, catalog, policy
rdbms

32. which services offer HA?
rabbit-mq
nova-network
swift-container
swift-object
rdbms
Run one per hypervisor
(i.e. you manage HA yourself)
"The Ring": disk replication
(not redundant service pids)
swift-account

33. Swift: The Ring (HA)
disk
partition
partition
partition
partition
disk
partition
partition
partition
partition
disk
partition
partition
partition
partition
disk
partition
partition
partition
partition
object 12345
Three replicas of
each object.

34. OpenStack
Architecture Fragmented into lots of pieces
Installation Difficult: many choices, not enough
automation
Administration Web UI, euca2ools, native CLI.
Security Baseline + Keystone
High Availability Swift Ring, otherwise manual effort

35. CloudStack Eucalyptus OpenStack
Architecture Monolithic 5 part, AWS Fragments
Installation Medium Medium Difficult
Administration UI, EC2 CLI EC2 CLI Multi CLI
Security Baseline Registered Keystone
High Availability LB multi 2x failover Swift only