beware the pitfalls when migrating to hybrid cloud with openstack
TRANSCRIPT
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Shuquan Huang
Beware the Pitfalls when migrating to Hybrid Cloud with OpenStack
2016/10/18
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 2
• Technical Director @ 99cloud
• Heavily involve in OpenStack Community since 2012
About
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 3
• Chinese first pure OpenStack startup( May, 2012),with 4+ years code contribution since 2012• Global top 10 OpenStack contributor
• Delivered the 1st COA training in China , and we are on the list of first COA partners
• Gold Member
Who are we?
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
What do we do?99Cloud focus on filling the last mile gap in OpenStack vertical adoption
l 9 Provinces: Jiangsu, Sichuan, Shanxi, Shanghai , Shanxi, Fujian, Tianjing, NingXia, Shandong
l Coved China power market
Closed On-going l Guangdong
State Grid
l Tibetl Liaoningl Inner
Mongolial …l Beijing
Short term
Long-term
30%Cover
100% Provinces by 2018
l Guangxil Yunnanl Guizhou
l Heilongjiangl Jilinl Henanl Hunanl Hubeil Hebeil Jiangxil Qinghai
Electric Power Industry Vertical Cloud
China Southern Power Grid
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 5
• The State of Hybrid Cloud
• Why to use Hybrid Cloud?
• Hybrid Cloud User Cases
• Avoid Pitfalls
Agenda
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 6
• 71% of respondents enterprises are using hybrid cloud – RightScale Report
• 75% of companies planned to adapt hybrid cloud – Cloud Cruiser survey
• 88% of respondents believe hybrid cloud is ‘important’ or ‘critical’ to enable digital business transformation - IDG Research survey
The State of Hybrid Cloud
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 7
• Speed
• Accelerate the speed of deployment.• Scale within minutes and provide resources in a short timeframe.
• Cost
• buying the base and renting the peak.
• Geographic & Compliance
• Full geographic reach needed with global applications.• Data restricted to some countries.
Why to use Hybrid Cloud?
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 8
• Best Cloud Allocation
• Lifecycle-Based Deployment
• Disaster Recovery
• Cloud bursting
Hybrid Cloud Use Cases
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 9
• It involves selecting the best cloud for deploying each application.
• The entire application runs in that selected private or public cloud.
Best Cloud Allocation
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 10
• Dev/Test in Public Cloud, Production in Private Cloud
• Dev/Test in Private Cloud, Production in Public Cloud
• New Apps in Public Cloud, Steady-State Apps in Private Cloud
Lifecycle-Based Deployment
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 11
• Using public cloud for disaster recovery avoid the cost of provisioning duplicateinfrastructure that is rarely used.
• Greatly reducing the time required to bring the entire configuration to an operational state.
Disaster Recovery
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 12
• Direct connection between cloud providers
• AWS Direct Connect• Aliyun Express Connect
• Automation capabilities to handle auto-scaling
Cloud bursting
13
14
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 15
• It’s easy to get swept up in the buzz around hybrid cloud, and rush into it without doing the proper spadework first.
• Now it’s not easy to manage the public cloud and private cloud due to a Cloud Management Platform is missing.
Pitfall 1: Fail to manage clouds with a single pane
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 16
• Using CMP(Cloud Management Platform) like RightScale, Scalr, Fit2Cloud, etc, you can add a single user interface to many cloud combinations.
• Work with the community and leverage the existing solution to resolve the following problems.
• Resource Management• Monitor & Dashboard• User/Role Management• Image Portability• Network Topology• QoS
Solution and mitigation
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 17
• If there are different kinds of clouds involved in the hybrid cloud, a user should be able to use a single authentication point to manage virtual resources spread over multiple no matter OpenStack or others.• Remove the need of a user to constantly remember
the password for each cloud.• Increase productivity while reducing cost and
frustration.• Eliminates the need for a user identity to exist in
each cloud.
Pitfall 2: Fail to to handle credentials in hybrid cloud
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 18
• Federated Identity provides a way to securely use existing credentials to access cloud resources such as servers, volumes, and databases, across multiple endpoints provided in multiple authorized clouds using a single set of credentials, without having to provision additional identities or log in multiple times.
• Integration with identity services of other cloud providers, such as AWS Identity and Access Management (IAM) , Alibaba Cloud Resource Access Management (RAM)
Solution and mitigation
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 19
• Service Provider (SP)
• Identity Provider (IdP)
• SAML assertion/OpenID/Oauth
Federated Identity(1)
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 20
Federated Identity(2)
Keystone to Keystone Federation
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 21
• L2/L3 networking automation across clouds.
• Tenant's VMs communicate with each other via L2 or L3 networking across clouds.
• Security group applied across clouds.
• Tenant level IP/mac addresses management across clouds.
• Tenant level quota control across clouds.
• …
Pitfall 3: Fail to automate network configuration across clouds
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 22
• Tacker• An official OpenStack project for NFV Orchestration and VNF Management using
standards based architectures.• Support VNF placement on specific target OpenStack VIM & Explicit Region.
• Tricircle
• Dedicated for networking automation across Neutron in multi-region OpenStack deployments
• Leverage Neutron API for cross Neutron networking automation, eco-system like CLI, SDK, Heat, Murano, Magum etc, all of these could be reserved seamlessly.
Solution and mitigation
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
What is Tacker?
Tacker is an official OpenStack
project for NFV Orchestration and
VNF Management using standards based
architectures
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 24
Tacker
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Tacker: Roadmap Beyond Newton
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Tacker: Multi-VIM Type Support
Orchestrate VNFs on different type of VIM’s
Introduce Tacker InfraDriver’s for VMware ESXi (TOSCA -> OVF)
Tacker
Site 1 OpenStack
Site 2VMware ESXi
Site 3AWS
Site 4Custom
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Tricircle - Networking automation across Neutron
27
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Pitfall 4: Fail to orchestrate application across clouds
• Murano introduced an application catalog to OpenStack, which allows application developers and cloud administrators to publish their cloud-ready applications in a browsable , easily navigable and categorized catalog.
• However, when applications are deployed or shared between multiple clouds, Murano cannot do much for you.
28
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Solution and mitigation
• Extend Murano capability to deploy applications across different clouds and it should deploy applications not only to the same cloud where it’s installed but also to the several other clouds to fulfill the requirements of hybrid-cloud applications or disaster recovery.
• Using Cloudify to Extend Murano Past OpenStack to Multiple Clouds. This plugin allows Murano to manage TOSCA templates directly, and deploy them to OpenStack and other clouds directly, using Cloudify.
29
https://wiki.openstack.org/wiki/Murano/MultiCloudSupport
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Pitfall 5: Lost control and protect when migrating to hybrid cloud
Considerations• Do you have data protection or encryption
all the time?
• Is your data safe when it is on one public cloud?
• Does it still meet the compliance requirements when migrating to hybrid cloud?
• Do you still maintain a complete audit trail when migrating to hybrid cloud?
30
Compliance• Industry specific frameworks:
• Solvency II/III, Basel II/III
• Quality and environment:
• ISO 9001, 14001
• Information security and handing:
• ISO 27001, 27015, 27018
• ISO 22301
• PCI-DSS
• Governance and management:
• Cobit 5
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
Solution and mitigation
• Combine with monitoring and log analysis to visualize audit trails.
• See who changed what and when• Provide audit logs and reports to satisfy regulators.
• Learn about the security issues of OpenStack and work it out under the help of community.
• OpenStack Security Advisories (OSSA) are created to deal with severe security issues in OpenStack for which a fix is available - OSSA’s are issued by the OpenStack Vulnerability Management Team (VMT).
• OpenStack Security Notes (OSSN) are used for security issues which do not qualify for an advisory, typically design issues, deployment and configuration vulnerabilities.
31
https://security.openstack.org/
https://wiki.openstack.org/wiki/Security_Notes
Have a great journey on the way to hybrid cloud!
32
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件
THANK YOU!www.99cloud.net
电话:021-6120-7665 邮箱:[email protected]
地址:上海市黄浦区局门路427号1号楼206室
www.99cloud.net
Copyright©2015 99Cloud Inc. All rights reserved.九州云版权所有 STRICTLY CONFIDENTIAL 机密文件 34
• http://www.rightscale.com/lp/2016-state-of-the-cloud-report
• https://www.emc.com/microsites/cio/articles/idg-research-study-hybrid-cloud/index.htm
• https://aws.amazon.com/directconnect/
• http://docs.openstack.org/developer/heat/getting_started/standalone.html
Reference