Openstack @Surfnet

OpenStack @SURFnet

Photo: Paul Dekkers

Paul Dekkers 2 juli 2015 About SURFnet

• National Research and Education Network (NREN)

• Founded in 1986, incorporated 1988 2013: 25 year anniversary!

• > 11000km dark-ﬁbre network

• Shared ICT innovation centre • Lots of technical expertise

• > 160 connected institutions ± 1 million end users

2 About SURFnet

Communities the network: Collaboration >11000 km fiber, (Video)conferencing and … Online video, e-learning Monitoring Mail-filtering Wireless, eduroam Authentication (federated) Certificate services Computing (cloud, virt., stor.) NTP DNS and resolving Security (SURFcert, …) IP network (IPv6!) … just some examples

Lower layers Middleware End-users / Apps Middleware layers Lower Optical lightpaths

3 International research connectivity

4 SURFnet & cloud

• Cloud services for institutions - eg. SURFdrive (dropbox like), SURFﬁlesender, … - VM/IaaS is work in progress, in+external providers, lightpaths

• Glue between NREN and public cloud - federated authentication - direct network connection (reduce costs), use lightpaths

• Lots of technology scouting - sharing knowledge - new hypervisors, Xen(+Server), KVM, … - reports on Azure migration, … - OpenStack training for connected institutions in 2014

5 Building blocks for our services

• IaaS cloud services for SURFnet internal usage - VMware since 2003 - VMware ESX since 2006 - Xen in 2006 (XenServer in 2009) - AWS since 2008 (public) - Eucalyptus in 2009 - vCloud Director in 2010 - OpenNebula in 2010 - Rackspace since 2011 (public, since EU-site) - CloudStack in 2011 - GreenQloud since 2011 (public) - Azure in 2012, again in 2015 with StorSimple (public) - OpenStack since 2014 (not considered mature enough before that)

6 GreenQloud, public with edu-link GreenQloud, public with edu-link GreenQloud, public with edu-link GreenQloud, public with edu-link GreenQloud, QStack

• Compute sold via SURFmarket

• They’re quitting :-( (but…) - Created QStack as their product, improved CloudStack - GreenQloud’s public oﬀering vs. QStacks customers - QStack also deployed at SURFnet institutions

• QStack being deployed by others, among which Advania (still in Iceland)

• Will have more federated/SAML deployments

11 use-cases tested with institutions

• Failover primary website to Iceland for Royal Library, planned downtime, automated via GSLB

• Full website failover with replicated data for University of Groningen

• Integration of servers in campus network, Open University

• Integrate in curriculum, ﬁnal report = results in a VM DNA Genome research @Inholland hogeschool

• Provide VMs to 160 CS students (deprovisioning anyone?)

• Use for various lab-work @SURFnet: ADFS, Sharepoint, filesender, secure texting, unhosted, mail-scanning, DNS, DNS traffic analysis, optic fiber network modeling...

12 OpenStack requirements

• Federated login - Hard to get SAML-login, auto-provisioning done - We deﬁnitely want this: system administration very fragmented

• IPv6 - Neutron (was?) in a really sorry state (for IPv6 anyway) - So: nova-network was our (stable) option, public IPv4, public IPv6

• Stable service - Get people and developers familiar with OpenStack, gain trust - ops: Test env. for upgrade tests, careful with “new” stuﬀ (neutron)

• Started with Havana, now on Icehouse

13 Federated login with auto-provisioning SURFconext provides WAYF service Projects (auto-provisioned), and more…

Users get default tenant, can get more for collaboration or services: only for that they need us… Uses

• Trainings, workshops (eg. the OpenStack training itself ;-)) • Tests, PoC • Development • Pilot/test services • Research (eg. data analysis) • SDN • Services with internal resilience - CDN - websites

… I don’t even know all! Over 70 users, 200 VMs, ±150 running permanently

17 Questions? paul.dekkers [at] surfnet.nl