Bbva bank on Open Stack
-
Upload
jose-maria-san-jose-juarez -
Category
Technology
-
view
1.106 -
download
2
description
Transcript of Bbva bank on Open Stack
BBVA Bank on OpenStackOpenStack SummitParis, November 2014
Jose Maria San José,Jose Luis Lucas,Daniel Chavero,
1 Introduction
Vision
Why hasn’t a bank 1B customers?
Because we can’t
2 Vision
Vision: Let’s go Cloud!● Cloud sets up self provisioning infrastructure
● Hybrid Cloud allows unlimited elasticity (no constraints)
● Active-Active Hybrid Cloud boosts resilience
● Hybrid data model (sensitive aware) ensures privacy
● Programmable automation simplifies management
BBVA BBVA
It's a Cloud World
BBVA Datacenter
BBVA DMZ
physical constraints
ZLong term
transfer
ES MX US
Amazon
Manage-ment
&Support
no constraints
busi
ness
m
odel
co
nstr
aint
s
SecDevOpsCooperation
New lifecycle
Development Testing Production Maintenance
Cloud Catalog (Virtual Machines, SW packages, SW Developments)
DeploymentPackage
TestedDeployment
Package
EvolvedDeployment
Package
Strategic Roadmap
Private CloudCultural engagement.
DevOps AdoptionImprove speed of development and deployment without flaws.
Hybrid CloudInternet-scale infrastructure.
High Value ApplicationsWeb-scale applications on top of Liberty and Hydra.
Assure sustainability of IT
Cloud ConsolidationMigrate internal process and applications to internal cloud.
3 OpenStack
3 - OpenStack: the beginnings.
● Our goals.
● Previous experience in public clouds.
● Why OpenStack?
● Why RedHat?
● How are we planning to use it?
3 - OpenStack: there we go!
● Environments: PRE and PRO.
● Enclosures with Virtual Connectso HP Blades, Proliant BL 660co Intel Xeon E5-2660
● Cloud Controller & Compute & Admin:o 256Gb RAM
● Swift:o 64Gb RAM & 12 HDD 1,2Tb
● Cinder & Glance:o NetApp NFS
3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet (Staypuft)
3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet
3 - OpenStack: technical details
Router Inet B
Router Inet A
OpenStack
Internet
Foreman
Firewall
BBVA
Internal Management
NFS Storage
RHEV - NFS
Migration
Nagios
Internet
Security stuff
DMZ/Endpoint
Log collector
Firewall
Management OpenStack
Router
Service subnet
RHEV
DNS/NTP
Foreman
Firewall
SwiftBBVA
Internal Management
NFS Storage
RHEV - NFS
Nagios
Internet
Security stuff
Swift
DMZ/Endpoint
Log collector
Firewall
Management OpenStack
Router
Service subnet
RHEV
OpenStack components:● Cinder● Glance● Swift
DNS/NTP
Migration
Foreman
Firewall
SwiftBBVA
Internal Management
WAF
NFS Storage
RHEV - NFS
Nagios
Internet
Security stuff
CloudControllerEndpoint API
Swift
Horizon
DMZ/Endpoint
Load Balancer
Log collector
Firewall
Management OpenStack
Router
Load Balancer
Service subnet
OpenStack components:● Cinder● Glance● Swift● Horizon● Keystone● Cloud Controller
DNS/NTPMySQLRabbitMQ
RHEV
Migration
Foreman
Firewall
SwiftBBVA
Internal Management
WAF
NFS Storage
RHEV - NFS
Nagios
Internet
Security stuff
CloudControllerEndpoint API
Swift
Horizon
DMZ/Endpoint
Load Balancer
Log collector
Firewall
Management OpenStack
Router
Load Balancer
Service subnet
RHEV
Hey!… what about Neutron?
OpenStack components:● Cinder● Glance● Swift● Horizon● Keystone● Cloud Controller● Nova● Neutron???
DNS/NTPNova Compute + KVM + VRS
MySQLRabbitMQ
Migration
4 SDN
4 - SDN: Motivation
● Security Team needs to enforce security at all deployment stages automatically.
● Programmability of network functions to automate deployments.
● Growth capabilities between data centers.● It’s a good point to introduce SDN into the organization.
4 - SDN: Why Nuage?
● Domain Templates.● Users roles.● Automation.● Consumable via REST API.● Openstack integration via neutron plugin.● dVRS (Distributed Routing and Switching).● Hypervisor agnostic solution.
4 - SDN: Openstack integration ● Virtualized Services Platform (VSP):
○ Virtualized Services Directory (VSD).○ Virtualized Services Controller (VSC).○ Virtual Routing and Switching (VRS).○ Virtualized Services Gateway (VSG).
● Neutron plugin.● Basic vs. Advanced mode integration.● Floating-IPs.● Horizon customization.
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
Transit network
VSD
4 - SDN: Openstack integration.
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VSD).
Load Balancer+WAF
VRS
Nova Compute
VRS
REST API / WEB GUI
...
Neutron Plugin
Transit network
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VSD).
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
XMPP
Transit network
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VSC).
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
Open Flow
Transit network
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VSC).
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
MP-BGP
Transit network
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VRS).
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
VXLAN
Transit network
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (VSG).
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
VXLAN
Break out
Firewall
VSG
Internet
Data
Nova Compute Cloud Controller
DMZ
VSC
Management OpenStack
Router
VSD
4 - SDN: Openstack integration (Plugin)
Load Balancer+WAF
VRS
Nova Compute
VRS
...
Neutron Plugin
REST API
Transit network
4 - SDN: Openstack integration (Custom)
4 - SDN: Openstack integration (Custom)
4 - SDN: Openstack integration (Custom)
4 - SDN: Openstack integration (Custom)
4 - SDN Security based on Nuage
● ACL and policies applied on different network levels.● Service chaining.
5 Lesson Learned &Next Steps
5 - Lessons learned.
● Internal process to be adapted to consume the Openstack services.
● Difficult to deploy with department silos, is better a “one-team” approach, multi disciplinar.
5 - Next steps
● Icehouse > Juno or kilo● Dockers● Ceph ● ...
5 - One Team, SecDevOps Crew ;)● Alberto Morgante Medina (Security)● Leticia García Martín (Security)● Mariano Ruiz Muñoz (Storage)● German Moya Olmedo (IT)● Vicente Miranda Cagigas (IT)● Alberto Martín (IT)● Helena Cornic Giron (Networking)● Cesar Martinez Segura (Networking)● Enrique Garcia Pablos (Innovation)● Karim Boumedhel (RedHat)● Oscar Martin Vega (Nuage Networks)● Francisco Alcantara Hernandez (Nuage Networks)● Phillipe Jeurissen (Nuage Networks)
Thank you!
Full presentation in youtube:http://www.youtube.com/watch?v=PESWFDPbexs
Summary keynote:http://www.youtube.com/watch?v=Pp2TiOKjWLY