An Evaluation of OpenStack Deployment Frameworks

download An Evaluation of  OpenStack  Deployment Frameworks

of 28

  • date post

  • Category


  • view

  • download


Embed Size (px)


An Evaluation of OpenStack Deployment Frameworks. November 5 th , 2013. Brian Chong and Shane Gibson. Agenda. About Symantec and Us What is Symantec Doing? Proof-of-Concept Tools Requirements Success Criteria Testing Plan and Design Provisioning Evaluation Frameworks Tested - PowerPoint PPT Presentation

Transcript of An Evaluation of OpenStack Deployment Frameworks

Cloud Platform Engineering1November 5th, 2013Brian Chong and Shane GibsonAn Evaluation of OpenStack Deployment Frameworks

AgendaAbout Symantec and UsWhat is Symantec Doing?Proof-of-Concept Tools RequirementsSuccess CriteriaTesting Plan and DesignProvisioning EvaluationFrameworks TestedThings Not TestedThe Tools TestedTesting OpenStackSummaryAppendixCloud Platform Engineering22Cloud Platform Engineering3What is Symantec doing?About Symantec and UsAbout Symantec

Making the world more secureEnterprise system and data protectionNorton branded consumer protection (not just Antivirus)Tackling the big problemsPioneered the Big Data approach to malware detectionSignificant cloud presence (Norton, MessageLabs, OCSP, etc.)

About Brian Chong

Infrastructure Architect for our OpenStack effortsSecurity & Network FocusedInterested in securing OpenStack at all tiers

About Shane Gibson

Infrastructure Architect for our OpenStack effortsFocused on the big picture from bare metal to full OpenStack clustersInterested in compute and object storageSYMC Confidential4

What is Symantec Doing?We are building a consolidated cloud platform that provides infrastructure and platform services to host Symantec SaaS applicationsAn exciting greenfield opportunity to re-invent our cloud infrastructure with strong executive leadership supportBuilding a global team in the US, Europe, and Asia of top-notch, open source minded engineers in the areas of cloud and big dataOur development model is to use open source components as building blocksIdentify capability gaps and contribute back to the communityWe have selected OpenStack as one of the underlying infrastructure services layerWe plan to analyze and improve the overall security posture of OpenStack componentsWe are starting small, but will scale to thousands of nodes across multiple data centersQuestions? Our contact details are in the Appendix!Cloud Platform Engineering5Cloud Platform Engineering6Proof-of-Concept Tools RequirementsProof-of-Concept Tools RequirementsCapabilitiesBare metal provisioning and lifecycle managementHardware/Environment Pre-Install CheckInstallation/ Post-Install CheckStep Based Notification/LoggingResilienceHigh AvailabilityMulti-Data Center ManagementMulti-Zone (inter-DC, inter-region, etc.) ManagementComplexityAbility to manage complex configurationsNetwork, Hardware, High Availability, OpenStack configurationCloud Platform Engineering7Cloud Platform Engineering8Success CriteriaSuccess CriteriaOpenStack running in our datacenter; on our hardwareFrom bare metal to OpenStack runningAdd/Delete/Modify OpenStack cluster membersImplementation with multi-network configurationAs few manual steps as possible (automated installation)Ability to drive implementation via APICompletely documented steps to re-replicateOur staff must be able to reproduce an install on additional clustersOpenStack configuration validated via testsConfiguration/management via Horizon dashboard (smoke test)Configuration/management via CLI API calls (in-house test harness)Tempest tests run against installed configuration

Cloud Platform Engineering9Cloud Platform Engineering10Testing Plan and DesignCloud Platform Engineering11Provisioning Evaluation: Network Architecture

Yes, thank you we know these are not valid IP addresses. IP and VLAN scheme for demonstrations purposes only. Blah, blah blah.Cloud Platform Engineering12

Provisioning Evaluation: OpenStack Overview

Cloud Platform Engineering13Provisioning EvaluationProvisioning EvaluationResults of Symantecs testing are based on features available during the test phaseAll tool chains are going through rapid developmentMany new features and capabilities have been implemented since Summer 2013 testingSort of like OpenStack Cloud Platform Engineering1414Provisioning Evaluation: Frameworks TestedCloud Platform Engineering15Fuel Web ver 3.0.1Primarily open source integrated toolsPuppet for DevOpsCrowbar ver 1.6Glues together Chef recipesStrong integration with Dell hardware MaaS/JuJu ver 1.2/0.7MaaS (Metal as a Service) provisioningJuJu Charms for deploymentForeman ver 1.2.0Uses Puppet for DevOpsStrong enterprise featuresRackspace Priv. Cloud ver 4.1.0OpenStack onlyStrong leader in OpenStack

Provisioning Evaluation: Things Not TestedCobbler pure imaging/boot systemIronic OpenStack bare metal provisioning (still in incubation)Razor pure imaging/boot system, young project, great potentialCOI Cisco OpenStack Installer (puppet/cobbler tool)FAI around a long timeOpenQRM strong HA designCloudboot boot/install from cloud resourcesSpacewalk Red Hat/EL centricFogProject more cloning than boot controlKickstart general Red Hat/EL specific boot/installetc

Cloud Platform Engineering16

Provisioning Evaluation: Fuel Web ver 3.0.1ArchitectureCombines many Open Source projects Uses PostgreSQL internallyAutomation workflow via syslog messagesOpenStack TopologyNova Compute, Nova Networking, Cinder, Horizon, Keystone, GlanceSwift all-in-one built by handCommentFuel Web and Fuel CLI are now combined productsNew Fuel product supports OpenStack HA deployments via Web UI

Cloud Platform Engineering1717

Provisioning Evaluation: MaaS/JuJu ver 1.2/0.7ArchitectureMaaS has strong distributed model (regional capabilities)JuJu Charms for deploying codeOpenStack TopologyNova Compute, Nova Networking, Cinder, Horizon, Keystone, GlanceSwift all-in-one built by handCommentRequired 10 nodes minimum for successful clean deploymentMaaS deployments were excellentStrong debugging capabilities in JuJuCharms deployment of OpenStack needs work

Cloud Platform Engineering18

Provisioning Evaluation: Crowbar ver 1.6ArchitectureTightly integrated with local Chef server, uses Crowbar databags for Chef recipesStrong integration with Dell hardware (but not exclusively so)Server BIOS/Firmware settings and RAID configurationsOpenStack TopologyNova Compute, Neutron Networking, Cinder, Horizon, Keystone, Glance, SwiftCommentGood level of features bubbled up to UI of OpenStack parametersVery fast time to full OpenStack cluster implementation out of the boxCrowbar 2 separates DevOps from framework, future support for other DevOps tools, implements large scale cluster builds with High Availability

Symantec Cloud Platform Engineering19

Provisioning Evaluation: Foreman ver 1.2.0ArchitectureStrong distributed model (via smart proxies)Uses Puppet for OpenStack deploymentOpenStack TopologyNova Compute, Neutron Networking, Cinder, Horizon, Keystone, Glance, SwiftCommentRequires customization to build deployment frameworkWell supported in community for deployment implementationsIntegrates with Puppet (as ENC), and Rundeck

Cloud Platform Engineering20

Provisioning Evaluation: Rackspace Priv Cloud ver 4.1.0ArchitectureImplemented via Chef recipesRequires provisioned host OS for deploymentOpenStack TopologyNova Compute, Nova Networking, Cinder, Horizon, Keystone, Glance, SwiftCommentRecommended install uses Nova NetworkingL3 agent in Neutron single point of failureDid implement Neutron networking as well

Cloud Platform Engineering21

Provisioning Evaluation: The ResultsCloud Platform Engineering22Tool TTC * Capabilities ResiliencyComplexityVersionCrowbarver 1.6Fuel Webver 3.0.1Rackspace P.C. N/A N/A ver 4.1.0MaaS/JuJuver 1.2/0.7Foremanver 1.2.0good supportmeets requirementsminimum requirementsmissing features* TTC = time-to-cluster, the time it took deployment to be customized, documented, and repeated by Symantec staffbare metal prov.HW checksnotification/loggingdeploy tool HAmulti DCmulti zoneOpenStack HAhardware/BIOS/RAIDphysical networksOpenStack tuningCloud Platform Engineering23Testing OpenStackTesting OpenStackNovaCreate & Manage Virtual MachinesCreate & Manage Direct Connection NetworksCreate & Manage Security and Availability GroupsGlanceManage and Deploy OS ImagesBoot from VolumeNeutronCreate & Manage Virtual L2/L3 Networks, Routers and SwitchesCreate and Manage Security GroupsCinderCreate & Manage Block VolumesBack Up & Restore Block VolumesBoot VMs from Volume w/ Glance

Cloud Platform Engineering24KeystoneCreate & Manage ProjectsCreate & Manage UsersCreate & Manage RBAC for both Projects & UsersManage Security access between servicesSwiftCreate Projects specifically to SwiftCreate & Manage Objects

Cloud Platform Engineering25Summary

SummaryCapabilities discussed are from the specific product we testedDifferent versions of the product supports different featuresEg. Fuel Web versus Fuel CLIVendors are rapidly improving their productsCurrent feature sets of products have evolved significantly since testAll vendors were strongly interested in feedback for product improvementsCheck features of each vendors deployment in depth before choosing a toolTest as many different deployment tools as you can!!Cloud Platform Engineering26Cloud Platform Engineering27Appendixwhatreferencepresentation QR codeSymantec, Corp. Brian Shane

Appendixtoolvendor supportversion testedcurrent version *websiteCrowbarDell1.61.6 WebMirantis3.0.13.2 RPCRackspace4. ForemanRedhat1. MaaS/JuJuCanonicalver 1.2/0.71.6/1.16.0 Cloud Platform Engineering28As of October 26, 2013