With our OpenStack you get a virtual data center where you are in full control of all your resources, this is Infrastructure as a Service.
OpenStack is our Infrastructure as a Service (IaaS). With this service you get a complete virtual data center where you choose how you want to set up your resources. Everything from networks, storage, firewalls and servers to encryption and operating systems fully automated.
The platform is built to handle large data volumes and high requirements on security and availability. We offer one region here in Sweden that consists of three accessibility zones (AZ) which are three completely separate data centers located at disaster-safe distance from each other (20km).
We want our customers to take advantage of the redundancy that exists in the platform by building solutions that are redundant between our accessibility zones. Then it will be really good. :)
Our OpenStack service is built with the open source project OpenStack which is a cloud operating system that manages large pools of computer, storage and network resources that are all managed and provided via APIs. Our OpenStack platform is tested and validated by the OpenStack foundation.
There are a large number of components in OpenStack and below we describe the ones that are available in our platform and how we have implemented them.
Nova handles all computer resources which in our case are virtual machines based on kvm and these machines are called Instances. There are a number of models of instances called Flavors. Flavors describe how much CPU memory and disk that an Instance gets as well as what type of hardware they are running on. Our standard Flavors are run on shared nodes and we have dedicated flavors that run on dedicated hardware for just that instance. When you create your instance, you can choose which availability zone to run in.
There are two different types of boot disks, either with a disk that is only called boot disk which runs on a local SSD disk on the server hardware where the instance is running or on a volume that runs on a central storage cluster. There are drawbacks and advantages to both types.
- Boot disk is faster than volume.
- Boot disk has a fixed size that cannot be changed (unless you change Flavor)
- Volume can be redirected to other server hardware, which means that an instance can be moved at scheduled service windows or if a server hardware would break.
Neutron manages the network and firewalls. We have spent a lot of time on designing and building our network to make it redundant and scalable across our three data centers. One goal has been that traffic should always take the shortest route and not have to be sent back and forth between our data centers. We have solved this by using a fully distributed design for all network functions. NAT, firewall, DHCP and metadata are local to each server hardware and all routing is handled with anycast routing on the switch that is in the same rack where the instance is running.
In terms of capacity, we have at least 2x100Gb links between our switches and 2x10Gb or 2x25Gb to our servers. Between our data centers we have a high capacity and low delay fiber ring, 0.5ms round trip.
You create the necessary networks, subnets, routers and Security Groups (firewall rules) and you choose the addresses you want to use.
Glance handles disk images, operating system images are most common. We provide a number of different operating system images that are updated automatically once a month. If we do not provide an image for the operating system you want to use or want to build your own custom version, you can upload your own image. Glance stores its images in Swift.
Cinder handles storage volumes and you can connect one or more volumes to an instance. A Volume is a disk from a central storage cluster. We have one Storage Cluster per data center and when you map a Volume to an Instance the Volume and Instance must be running in the same availability zone.
We offer different volume types that control how fast a volume is and whether it is encrypted or not. You can change the type and you can also resize an existing volume. For data protection, there are snapshots that store a copy of a volume in the same storage system and there are backups that take an image copy of the volume and store it in Glance.
Swift is an object storage service where you can store large amounts of data in a secure and cost-effective way. Ideal for images, documents, backups and other types of static files. An object uploaded in Swift is stored in three copies, one copy in each data center.
Barbican is a service for storing and managing secrets. For example, a secret can be a certificate, an encryption key or a password. The secrets are stored in an HSM (Hardware Security Module) cluster that has a node in each data center. Other modules in OpenStack are used by Barbican to store secrets. Cinder stores encryption keys for encrypted volumes and Octavia stores SSL certificates.
Octavia is a load balancing service used when you have multiple instances over which you can spread the load. Octavia has HTTP L7 support and you can terminate SSL in the load balancer. When you create a load balancer, two instances are built that are redundant for each other active / passive.
Heat is OpenStack's service for orchestrating your resources. Heat also supports auto-scaling of resources. We ourselves do not work as much with Heat as the service is specific to OpenStack. We use and usually recommend using Terraform Terraform instead as it works with several different platforms and services from the same tool.
Ceilometer collects and stores information on how all resources in the platform are used. This data is used for billing and auto-scaling of resources.
We use this module to calculate the cost of the services used in the platform. It is largely based on data on resources usage data in Ceilometer and calculates the cost based on our price lists. We measure and charge per hour.