Cloud Computing, Openstack*, and Intel by Don Dugger

Home , Platform as a service, Software as a service

Cloud Computing, OpenStack*, and Intel by Don Dugger

Cloud computing The cloud is a very hot topic in computing today but, unfortunately, because there isn’t much agreement even on what cloud computing truly is, it winds up being many different things to many different people. Fortunately, it’s easy to cut through the buzz word clutter and focus on three simple concepts that make up the basis of any cloud offering:  Client/server. All clouds consist of a set of clients that initiate requests and a set of servers that process those requests.  Network delivery. Given that there are a separate set of clients and servers, they need to talk together, so a network to provide that connection is essential.  Metered service. The ability to measure how many resources are being consumed by a client is essential for charging in a public cloud where people pay for access, and for capacity planning in a private cloud, where clients and servers might be paid for by different departments in a company.

Cloud Systems There are three main types of cloud systems: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).  Infrastructure as a Service is the most basic form of cloud. The cloud provider offers a basic machine (typically a virtualized machine) with storage and network access, then the application provider installs a complete operating system and set of applications on that machine. In an IaaS, the application provider is responsible for almost all software from the operating system, through and including the entire application. Amazon’s* Elastic Compute Cloud (EC2) is an example of an IaaS.  Platform as a Service goes one step up and provides a complete application environment, including the operating system. In a PaaS environment, the application provider only has to provide the application. The runtime environment for that application is provided by the service provider. AppEngine from Google* is a PaaS that is available today.  Software as a Service provides only the application to the client. Distinguishing between PaaS and SaaS is a little tricky because they provide pretty much the same thing – access to an application. The difference is that, for SaaS, the same entity is acting as service provider and application provider, while for PaaS, those roles are handled by different entities.

OpenStack overview Having defined a cloud, we can now look at OpenStack*, an open source IaaS project. Note that OpenStack is more a collection of different technologies rather than a single, monolithic project. The components are separate, but are well integrated to work together. The seven major components are: 1. Nova – provides computing services 2. Neutron – provides network connectivity[1] 3. Cinder – provides persistent volume storage

[1] The Neutron project used to be called Quantum until trademark issues forced a name change. 4. Swift – provides object storage 5. Glance – provides image storage 6. Horizon – provides an administrative GUI 7. Keystone – provides an authentication service

All of these components are linked together as shown in the diagram below.

Note that this diagram has been slightly simplified. Given that Horizon (the GUI) needs to control all components in the system there should be lines between Horizon and all the other blocks in the diagram. Similarly, Keystone (the authentication services) needs to validate all components so it should have lines to all other blocks. Adding in those connections makes the diagram too confusing so we’ll just accept that those phantom lines exist.

Nova This is the heart of the OpenStack system and has primary responsibility for coordinating the entire system and for scheduling virtual machines on individual compute nodes. Nova provides a service similar to Amazon EC2. In fact, there are two independent APIs into Nova, an OpenStack native API and an Amazon EC2 compatible API. Nova provides a flexible scheduler, along with support for multiple different hypervisors, including KVM*, Xen*, VMware*, LXC*, and others.

Cinder Cinder provides persistent block storage that can be used by individual virtual machines. Note that this is network-accessible block storage, not a network-attached file system like NFS. There are pluggable drivers, available for different backend storage providers, including Linux* iSCSI*, SolidFire*, NetApp*, and others.

Swift The service provides persistent object storage, similar to Amazon Simple Storage Service (S3), again with two APIs: a native API and an S3 compatible API. Objects in swift are just blobs of data of arbitrary size that can be stored and retrieved in a single operation. Note that objects cannot be updated. You can replace an entire object but you can’t update parts of it. The Swift service also provides reliability in that it provides triple replication of all objects, by default.

Glance Glance provides an image storage service to hold the bootable images that will be used by the virtual machines. The main need for Glance is to provide metadata that is associated with these images. Glance supports multiple storage backends. You can use the Swift service by default, or you can use a local file system.

Neutron Neutron provides network connectivity as a service providing the ability to create networks and attach devices. It’s important to recognize that while Neutron sets up the network topology for the application provider, once that topology is set up, Neutron is not involved in the actual transport of data packets. Neutron provides a pluggable architecture that supports many popular network vendors and technologies, such as Linux bridging, Open vSwitch*, OpenFlow*, and many others.

Keystone Keystone provides a common authorization framework, based around tokens, that is used for all requests inside OpenStack. Users provide credentials to Keystone and receive a token based upon those credentials. The token is then used with requests to verify that that user has appropriate authorization to make that request. As with most other services in OpenStack, Keystone supports pluggable backends that provide the actual authentication. The backend can be based upon Linux’s Pluggable Authentication Modules (PAM), or Lightweight Directory Access Protocol (LDAP), or just a simple KVS (key value store), or even an SQL database.

Horizon Horizon provides a user friendly GUI that allows the service provider to control resources that make up the cloud and also allows the application provider to control the resources that make up an application. The administrator can add and subtract compute resources, data stores, network services – all of the components that make up the cloud. The application provider can add and delete virtual machines and monitor the status of the virtual machines that are currently providing the application. Note that Horizon provides the GUI, but all of the system management can be separately controlled by command line tools, also.

Intel contributions to OpenStack Intel has been very active in the OpenStack community (we were one of the top 10 contributors to the Grizzly release) and have added things like:  Trusted Compute Pools (TCP) for Nova. This was a multi-project effort to add a new trusted filter to the Nova scheduler, make changes to Horizon to provide an interface to TCP, and add an attestation service to verify that compute nodes were booted properly.  Filter scheduler for Cinder. This enables the Cinder scheduler to allocate storage based upon workloads, giving the service provider more control over performance vs. cost for storage.  COSBench for Swift. Having an object storage system is good, but the ability to measure the performance of that system is critical. The common object storage benchmark provides such a measurement capability.

For the future we expect to be adding new capabilities, such as:  Enhanced platform awareness. We expect to enhance the current Nova scheduler to consider CPU and platform capabilities when placing new virtual machines. CPU capabilities include requiring a host that supports things like AES instructions for efficient encryption, and platform capabilities include creating a virtual machine on a host with SR/IOV hardware, so that devices can be directly assigned to it.  Key Manager. We expect to provide a common service for storing and obtaining keys used for encryption services.  Erasure code. We expect to improve reliability while reducing overhead. Swift provides reliability with triple replication, which adds high storage overhead. We expect our new erasure code can provide the same level of reliability with a much reduced overhead (think RAID 5 for object storage).

Lean more about Intel and OpenStack < http://software.intel.com/en-us/articles/open-source- openstack#page=resources>

*Other names and brands may be claimed as the property of others.