OpenStackIaaS

OpenStack is our Infrastructure as a Service (IaaS). With this service you get a complete virtual data center where you choose how you want to set up your resources. Everything from networks, storage, firewalls and servers to encryption and operating systems are fully automated.

The platform is built to handle large data volumes and high requirements on security and availability. We offer one region here in Sweden that consists of three accessibility zones (AZ) which are three completely separate data centers located at disaster-safe distance from each other (20km).

We want our customers to take advantage of the redundancy that exists in the platform. By developing solutions that utilize all three availability zones our customers make a strategic choice to focus on security as well as availability.

Our OpenStack service is built with the open source project OpenStack which is a cloud operating system that manages large pools of computer, storage and network resources that are all managed and provided via APIs. Our OpenStack platform is tested and validated by the OpenStack foundation.

There are a large number of components in OpenStack and below we describe the ones that are available in our platform and how we have implemented them.

Computer Resources(Nova)

Nova handles all computer resources which in our case are virtual machines based on kvm and these machines are called Instances. There are a number of models of instances called Flavors. Flavors describe how much CPU memory and disk that an Instance gets as well as what type of hardware they are running on. Our standard Flavors are run on shared nodes and we have dedicated flavors that run on dedicated hardware for just that instance. When you create your instance, you can choose which availability zone to run in.

There are two different types of boot disks, either with a disk that is only called boot disk which runs on a local SSD disk on the server hardware where the instance is running or on a volume that runs on a central storage cluster. There are drawbacks and advantages to both types.

• Boot disk is faster than volume.
• Boot disk has a fixed size that cannot be changed (unless you change Flavor)
• Volume can be redirected to other server hardware, which means that an instance can be moved at scheduled service windows or if a server hardware would break.

GPU

If you have Artificial Intelligence (AI), data analytics, or High Performance Computing (HPC) workloads, we have one GPU (Graphics Processing Unit) flavor that enable you to run these workloads quickly and efficiently. We utilize leading GPUs based on the NVIDIA Ampere architecture, designed to deliver high performance in data center environments.

Network(Neutron)

Neutron manages the network and firewalls. We have spent a lot of time on designing and building our network to make it redundant and scalable across our three data centers. One goal has been that traffic should always take the shortest route and not have to be sent back and forth between our data centers. We have solved this by using a fully distributed design for all network functions. NAT, firewall, DHCP and metadata are local to each server hardware and all routing is handled with anycast routing on the switch that is in the same rack where the instance is running.

In terms of capacity, we have at least 2x100Gb links between our switches and 2x10Gb or 2x25Gb to our servers. Between our data centers we have a high capacity and low delay fiber ring, 0.5ms round trip.

You create the necessary networks, subnets, routers and Security Groups (firewall rules) and you choose the addresses you want to use.

Disk image(Glance)

Glance handles disk images, operating system images are most common. We provide a number of different operating system images that are updated automatically once a month. If we do not provide an image for the operating system you want to use or want to build your own custom version, you can upload your own image. Glance stores its images in Swift.

Volume(Cinder)

Cinder handles storage volumes and you can connect one or more volumes to an instance. A Volume is a disk from a central storage cluster. We have one Storage Cluster per data center and when you map a Volume to an Instance the Volume and Instance must be running in the same availability zone.

We offer different volume types that control how fast a volume is. You can change the type and you can also resize an existing volume. For data protection, there are snapshots that store a copy of a volume in the same storage system and there are backups that take an image copy of the volume and store it in Glance. All volumes are encrypted at rest.

Object Storage(Swift)

Swift is an object storage service where you can store large amounts of data in a secure and cost-effective way. Ideal for images, documents, backups and other types of static files. An object uploaded in Swift is stored in three copies, one copy in each data center.

Secret Storage Service(Barbican)

Barbican is a service for storing and managing secrets. For example, a secret can be a certificate, an encryption key or a password. The secrets are encrypted using a HSM cluster that has a node in each data center. Other modules in OpenStack can use Barbican to store secrets. For example, Octavia stores SSL certificates in Barbican.

Load Balancer(Octavia)

Octavia is a load balancing service used when you have multiple instances over which you can spread the load. Octavia has HTTP L7 support and you can terminate SSL in the load balancer. When you create a load balancer, two instances are built that are redundant for each other active / passive.

Orchestration(Heat)

Heat is OpenStack's service for orchestrating your resources. Heat also supports auto-scaling of resources. We ourselves do not work as much with Heat as the service is specific to OpenStack. We use and usually recommend using Terraform instead as it works with several different platforms and services from the same tool.

Metrics(Ceilometer)

Ceilometer collects and stores information on how all resources in the platform are used. This data is used for billing and auto-scaling of resources.

Billing(Cloudkitty)

We use this module to calculate the cost of the services used in the platform. It is largely based on data on resources usage data in Ceilometer and calculates the cost based on our price lists. We measure and charge per hour.

Elastx Cloud Platform (ECP) is designed for business-critical services and sensitive data. Therefore we include several services to ensure high availability and security by default. These services are generally not included by other providers.

The following services are included as standard in our prices: 24x7 support, Threat Intelligence, DDoS protection, encrypted traffic between our availability zones and encryption of storage.

All prices exclude VAT.

Elastx responsibility is to make sure all platform services are fully operational and secure. We also upgrade the platform normally two times per year to add enhancements and new features.

Customer responsibility is to manage everything that is running and stored on our compute Instances and storage services (boot disk, volume and object storage). That includes configuring and patching the operating system, making sure the data has adequate redundancy and backup (RTO and RPO) and to make sure the environment is protected with firewall, encryption etc.

• AUP - Acceptance Use Policy
• Privacy Policy (GDPR)
• Terms of Service
• Support SLA
• Availability SLA