CloudStack vs OpenStack vs Eucalyptus: IaaS Private Cloud Brief Comparison

  • 25,078 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • As of the 3.2 release, Eucalyptus has a web-based console for managing instances and other EC2 resources. You can even run it from an iPad or other mobile device! bit.ly/euca_ipad
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
25,078
On Slideshare
0
From Embeds
0
Number of Embeds
52

Actions

Shares
Downloads
1,034
Comments
1
Likes
36

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • http://docs.openstack.org/trunk/openstack-compute/admin/content/existing-ha-networking-options.html

Transcript

  • 1. CloudStack vs OpenStack vs Eucalyptus IaaS Private Cloud Brief Comparison Daniel Kranowski Business Algorithms, LLC http://www.bizalgo.com October 1, 2012
  • 2. public iaas private iaas
  • 3. CloudStack Eucalyptus OpenStackArchitectureInstallationAdministrationSecurityHigh Availability
  • 4. Zone Pod Cluster Host Primary storageSecondary storage
  • 5. CloudStack installationBuild physical network, storage nodes, hypervisorsUnzip cloudstack .tar.gz, run install.sh (yum install cloudstack mysql)Cloud-bridge RPMSet up NFS shares (primary/secondary storage)Download system & user templatesDatabase schema setupUI-based cloud launchSee also http://www.bizalgo.com/2012/07/08/making-cloudstack-quick-install-quicker/
  • 6. ec2-add-keypair mykey ec2 API ec2-add-group grp1 script ec2-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0 ec2-run-instances ami-123456 --instance-count 1 --instance-type m1.small --key mykey --group grp1CloudBridge (awsapi) ?comand=createSSHKeyPair&name=mykey ?comand=createSecurityGroup&name=grp1 ?comand=authorizeSecurityGroupIngress &securitygroupname=grp1 &startport=22&endport=22&cidrList=0.0.0.0/0 CloudStack ?comand=deployVirtualMachine &serviceofferingid=m1smallid&templateid=ami123456id REST API &zoneid=1&keypair=mykey&group=grp1
  • 7. baseline security: VLAN/Firewall ingress ingress virtual virtual VM outgress router router outgress VM tenant1 tenant2Customer VLAN 1 VLAN 2 Marketingfinancials apps switch
  • 8. CloudStack high availability Hypervisor Hypervisor CloudStack #1 dom0 dom0mysql VM VM #1 VM VM CloudStack VM VM #2 VM VM VM VMmysql VM VM #2 CloudStack VM VM #3 VM VM Secondary Primary storage storage
  • 9. CloudStack high availability CloudStack #1 Load balancedmysql #1 multi-node CloudStack Management Server #2mysql #2 Replicated database CloudStack for disaster recovery #3
  • 10. CloudStack Monolithic controller. DatacenterArchitecture model, not object storage.Installation Fewest parts to install. RPM needed.Administration Good web UI; a belated script CLISecurity Baseline vlan/firewall vm protectionHigh Availability Load-balanced multi-node controller
  • 11. CloudCloud Controller Walrus (CLC) Cluster StorageCluster Controller Controller(Availability Zone) (CC) (SC) VM VM VM VM VM VMNodes Node Node Node Controller Controller Controller
  • 12. Object storage Walrus S3 Storage Elastic BlockBlock storage Controller Storage (SC) (EBS)Command line EC2 API euca2oolsscripts tools
  • 13. Eucalyptus installationBuild physical network, storage nodes, hypervisorsOpen firewall ports on cloud component nodes (CLC to Walrus, CC to NC, etc)Setup yum/dpkg repositories (eucalyptus.repo)RPM/apt-get installation of eucalyptus componentsConfigure eucalyptus.confeuca_conf: create postgres dbRegister components and arbitratorsHA: configure DRBD
  • 14. Web UI does NOT control guest instances!Use euca2ools CLI instead. (Or RightScale/enStratus)
  • 15. ec2-add-keypair mykey ec2 API ec2-add-group grp1 ec2-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0 script ec2-run-instances ami-123456 --instance-count 1 --instance-type m1.small --key mykey --group grp1 euca2ools euca-add-keypair mykeyequivalent euca-add-group grp1 euca2ool euca-authorize grp1 -P tcp -p 22 -s 0.0.0.0/0 script euca-run-instances ami-123456 --instance-count 1 --instance-type m1.small --key mykey --group grp1
  • 16. Eucalyptus securityThe CloudStack baseline (VLAN, API PKI, VM SSH) …and… Component registration (since not monolithic)
  • 17. Eucalyptus high availability Primary/secondary CLC, Walrus, SC, CC NC and VM instances are disposable
  • 18. Eucalyptus high availability Failover, NOT load balancingEight controller machines at cloud/cluster level Storage redundancy relies on SAN vendor Arbitrators monitor connectivity to CLC, Walrus, CC
  • 19. EucalyptusArchitecture Five main components. AWS cloneInstallation Nice RPM/DEB, still medium effortAdministration Strong CLI compatible with EC2 APISecurity Baseline + component registration Primary/secondary componentHigh Availability failover
  • 20. OpenStack services horizon hypervisor swift-account nova-api VM swift-containerrabbit-mq nova-compute VM swift-object nova-volume VM VM swift-proxy nova-network rdbms VM nova-scheduler glance-control VM glance-registry keystone: identity, token, catalog, policy
  • 21. OpenStack installationBuild physical network, storage nodes, hypervisors SWIFT STORAGE setupKEYSTONE setup Do the following for each storage node. Install swift account, container, objectInstall keystone, reconfigure from sqlite to mysql Make XFS filesystem on each disk partitionManually create keystone database, init the service Configure rsyncDefine tenants, users, roles; run keystone-init.py Configure swift account, container, object serversDefine swift filter in keystone.conf Start storage servicesPopulate keystone service catalog from databaseVerify keystone with openssl SWIFT PROXY setupGLANCE setup Install swift proxy Create SSL certificateInstall glance, reconfigure from sqlite to mysql Configure memcached to listen on proxy local ip addressManually create glance database Configure keystone admin tokenConfigure glance-api-paste.ini, glance-registry.conf Create proxy server confPopulate glance database, restart services Run swift ring builder for account, container, objectVerify glance by uploading a test image rings Enumerate storage devices on each ringNOVA setup Verify and rebalance the rings Start proxy servicesInstall nova and dependenciesManually create nova database HORIZON setupConfigure hypervisor, database, keystone in nova.confPopulate nova database, restart services Install apache and horizon dashboardCreate nova network bridge interface for guest vms Manually create horizon databaseConfigure openrc file with CLI credentials Populate horizon databaseDownload real vm image, upload to glance registry Restart servicesDefine security group, keypair, start an instance
  • 22. OpenStack administration euca2ools work here! euca-run-instances ami-123456 --instance-count 1 --instance-type m1.small --key mykey --group grp1 OpenStack CLI nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey nova secgroup-create grp1 "my security group" nova secgroup-add-rule grp1 tcp 22 22 192.168.1.1/0 nova boot --flavor 2 --image f4addd24-4e8a-46bb- b15d-fae2591f1a35 --key_name mykey --security_group grp1 i-123456
  • 23. Keystone security (3) service request with token client service (6) authorized service response(1) authenticate (2) token (4) check token (5) authorize keystone
  • 24. which services offer HA? horizon hypervisor swift-account nova-api VM swift-containerrabbit-mq nova-compute VM swift-object nova-volume VM VM swift-proxy nova-network rdbms VM nova-scheduler glance-control VM glance-registry keystone: identity, token, catalog, policy
  • 25. which services offer HA? swift-accountrabbit-mq swift-container swift-object nova-network rdbms "The Ring": disk replication (not redundant service pids) Run one per hypervisor (i.e. you manage HA yourself)
  • 26. Swift: The Ring (HA) disk disk partition partition Z partition partition O partition partition N partition partition Eobject 12345 disk disk partition partition ZThree replicas of partition partition Oeach object. partition partition N partition partition E
  • 27. OpenStackArchitecture Fragmented into lots of piecesInstallation Difficult: many choices, not enough automationAdministration Web UI, euca2ools, native CLI.Security Baseline + KeystoneHigh Availability Swift Ring, otherwise manual effort
  • 28. summary
  • 29. CloudStack Eucalyptus OpenStackArchitecture Monolithic 5 part, AWS FragmentsInstallation Medium Medium DifficultAdministration UI, EC2 CLI EC2 CLI Multi CLISecurity Baseline Registered KeystoneHigh Availability LB multi 2x failover Swift only
  • 30. CloudStack vs OpenStack vs Eucalyptus IaaS Private Cloud Brief Comparison Daniel Kranowski Business Algorithms, LLC http://www.bizalgo.com October 1, 2012
  • 31. This has been the brief version of a longer presentation on IaaS. For extra analysis regarding IaaS infrastructure, security, code,system compatibility and more, please contact Daniel Kranowski.