Your SlideShare is downloading. ×
Cloudstackeucalyptusopenstackbriefshare2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cloudstackeucalyptusopenstackbriefshare2012

1,152

Published on

Bizalgo Cloud Comparisons

Bizalgo Cloud Comparisons

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,152
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CloudStack vs OpenStack vs Eucalyptus IaaS Private Cloud Brief Comparison Daniel Kranowski Business Algorithms, LLC http://www.bizalgo.com October 1, 2012
  • 2. public iaas private iaas
  • 3. CloudStack   Eucalyptus   OpenStack   Architecture   Installa8on   Administra8on   Security   High  Availability  
  • 4. Zone Pod Cluster Host Primary storage Secondary storage
  • 5. CloudStack installation Build physical network, storage nodes, hypervisors Unzip cloudstack .tar.gz, run install.sh (yum install cloudstack mysql) Cloud-bridge RPM Set up NFS shares (primary/secondary storage) Download system & user templates Database schema setup UI-based cloud launch See also http://www.bizalgo.com/2012/07/08/making-cloudstack-quick-install-quicker/
  • 6. ec2 API script ec2-­‐add-­‐keypair  mykey   ec2-­‐add-­‐group  grp1   ec2-­‐authorize  grp1  -­‐P  tcp  -­‐p  22  -­‐s  0.0.0.0/0   ec2-­‐run-­‐instances  ami-­‐123456  -­‐-­‐instance-­‐count  1     -­‐-­‐instance-­‐type  m1.small  -­‐-­‐key  mykey  -­‐-­‐group  grp1   CloudBridge (awsapi) ?comand=createSSHKeyPair&name=mykey   ?comand=createSecurityGroup&name=grp1   CloudStack REST API ?comand=authorizeSecurityGroupIngress   &securitygroupname=grp1   &startport=22&endport=22&cidrList=0.0.0.0/0   ?comand=deployVirtualMachine   &serviceofferingid=m1smallid&templateid=ami123456id   &zoneid=1&keypair=mykey&group=grp1  
  • 7. baseline security: VLAN/Firewall ingress VM tenant1 Customer financials outgress virtual router virtual router VLAN 1 VLAN 2 switch ingress outgress VM tenant2 Marketing apps
  • 8. CloudStack high availability mysql #1 CloudStack #2 mysql #2 CloudStack #3 Secondary storage Hypervisor Hypervisor dom0 dom0 VM CloudStack #1 VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Primary storage
  • 9. CloudStack high availability CloudStack #1 mysql #1 CloudStack #2 mysql #2 CloudStack #3 Load balanced multi-node Management Server Replicated database for disaster recovery
  • 10. CloudStack   Architecture   Monolithic  controller.    Datacenter   model,  not  object  storage.   Installa8on   Fewest  parts  to  install.    RPM  needed.   Administra8on   Good  web  UI;  a  belated  script  CLI   Security   Baseline  vlan/firewall  vm  protec8on   High  Availability   Load-­‐balanced  mul8-­‐node  controller  
  • 11. Cloud Cloud Controller (CLC) Walrus Cluster Cluster Controller (CC) Storage Controller (SC) (Availability Zone) Nodes VM VM Node Controller VM VM Node Controller VM VM Node Controller
  • 12. Object storage Walrus S3 Block storage Storage Controller (SC) Elastic Block Storage (EBS) Command line scripts euca2ools EC2 API tools
  • 13. Eucalyptus installation Build physical network, storage nodes, hypervisors Open firewall ports on cloud component nodes (CLC to Walrus, CC to NC, etc) Setup yum/dpkg repositories (eucalyptus.repo) RPM/apt-get installation of eucalyptus components Configure eucalyptus.conf euca_conf: create postgres db Register components and arbitrators HA: configure DRBD
  • 14. Web UI does NOT control guest instances! Use euca2ools CLI instead. (Or RightScale/enStratus)
  • 15. ec2 API script ec2-­‐add-­‐keypair  mykey   ec2-­‐add-­‐group  grp1   ec2-­‐authorize  grp1  -­‐P  tcp  -­‐p  22  -­‐s  0.0.0.0/0   ec2-­‐run-­‐instances  ami-­‐123456  -­‐-­‐instance-­‐count  1     -­‐-­‐instance-­‐type  m1.small  -­‐-­‐key  mykey  -­‐-­‐group  grp1   euca2ools equivalent euca2ool script euca-­‐add-­‐keypair  mykey   euca-­‐add-­‐group  grp1   euca-­‐authorize  grp1  -­‐P  tcp  -­‐p  22  -­‐s  0.0.0.0/0   euca-­‐run-­‐instances  ami-­‐123456  -­‐-­‐instance-­‐count   1     -­‐-­‐instance-­‐type  m1.small  -­‐-­‐key  mykey  -­‐-­‐group  grp1  
  • 16. Eucalyptus security The CloudStack baseline (VLAN, API PKI, VM SSH) …and… Component registration (since not monolithic)
  • 17. Eucalyptus high availability Primary/secondary CLC, Walrus, SC, CC NC and VM instances are disposable
  • 18. Eucalyptus high availability Failover, NOT load balancing Eight controller machines at cloud/cluster level Storage redundancy relies on SAN vendor Arbitrators monitor connectivity to CLC, Walrus, CC
  • 19. Eucalyptus   Architecture   Five  main  components.    AWS  clone   Installa8on   Nice  RPM/DEB,  s8ll  medium  effort   Administra8on   Strong  CLI  compa8ble  with  EC2  API   Security   Baseline  +  component  registra8on   High  Availability   Primary/secondary  component   failover  
  • 20. OpenStack services horizon nova-api rabbit-mq nova-compute nova-volume nova-network rdbms nova-scheduler hypervisor swift-account VM swift-container VM swift-object VM VM swift-proxy VM glance-control VM glance-registry keystone: identity, token, catalog, policy
  • 21. OpenStack installation Build physical network, storage nodes, hypervisors SWIFT STORAGE setup KEYSTONE setup Do the following for each storage node. Install swift account, container, object Make XFS filesystem on each disk partition Configure rsync Configure swift account, container, object servers Start storage services Install keystone, reconfigure from sqlite to mysql Manually create keystone database, init the service Define tenants, users, roles; run keystone-init.py Define swift filter in keystone.conf Populate keystone service catalog from database Verify keystone with openssl GLANCE setup Install glance, reconfigure from sqlite to mysql Manually create glance database Configure glance-api-paste.ini, glance-registry.conf Populate glance database, restart services Verify glance by uploading a test image NOVA setup Install nova and dependencies Manually create nova database Configure hypervisor, database, keystone in nova.conf Populate nova database, restart services Create nova network bridge interface for guest vms Configure openrc file with CLI credentials Download real vm image, upload to glance registry Define security group, keypair, start an instance SWIFT PROXY setup Install swift proxy Create SSL certificate Configure memcached to listen on proxy local ip address Configure keystone admin token Create proxy server conf Run swift ring builder for account, container, object rings Enumerate storage devices on each ring Verify and rebalance the rings Start proxy services HORIZON setup Install apache and horizon dashboard Manually create horizon database Populate horizon database Restart services
  • 22. OpenStack administration euca2ools work here! euca-­‐run-­‐instances  ami-­‐123456  -­‐-­‐instance-­‐count  1     -­‐-­‐instance-­‐type  m1.small  -­‐-­‐key  mykey  -­‐-­‐group  grp1   OpenStack CLI nova  keypair-­‐add  -­‐-­‐pub-­‐key  ~/.ssh/id_rsa.pub    mykey   nova  secgroup-­‐create  grp1  "my  security  group"   nova  secgroup-­‐add-­‐rule  grp1  tcp  22  22  192.168.1.1/0   nova  boot  -­‐-­‐flavor  2  -­‐-­‐image  f4addd24-­‐4e8a-­‐46bb-­‐ b15d-­‐fae2591f1a35  -­‐-­‐key_name  mykey     -­‐-­‐security_group  grp1  i-­‐123456  
  • 23. Keystone security (3)  service  request  with  token   client service (6)  authorized  service  response   (1)  authen8cate   (2)  token   (4)  check  token   keystone (5)  authorize  
  • 24. which services offer HA? horizon nova-api rabbit-mq nova-compute nova-volume nova-network rdbms nova-scheduler hypervisor swift-account VM swift-container VM swift-object VM VM swift-proxy VM glance-control VM glance-registry keystone: identity, token, catalog, policy
  • 25. which services offer HA? swift-account swift-container rabbit-mq swift-object nova-network rdbms "The Ring": disk replication (not redundant service pids) Run one per hypervisor (i.e. you manage HA yourself)
  • 26. Swift: The Ring (HA) disk partition partition partition partition object 12345 Three replicas of each object. disk partition partition partition partition disk disk partition partition partition partition partition partition partition partition Z O N E Z O N E
  • 27. OpenStack   Architecture   Fragmented  into  lots  of  pieces   Installa8on   Difficult:  many  choices,  not  enough   automa8on   Administra8on   Web  UI,  euca2ools,  na8ve  CLI.   Security   Baseline  +  Keystone   High  Availability   Swik  Ring,  otherwise  manual  effort  
  • 28. summary
  • 29. CloudStack   Eucalyptus   OpenStack   Architecture   Monolithic   5  part,  AWS   Fragments   Installa8on   Medium   Administra8on   UI,  EC2  CLI   EC2  CLI   Security   Baseline   Registered   Keystone   High  Availability   LB  mul8   2x  failover   Swik  only   Medium   Difficult   Mul8  CLI  
  • 30. CloudStack vs OpenStack vs Eucalyptus IaaS Private Cloud Brief Comparison Daniel Kranowski Business Algorithms, LLC http://www.bizalgo.com October 1, 2012
  • 31. This has been the brief version of a longer presentation on IaaS. For extra analysis regarding IaaS infrastructure, security, code, system compatibility and more, please contact Daniel Kranowski.

×